[Skiboot] [PATCH] opal-prd: handle devtmpfs mounted with noexec
Vasant Hegde
hegdevasant at linux.vnet.ibm.com
Wed Oct 14 00:06:50 AEDT 2020
On 10/13/20 2:59 AM, Georgy Yakovlev wrote:
> On systems using recent versions of systemd
> /dev (devtmpfs) is mounted with noexec option.
> Such mount prevents mapping HBRT image code region as RWX from /dev.
> This commit, as suggested in github PR linked below,
> attempts to work around the situation by copying
> HBRT image to anon mmaped memory region and
> sets mprotect rwx on it, allowing opal-prd to sucessfully
> execute the code region.
>
> Having memory region set as RWX is not ideal for security,
> but fixing that is a separate and hard to solve problem.
> Original code also mmaped region as RWX, so this PR does not
> make things worse at least.
>
> Closes: https://github.com/open-power/skiboot/issues/258
> Signed-off-by: Georgy Yakovlev <gyakovlev at gentoo.org>
Thank you for the fix.Looks good to me.
Reviewed-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
-Vasant
More information about the Skiboot
mailing list