PAN is broken for execute-only user mappings on ARMv8

Bug #1858815 reported by Tyler Hicks on 2020-01-08
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Focal
Bionic
High
Tyler Hicks
Disco
High
Tyler Hicks
Eoan
High
Tyler Hicks
Focal
High
Tyler Hicks

Bug Description

[Impact]

It was discovered that upstream kernel commit cab15ce604e5 ("arm64: Introduce execute-only page access permissions"), which introduced execute-only user mappings, subverted the Privileged Access Never protections.

The fix is to effectively revert commit cab15ce604e5. This is done in upstream kernel commit 24cecc377463 ("arm64: Revert support for execute-only user mappings").

[Test Case]

I'm not aware of any PAN test cases. Booting our arm64 kernels on an ARMv8 device and running through our typical regression tests is probably the best we can do at this time.

[Regression Potential]

Touching the page handling code always carries significant risk. However, the fix is simply reverting the change that added the execute-only user mappings feature in v4.9.

Tyler Hicks (tyhicks) on 2020-01-08
Changed in linux (Ubuntu Eoan):
status: New → Triaged
Changed in linux (Ubuntu Disco):
status: New → Triaged
Changed in linux (Ubuntu Bionic):
status: New → Triaged
Changed in linux (Ubuntu Eoan):
importance: Undecided → High
Changed in linux (Ubuntu Disco):
importance: Undecided → High
Changed in linux (Ubuntu Bionic):
importance: Undecided → High
Tyler Hicks (tyhicks) on 2020-01-08
Changed in linux (Ubuntu Bionic):
status: Triaged → In Progress
Changed in linux (Ubuntu Disco):
status: Triaged → In Progress
Changed in linux (Ubuntu Eoan):
status: Triaged → In Progress
Changed in linux (Ubuntu Focal):
status: Triaged → In Progress
Changed in linux (Ubuntu Disco):
assignee: nobody → Tyler Hicks (tyhicks)
Changed in linux (Ubuntu Bionic):
assignee: nobody → Tyler Hicks (tyhicks)
Changed in linux (Ubuntu Eoan):
assignee: nobody → Tyler Hicks (tyhicks)
Changed in linux (Ubuntu Focal):
assignee: nobody → Tyler Hicks (tyhicks)
Tyler Hicks (tyhicks) on 2020-01-08
description: updated
Marcelo Cerri (mhcerri) on 2020-01-08
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-disco

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-eoan' to 'verification-done-eoan'. If the problem still exists, change the tag 'verification-needed-eoan' to 'verification-failed-eoan'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-eoan
tags: added: verification-needed-bionic

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers