"bbd99922d0f4518518282217159666c679c6a0d1" (history) in projects: linux

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:bbd99922d0f4518518282217159666c679c6a0d1 (Results 1 – 3 of 3) sorted by relevance

/linux/arch/powerpc/kernel/
H A D	dexcr.c	bbd99922d0f4518518282217159666c679c6a0d1 Wed Apr 17 13:23:19 CEST 2024 Benjamin Gray <bgray@linux.ibm.com> powerpc/dexcr: Reset DEXCR value across exec Inheriting the DEXCR across exec can have security and usability concerns. If a program is compiled with hash instructions it generally expects to run with NPHIE enabled. But if the parent process disables NPHIE then if it's not careful it will be disabled for any children too and the protection offered by hash checks is basically worthless. This patch introduces a per-process reset value that new execs in a particular process tree are initialized with. This enables fine grained control over what DEXCR value child processes run with by default. For example, containers running legacy binaries that expect hash instructions to act as NOPs could configure the reset value of the container root to control the default reset value for all members of the container. Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> [mpe: Add missing SPDX tag on dexcr.c] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://msgid.link/20240417112325.728010-4-bgray@linux.ibm.com
H A D	Makefile	diff bbd99922d0f4518518282217159666c679c6a0d1 Wed Apr 17 13:23:19 CEST 2024 Benjamin Gray <bgray@linux.ibm.com> powerpc/dexcr: Reset DEXCR value across exec Inheriting the DEXCR across exec can have security and usability concerns. If a program is compiled with hash instructions it generally expects to run with NPHIE enabled. But if the parent process disables NPHIE then if it's not careful it will be disabled for any children too and the protection offered by hash checks is basically worthless. This patch introduces a per-process reset value that new execs in a particular process tree are initialized with. This enables fine grained control over what DEXCR value child processes run with by default. For example, containers running legacy binaries that expect hash instructions to act as NOPs could configure the reset value of the container root to control the default reset value for all members of the container. Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> [mpe: Add missing SPDX tag on dexcr.c] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://msgid.link/20240417112325.728010-4-bgray@linux.ibm.com
/linux/arch/powerpc/include/asm/
H A D	processor.h	diff bbd99922d0f4518518282217159666c679c6a0d1 Wed Apr 17 13:23:19 CEST 2024 Benjamin Gray <bgray@linux.ibm.com> powerpc/dexcr: Reset DEXCR value across exec Inheriting the DEXCR across exec can have security and usability concerns. If a program is compiled with hash instructions it generally expects to run with NPHIE enabled. But if the parent process disables NPHIE then if it's not careful it will be disabled for any children too and the protection offered by hash checks is basically worthless. This patch introduces a per-process reset value that new execs in a particular process tree are initialized with. This enables fine grained control over what DEXCR value child processes run with by default. For example, containers running legacy binaries that expect hash instructions to act as NOPs could configure the reset value of the container root to control the default reset value for all members of the container. Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> [mpe: Add missing SPDX tag on dexcr.c] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://msgid.link/20240417112325.728010-4-bgray@linux.ibm.com