ARM: software-based priviledged-no-access support

Provide a software-based implementation of the priviledged no access support found in ARMv8.1. Userspace pages are mapped using a different domain number from the kernel and IO mappings. If we switch the user domain to "no access" when we enter the kernel, we can prevent the kernel from touching userspace. However, the kernel needs to be able to access userspace via the various user accessor functions. With the wrapping in the previous patch, we can temporarily enable access when the kernel needs user access, and re-disable it afterwards. This allows us to trap non-intended accesses to userspace, eg, caused by an inadvertent dereference of the LIST_POISON* values, which, with appropriate user mappings setup, can be made to succeed. This in turn can allow use-after-free bugs to be further exploited than would otherwise be possible. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
author: Russell King <rmk+kernel@arm.linux.org.uk> 2015-08-19 15:40:41 -0400
committer: Russell King <rmk+kernel@arm.linux.org.uk> 2015-08-26 15:34:24 -0400
commit: a5e090acbf545c0a3b04080f8a488b17ec41fe02 (patch)
tree: ae603e2e67bcac0564b2eba0a7771f8c5cebf352 /arch/arm/Kconfig
parent: 2190fed67ba6f3e8129513929f2395843645e928 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index a750c1425c3a..e15d5ed4d5f1 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1694,6 +1694,21 @@ config HIGHPTE
        bool "Allocate 2nd-level pagetables from highmem"
        depends on HIGHMEM
+config CPU_SW_DOMAIN_PAN
+        bool "Enable use of CPU domains to implement privileged no-access"
+        depends on MMU && !ARM_LPAE
+        default y
+        help
+          Increase kernel security by ensuring that normal kernel accesses
+          are unable to access userspace addresses.  This can help prevent
+          use-after-free bugs becoming an exploitable privilege escalation
+          by ensuring that magic values (such as LIST_POISON) will always
+          fault when dereferenced.
+          CPUs with low-vector mappings use a best-efforts implementation.
+          Their lower 1MB needs to remain accessible for the vectors, but
+          the remainder of userspace will become appropriately inaccessible.
 config HW_PERF_EVENTS
        bool "Enable hardware performance counter support for perf events"
        depends on PERF_EVENTS
author	Russell King <rmk+kernel@arm.linux.org.uk>	2015-08-19 15:40:41 -0400
committer	Russell King <rmk+kernel@arm.linux.org.uk>	2015-08-26 15:34:24 -0400
commit	a5e090acbf545c0a3b04080f8a488b17ec41fe02 (patch)
tree	ae603e2e67bcac0564b2eba0a7771f8c5cebf352 /arch/arm/Kconfig
parent	2190fed67ba6f3e8129513929f2395843645e928 (diff)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index a750c1425c3a..e15d5ed4d5f1 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig
@@ -1694,6 +1694,21 @@ config HIGHPTE
1694	bool "Allocate 2nd-level pagetables from highmem"	1694	bool "Allocate 2nd-level pagetables from highmem"
1695	depends on HIGHMEM	1695	depends on HIGHMEM
1696		1696
		1697	config CPU_SW_DOMAIN_PAN
		1698	bool "Enable use of CPU domains to implement privileged no-access"
		1699	depends on MMU && !ARM_LPAE
		1700	default y
		1701	help
		1702	Increase kernel security by ensuring that normal kernel accesses
		1703	are unable to access userspace addresses. This can help prevent
		1704	use-after-free bugs becoming an exploitable privilege escalation
		1705	by ensuring that magic values (such as LIST_POISON) will always
		1706	fault when dereferenced.
		1707
		1708	CPUs with low-vector mappings use a best-efforts implementation.
		1709	Their lower 1MB needs to remain accessible for the vectors, but
		1710	the remainder of userspace will become appropriately inaccessible.
		1711
1697	config HW_PERF_EVENTS	1712	config HW_PERF_EVENTS
1698	bool "Enable hardware performance counter support for perf events"	1713	bool "Enable hardware performance counter support for perf events"
1699	depends on PERF_EVENTS	1714	depends on PERF_EVENTS