[PATCH v3 0/4] arm64: Enable BTI for the executable as well as the interpreter
Jeremy Linton
jeremy.linton at arm.com
Thu Jun 17 12:05:01 PDT 2021
Hi,
On 6/14/21 5:32 PM, Mark Brown wrote:
> Deployments of BTI on arm64 have run into issues interacting with
> systemd's MemoryDenyWriteExecute feature. Currently for dynamically
> linked executables the kernel will only handle architecture specific
> properties like BTI for the interpreter, the expectation is that the
> interpreter will then handle any properties on the main executable.
> For BTI this means remapping the executable segments PROT_EXEC |
> PROT_BTI.
>
> This interacts poorly with MemoryDenyWriteExecute since that is
> implemented using a seccomp filter which prevents setting PROT_EXEC on
> already mapped memory and lacks the context to be able to detect that
> memory is already mapped with PROT_EXEC. This series resolves this by
> handling the BTI property for both the interpreter and the main
> executable.
>
> This does mean that we may get more code with BTI enabled if running on
> a system without BTI support in the dynamic linker, this is expected to
> be a safe configuration and testing seems to confirm that. It also
> reduces the flexibility userspace has to disable BTI but it is expected
> that for cases where there are problems which require BTI to be disabled
> it is more likely that it will need to be disabled on a system level.
It looks like its working as expected now (the previously detailed test
is now failing) in a MDWE enviroment, and the smaps/etc looks as
expected too.
Thanks for fixing this!
tested-by: Jeremy Linton <jeremy.linton at arm.com>
>
> v3:
> - Fix passing of properties for parsing by the main executable.
> - Drop has_interp from arch_parse_elf_property().
> - Coding style tweaks.
> v2:
> - Add a patch dropping has_interp from arch_adjust_elf_prot()
> - Fix bisection issue with static executables on arm64 in the first
> patch.
>
> Mark Brown (4):
> elf: Allow architectures to parse properties on the main executable
> arm64: Enable BTI for main executable as well as the interpreter
> elf: Remove has_interp property from arch_adjust_elf_prot()
> elf: Remove has_interp property from arch_parse_elf_property()
>
> arch/arm64/include/asm/elf.h | 13 ++++++++++---
> arch/arm64/kernel/process.c | 23 +++++++++++------------
> fs/binfmt_elf.c | 33 ++++++++++++++++++++++++---------
> include/linux/elf.h | 8 +++++---
> 4 files changed, 50 insertions(+), 27 deletions(-)
>
>
> base-commit: c4681547bcce777daf576925a966ffa824edd09d
>
More information about the linux-arm-kernel
mailing list