[PATCH] arm64: bti: Set PROT_BTI on all BTI executables mapped by the kernel
Catalin Marinas
catalin.marinas at arm.com
Fri Feb 5 12:51:29 EST 2021
On Fri, Feb 05, 2021 at 05:38:37PM +0000, Mark Brown wrote:
> Currently for dynamically linked executables the kernel only enables
> PROT_BTI for the interpreter, the interpreter is responsible for
> enabling it for everything else including the main executable.
> Unfortunately this interacts poorly with systemd's
> MemoryDenyWriteExecute feature which uses a seccomp filter to prevent
> setting PROT_EXEC on already mapped memory via mprotect(), it lacks the
> context to detect that PROT_EXEC is already set and so refuses to allow
> the mprotect() on the main executable which the kernel has already
> mapped.
>
> Since we don't want to force users to choose between having MDWX and BTI
> as these are othogonal features have the kernel enable PROT_BTI for all
> the ELF objects it loads, not just the dynamic linker. This means that
> if there is a problem with BTI it will be harder to disable at the
> executable level but we currently have no conditional support for this
> in any libc anyway so that would be new development. Ideally we would
> have interfaces that allowed us to more clearly specify what is enabled
> and disabled by a given syscall but this would be a far more difficult
> change to deploy.
>
> Reported-by: Jeremy Linton <jeremy.linton at arm.com>
> Suggested-by: Catalin Marinas <catalin.marinas at arm.com>
> Signed-off-by: Mark Brown <broonie at kernel.org>
> Cc: Mark Rutland <mark.rutland at arm.com>
> Cc: Szabolcs Nagy <szabolcs.nagy at arm.com>
> Cc: Dave Martin <dave.martin at arm.com>
> Cc: Kees Cook <keescook at chromium.org>
> Cc: libc-alpha at sourceware.org
Thanks Mark for putting the patch together. You may want to add a
reference to some of the discussions around the ABI, one of them:
Link: https://lore.kernel.org/r/20201207200338.GB24625@arm.com/
(so we can keep Szabolcs accountable if something breaks ;))
For this patch:
Reviewed-by: Catalin Marinas <catalin.marinas at arm.com>
I wouldn't merge it as a fix yet but I'm ok with getting in 5.12 if Will
is ok. It would give us some time to revert.
--
Catalin
More information about the linux-arm-kernel
mailing list