[Bug 1858815] [NEW] PAN is broken for execute-only user mappings on ARMv8

Wed, 08 Jan 2020 08:11:07 -0800 

*** This bug is a security vulnerability ***

Public security bug reported:

[Impact]

It was discovered that upstream kernel commit cab15ce604e5 ("arm64:
Introduce execute-only page access permissions"), which introduced
execute-only user mappings, subverted the Privileged Access Never
protections.

The fix is to effectively revert commit cab15ce604e5. This is done in
upstream kernel commit 24cecc377463 ("arm64: Revert support for execute-
only user mappings").

[Test Case]

I'm not aware of any PAN test cases. Booting our arm64 kernels on an
ARMv8 device and running through our typical regression tests are
probably the best we can do at this time.

[Regression Potential]

Touching the page handling code always carries significant risk.
However, the fix is simply reverting the change that added the execute-
only user mappings feature in v4.9.

** Affects: linux (Ubuntu)
     Importance: High
         Status: Triaged

** Affects: linux (Ubuntu Bionic)
     Importance: High
         Status: Triaged

** Affects: linux (Ubuntu Disco)
     Importance: High
         Status: Triaged

** Affects: linux (Ubuntu Eoan)
     Importance: High
         Status: Triaged

** Affects: linux (Ubuntu Focal)
     Importance: High
         Status: Triaged

** Also affects: linux (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Focal)
   Importance: High
       Status: Triaged

** Also affects: linux (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Eoan)
       Status: New => Triaged

** Changed in: linux (Ubuntu Disco)
       Status: New => Triaged

** Changed in: linux (Ubuntu Bionic)
       Status: New => Triaged

** Changed in: linux (Ubuntu Eoan)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Disco)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1858815

Title:
  PAN is broken for execute-only user mappings on ARMv8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1858815/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to