[PATCH v7 0/4] arm64: Enable BTI for the executable as well as the interpreter
Szabolcs Nagy
szabolcs.nagy at arm.com
Tue Jan 18 03:22:11 PST 2022
The 01/17/2022 11:01, H.J. Lu via Libc-alpha wrote:
> We are taking a different approach for CET enabling. CET will be
> changed to be enabled from user space:
>
> https://gitlab.com/x86-glibc/glibc/-/tree/users/hjl/cet/enable
>
> and the CET kernel no longer enables CET automatically:
>
> https://github.com/hjl-tools/linux/tree/hjl/cet%2F5.16.0-v4
we considered userspace handling of BTI in static exe
and ld.so too. at the time we wanted the protection to
be on whenever BTI marked code is executed, so it has
to be enabled at program entry.
i no longer think that the entry code protection is very
important, but delaying mprotect for static exe does
not fix our mprotect(*|PROT_EXEC) problem with systemd.
i also don't immediately see where you deal with shadow
stack allocation for the main stack if it is userspace
enabled, i expected that to require kernel assistance
if you want the main stack protected all the way up.
More information about the linux-arm-kernel
mailing list