diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index c383625ec02c..0861a6f5ee4a 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1498,6 +1498,34 @@ config COMPAT If you want to execute 32-bit userspace applications, say Y. +config KUSER_HELPERS + bool "Enable kuser helpers page for 32 bit applications." + depends on COMPAT + default y + help + Warning: disabling this option may break 32-bit user programs. + + Provide kuser helpers to compat tasks. The kernel provides + helper code to userspace in read only form at a fixed location + to allow userspace to be independent of the CPU type fitted to + the system. This permits binaries to be run on ARMv4 through + to ARMv8 without modification. + + See Documentation/arm/kernel_user_helpers.txt for details. + + However, the fixed address nature of these helpers can be used + by ROP (return orientated programming) authors when creating + exploits. + + If all of the binaries and libraries which run on your platform + are built specifically for your platform, and make no use of + these helpers, then you can turn this option off to hinder + such exploits. However, in that case, if a binary or library + relying on those helpers is run, it will not function correctly. + + Say N here only if you are absolutely certain that you do not + need these helpers; otherwise, the safe option is to say Y. + config SYSVIPC_COMPAT def_bool y depends on COMPAT && SYSVIPC diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index c18c34d56029..9e7dcb2c31c7 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -27,8 +27,9 @@ OBJCOPYFLAGS := --prefix-symbols=__efistub_ $(obj)/%.stub.o: $(obj)/%.o FORCE $(call if_changed,objcopy) -obj-$(CONFIG_COMPAT) += sys32.o kuser32.o signal32.o \ +obj-$(CONFIG_COMPAT) += sys32.o signal32.o \ sigreturn32.o sys_compat.o +obj-$(CONFIG_KUSER_HELPERS) += kuser32.o obj-$(CONFIG_FUNCTION_TRACER) += ftrace.o entry-ftrace.o obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_ARM64_MODULE_PLTS) += module-plts.o diff --git a/arch/arm64/kernel/kuser32.S b/arch/arm64/kernel/kuser32.S index c5f2bbafd723..49825e9e421e 100644 --- a/arch/arm64/kernel/kuser32.S +++ b/arch/arm64/kernel/kuser32.S @@ -6,10 +6,9 @@ * Copyright (C) 2005-2011 Nicolas Pitre * Copyright (C) 2012-2018 ARM Ltd. * - * Each segment is 32-byte aligned and will be moved to the top of the high - * vector page. New segments (if ever needed) must be added in front of - * existing ones. This mechanism should be used only for things that are - * really small and justified, and not be abused freely. + * The kuser helpers below are mapped at a fixed address by + * aarch32_setup_additional_pages() and are provided for compatibility + * reasons with 32 bit (aarch32) applications that need them. * * See Documentation/arm/kernel_user_helpers.txt for formal definitions. */ diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index 41f4d75bbc14..8074cbd3a3a8 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -74,6 +74,9 @@ static int aarch32_alloc_kuser_vdso_page(void) int kuser_sz = __kuser_helper_end - __kuser_helper_start; unsigned long vdso_page; + if (!IS_ENABLED(CONFIG_KUSER_HELPERS)) + return 0; + vdso_page = get_zeroed_page(GFP_ATOMIC); if (!vdso_page) return -ENOMEM; @@ -112,6 +115,9 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; + if (!IS_ENABLED(CONFIG_KUSER_HELPERS)) + return 0; + /* * Avoid VM_MAYWRITE for compatibility with arch/arm/, where it's * not safe to CoW the page containing the CPU exception vectors.