From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsz@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1944)
 id BC8DA3857C42; Fri, 24 Jul 2020 07:53:46 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BC8DA3857C42
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Szabolcs Nagy <nsz@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc] aarch64: Respect p_flags when protecting code with PROT_BTI
X-Act-Checkin: glibc
X-Git-Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 04726be814c6fd6d9cf974e15d684dd3ac1a180e
X-Git-Newrev: 7ebd114211dcd290efd54e610bbde0765bd7764c
Message-Id: <20200724075346.BC8DA3857C42@sourceware.org>
Date: Fri, 24 Jul 2020 07:53:46 +0000 (GMT)
X-BeenThere: glibc-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-cvs mailing list <glibc-cvs.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-cvs/>
List-Help: <mailto:glibc-cvs-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 07:53:46 -0000

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7ebd114211dcd290efd54e610bbde0765bd7764c

commit 7ebd114211dcd290efd54e610bbde0765bd7764c
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Mon Jul 13 11:28:18 2020 +0100

    aarch64: Respect p_flags when protecting code with PROT_BTI
    
    Use PROT_READ and PROT_WRITE according to the load segment p_flags
    when adding PROT_BTI.
    
    This is before processing relocations which may drop PROT_BTI in
    case of textrels.  Executable stacks are not protected via PROT_BTI
    either.  PROT_BTI is hardening in case memory corruption happened,
    it's value is reduced if there is writable and executable memory
    available so missing it on such memory is fine, but we should
    respect the p_flags and should not drop PROT_WRITE.

Diff:
---
 sysdeps/aarch64/dl-bti.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c
index 965ddcc732..196e462520 100644
--- a/sysdeps/aarch64/dl-bti.c
+++ b/sysdeps/aarch64/dl-bti.c
@@ -24,13 +24,20 @@ static int
 enable_bti (struct link_map *map, const char *program)
 {
   const ElfW(Phdr) *phdr;
-  unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI;
+  unsigned prot;
 
   for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr)
     if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X))
       {
 	void *start = (void *) (phdr->p_vaddr + map->l_addr);
 	size_t len = phdr->p_memsz;
+
+	prot = PROT_EXEC | PROT_BTI;
+	if (phdr->p_flags & PF_R)
+	  prot |= PROT_READ;
+	if (phdr->p_flags & PF_W)
+	  prot |= PROT_WRITE;
+
 	if (__mprotect (start, len, prot) < 0)
 	  {
 	    if (program)