* Greg KH gregkh@linuxfoundation.org:
On Fri, Nov 24, 2023 at 04:10:25PM +0100, Helge Deller wrote:
On 11/24/23 12:35, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 6.5-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.5.y git checkout FETCH_HEAD git cherry-pick -x 793838138c157d4c49f4fb744b170747e3dabf58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to 'stable@vger.kernel.org' --in-reply-to '2023112456-linked-nape-bf19@gregkh' --subject-prefix 'PATCH 6.5.y' HEAD^..
Possible dependencies:
793838138c15 ("prctl: Disable prctl(PR_SET_MDWE) on parisc") 24e41bf8a6b4 ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") 0da668333fb0 ("mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long")
Greg, I think the most clean solution is that you pull in this patch:
commit 24e41bf8a6b424c76c5902fb999e9eca61bdf83d Author: Florent Revest revest@chromium.org Date: Mon Aug 28 17:08:57 2023 +0200 mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
as well into 6.5-stable and 6.6-stable prior to applying my patch.
Florent, Kees and Catalin, do you see any issues if this patch ("mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl") is backported to 6.5 and 6.6 too? If yes, I'm happy to just send the trivial backport of my patch below...
Given that we need an explicit ack for adding mm: patches to the stable trees, I'll wait for that to happen here before adding it.
Sure!
Just in case we get a NAK, below is the backported patch of 793838138c157d4c49f4fb744b170747e3dabf58 which applies to 6.5-stable and 6.6-stable. Maybe you want to add it in the meantime?
Helge
From: Helge Deller deller@gmx.de Date: Sat, 18 Nov 2023 19:33:35 +0100 Subject: [PATCH] prctl: Disable prctl(PR_SET_MDWE) on parisc
systemd-254 tries to use prctl(PR_SET_MDWE) for it's MemoryDenyWriteExecute functionality, but fails on parisc which still needs executable stacks in certain combinations of gcc/glibc/kernel.
Disable prctl(PR_SET_MDWE) by returning -EINVAL for now on parisc, until userspace has catched up.
Signed-off-by: Helge Deller deller@gmx.de Co-developed-by: Linus Torvalds torvalds@linux-foundation.org Reported-by: Sam James sam@gentoo.org Closes: https://github.com/systemd/systemd/issues/29775 Tested-by: Sam James sam@gentoo.org Link: https://lore.kernel.org/all/875y2jro9a.fsf@gentoo.org/ Cc: stable@vger.kernel.org # v6.3+
diff --git a/kernel/sys.c b/kernel/sys.c index 2410e3999ebe..2fa67cd61685 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2377,6 +2377,10 @@ static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3, if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN)) return -EINVAL;
+ /* PARISC cannot allow mdwe as it needs writable stacks */ + if (IS_ENABLED(CONFIG_PARISC)) + return -EINVAL; + if (bits & PR_MDWE_REFUSE_EXEC_GAIN) set_bit(MMF_HAS_MDWE, ¤t->mm->flags); else if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags))