[PATCH] arm64: bti: Set PROT_BTI on all BTI executables mapped by the kernel

Will Deacon will at kernel.org
Mon Feb 8 07:44:51 EST 2021


On Fri, Feb 05, 2021 at 05:51:29PM +0000, Catalin Marinas wrote:
> On Fri, Feb 05, 2021 at 05:38:37PM +0000, Mark Brown wrote:
> > Currently for dynamically linked executables the kernel only enables
> > PROT_BTI for the interpreter, the interpreter is responsible for
> > enabling it for everything else including the main executable.
> > Unfortunately this interacts poorly with systemd's
> > MemoryDenyWriteExecute feature which uses a seccomp filter to prevent
> > setting PROT_EXEC on already mapped memory via mprotect(), it lacks the
> > context to detect that PROT_EXEC is already set and so refuses to allow
> > the mprotect() on the main executable which the kernel has already
> > mapped.
> > 
> > Since we don't want to force users to choose between having MDWX and BTI
> > as these are othogonal features have the kernel enable PROT_BTI for all
> > the ELF objects it loads, not just the dynamic linker.  This means that
> > if there is a problem with BTI it will be harder to disable at the
> > executable level but we currently have no conditional support for this
> > in any libc anyway so that would be new development.  Ideally we would
> > have interfaces that allowed us to more clearly specify what is enabled
> > and disabled by a given syscall but this would be a far more difficult
> > change to deploy.
> > 
> > Reported-by: Jeremy Linton <jeremy.linton at arm.com>
> > Suggested-by: Catalin Marinas <catalin.marinas at arm.com>
> > Signed-off-by: Mark Brown <broonie at kernel.org>
> > Cc: Mark Rutland <mark.rutland at arm.com>
> > Cc: Szabolcs Nagy <szabolcs.nagy at arm.com>
> > Cc: Dave Martin <dave.martin at arm.com>
> > Cc: Kees Cook <keescook at chromium.org>
> > Cc: libc-alpha at sourceware.org
> 
> Thanks Mark for putting the patch together. You may want to add a
> reference to some of the discussions around the ABI, one of them:
> 
> Link: https://lore.kernel.org/r/20201207200338.GB24625@arm.com/
> 
> (so we can keep Szabolcs accountable if something breaks ;))
> 
> For this patch:
> 
> Reviewed-by: Catalin Marinas <catalin.marinas at arm.com>
> 
> I wouldn't merge it as a fix yet but I'm ok with getting in 5.12 if Will
> is ok. It would give us some time to revert.

I'd like an Ack from Szabolcs before we queue this.

Will



More information about the linux-arm-kernel mailing list