[PATCH v3 0/4] arm64: Enable BTI for the executable as well as the interpreter

Jeremy Linton jeremy.linton at arm.com
Thu Jun 17 12:05:01 PDT 2021 

Hi,

On 6/14/21 5:32 PM, Mark Brown wrote:
> Deployments of BTI on arm64 have run into issues interacting with
> systemd's MemoryDenyWriteExecute feature.  Currently for dynamically
> linked executables the kernel will only handle architecture specific
> properties like BTI for the interpreter, the expectation is that the
> interpreter will then handle any properties on the main executable.
> For BTI this means remapping the executable segments PROT_EXEC |
> PROT_BTI.
> 
> This interacts poorly with MemoryDenyWriteExecute since that is
> implemented using a seccomp filter which prevents setting PROT_EXEC on
> already mapped memory and lacks the context to be able to detect that
> memory is already mapped with PROT_EXEC.  This series resolves this by
> handling the BTI property for both the interpreter and the main
> executable.
> 
> This does mean that we may get more code with BTI enabled if running on
> a system without BTI support in the dynamic linker, this is expected to
> be a safe configuration and testing seems to confirm that. It also
> reduces the flexibility userspace has to disable BTI but it is expected
> that for cases where there are problems which require BTI to be disabled
> it is more likely that it will need to be disabled on a system level.

It looks like its working as expected now (the previously detailed test 
is now failing) in a MDWE enviroment, and the smaps/etc looks as 
expected too.

Thanks for fixing this!

tested-by: Jeremy Linton <jeremy.linton at arm.com>


> 
> v3:
>   - Fix passing of properties for parsing by the main executable.
>   - Drop has_interp from arch_parse_elf_property().
>   - Coding style tweaks.
> v2:
>   - Add a patch dropping has_interp from arch_adjust_elf_prot()
>   - Fix bisection issue with static executables on arm64 in the first
>     patch.
> 
> Mark Brown (4):
>    elf: Allow architectures to parse properties on the main executable
>    arm64: Enable BTI for main executable as well as the interpreter
>    elf: Remove has_interp property from arch_adjust_elf_prot()
>    elf: Remove has_interp property from arch_parse_elf_property()
> 
>   arch/arm64/include/asm/elf.h | 13 ++++++++++---
>   arch/arm64/kernel/process.c  | 23 +++++++++++------------
>   fs/binfmt_elf.c              | 33 ++++++++++++++++++++++++---------
>   include/linux/elf.h          |  8 +++++---
>   4 files changed, 50 insertions(+), 27 deletions(-)
> 
> 
> base-commit: c4681547bcce777daf576925a966ffa824edd09d
>

More information about the linux-arm-kernel mailing list