[PATCH] arm64: bti: Set PROT_BTI on all BTI executables mapped by the kernel
Szabolcs Nagy
szabolcs.nagy at arm.com
Mon Feb 8 09:13:30 EST 2021
The 02/08/2021 12:44, Will Deacon wrote:
> On Fri, Feb 05, 2021 at 05:51:29PM +0000, Catalin Marinas wrote:
> > On Fri, Feb 05, 2021 at 05:38:37PM +0000, Mark Brown wrote:
> > > Currently for dynamically linked executables the kernel only enables
> > > PROT_BTI for the interpreter, the interpreter is responsible for
> > > enabling it for everything else including the main executable.
> > > Unfortunately this interacts poorly with systemd's
> > > MemoryDenyWriteExecute feature which uses a seccomp filter to prevent
> > > setting PROT_EXEC on already mapped memory via mprotect(), it lacks the
> > > context to detect that PROT_EXEC is already set and so refuses to allow
> > > the mprotect() on the main executable which the kernel has already
> > > mapped.
> > >
> > > Since we don't want to force users to choose between having MDWX and BTI
> > > as these are othogonal features have the kernel enable PROT_BTI for all
> > > the ELF objects it loads, not just the dynamic linker. This means that
> > > if there is a problem with BTI it will be harder to disable at the
> > > executable level but we currently have no conditional support for this
> > > in any libc anyway so that would be new development. Ideally we would
> > > have interfaces that allowed us to more clearly specify what is enabled
> > > and disabled by a given syscall but this would be a far more difficult
> > > change to deploy.
> > >
> > > Reported-by: Jeremy Linton <jeremy.linton at arm.com>
> > > Suggested-by: Catalin Marinas <catalin.marinas at arm.com>
> > > Signed-off-by: Mark Brown <broonie at kernel.org>
> > > Cc: Mark Rutland <mark.rutland at arm.com>
> > > Cc: Szabolcs Nagy <szabolcs.nagy at arm.com>
> > > Cc: Dave Martin <dave.martin at arm.com>
> > > Cc: Kees Cook <keescook at chromium.org>
> > > Cc: libc-alpha at sourceware.org
> >
> > Thanks Mark for putting the patch together. You may want to add a
> > reference to some of the discussions around the ABI, one of them:
> >
> > Link: https://lore.kernel.org/r/20201207200338.GB24625@arm.com/
> >
> > (so we can keep Szabolcs accountable if something breaks ;))
> >
> > For this patch:
> >
> > Reviewed-by: Catalin Marinas <catalin.marinas at arm.com>
> >
> > I wouldn't merge it as a fix yet but I'm ok with getting in 5.12 if Will
> > is ok. It would give us some time to revert.
>
> I'd like an Ack from Szabolcs before we queue this.
>
> Will
i'm ok with this in principle, but i will rerun
the glibc tests over night to be sure.
More information about the linux-arm-kernel
mailing list