From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20073.outbound.protection.outlook.com [40.107.2.73]) by sourceware.org (Postfix) with ESMTPS id 92FDB39E1010 for ; Fri, 17 Jul 2020 14:52:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 92FDB39E1010 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/hQ+9p0JT2t4HuXCaxPdzRSti+N5laISKCNjd0xmGzI=; b=qJYTKIDoJcSGI3yKLLB9FrOgbtywFnH8TzM9y1cFFVbmZcsm7pK2Ex71KTCkaDAlxcPBncu0vmtNSvjMWcYZTYUW2hTGQ2GwzdRvH0gVk95PWIsARFmO89m3Wd3JBEgug+p9qKilAGnuuZeFhpYjiysgZR/XqZKsIdrRifTgbtk= Received: from AM5PR0402CA0012.eurprd04.prod.outlook.com (2603:10a6:203:90::22) by VI1PR0801MB2047.eurprd08.prod.outlook.com (2603:10a6:800:83::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.22; Fri, 17 Jul 2020 14:52:27 +0000 Received: from VE1EUR03FT010.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:90:cafe::8a) by AM5PR0402CA0012.outlook.office365.com (2603:10a6:203:90::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.18 via Frontend Transport; Fri, 17 Jul 2020 14:52:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT010.mail.protection.outlook.com (10.152.18.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.18 via Frontend Transport; Fri, 17 Jul 2020 14:52:27 +0000 Received: ("Tessian outbound 1dc58800d5dd:v62"); Fri, 17 Jul 2020 14:52:27 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: a7a4cbba63c6a260 X-CR-MTA-TID: 64aa7808 Received: from fbab568aba42.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3424F0F8-DFAE-44FD-BED5-377219EA4DD1.1; Fri, 17 Jul 2020 14:52:22 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id fbab568aba42.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 17 Jul 2020 14:52:22 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kFUJQwx0Xl9qTK/IAZbMIQBmosW0CwwGZV87mYfpsb0XBaHilVG6nwh83Os8p+SgXM0CQrfgNs9n20q+gYsfWf/tzlr8K+3s9SNHce3k2P9Gxm6rZ+sJy9VnmDO+UF7dR4WNgFC0vli20v+UsABxtw8h+Z89Oc7n3NBdM+Nn0x4/+AaggLSMydvYVtQAOpGHwuPITR0mtRW6Ps8eS9VUrs6mNT7ul22whedSKSmja8VVPa5LWAo0qtSPRraoOae98Cr6piH3Xb5NQ7c6QVYHRTMEqZaBtndrPK2ubJwjGRkEoegb+SEevTfrykcNqFNdrUldvhmP0u+DABdDT6U/uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/hQ+9p0JT2t4HuXCaxPdzRSti+N5laISKCNjd0xmGzI=; b=hpOa3N9IYvLbs42xOdddp+uOLV5E9uBzEg6dKvnskUYBGrwNT76ZDK9tWXQds+l3fu+gyzaS5htD+UAEI+YVvyy6haQG4JUxrLGdSxwCBDd1MD/85yp7bhFpYJhTTDIl16Q86osv6Qs9JJHx5DX/fBs2Oloa+I3+VVaGBtKJ7R7qPi5KIMxR0lLP6xhOZfjsmUsmZ01cwivlcMSD70n1Mh7xjNW6fusIyIDjkREWEu2u5KlDVca6uJZFNpSMdStOJ+qiG/mxRCbTaB/pwcqL3C43SjG8tzhbm4cPQNZFBpLxuxWYsLqv2ypVrrP0hpSBcM0NFEtn08RK+7zl4Ha/CQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/hQ+9p0JT2t4HuXCaxPdzRSti+N5laISKCNjd0xmGzI=; b=qJYTKIDoJcSGI3yKLLB9FrOgbtywFnH8TzM9y1cFFVbmZcsm7pK2Ex71KTCkaDAlxcPBncu0vmtNSvjMWcYZTYUW2hTGQ2GwzdRvH0gVk95PWIsARFmO89m3Wd3JBEgug+p9qKilAGnuuZeFhpYjiysgZR/XqZKsIdrRifTgbtk= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB5142.eurprd08.prod.outlook.com (2603:10a6:20b:d4::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21; Fri, 17 Jul 2020 14:52:21 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3174.027; Fri, 17 Jul 2020 14:52:21 +0000 Date: Fri, 17 Jul 2020 15:52:19 +0100 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: Re: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI Message-ID: <20200717145218.GE7127@arm.com> References: <20200715154444.GA26693@arm.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200715154444.GA26693@arm.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-ClientProxiedBy: LO3P265CA0014.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:bb::19) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from arm.com (217.140.106.53) by LO3P265CA0014.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:bb::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.19 via Frontend Transport; Fri, 17 Jul 2020 14:52:20 +0000 X-Originating-IP: [217.140.106.53] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6bf321a5-0723-4847-fdce-08d82a610614 X-MS-TrafficTypeDiagnostic: AM6PR08MB5142:|VI1PR0801MB2047: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:2803;OLM:2803; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: HKWz0cZngWks5eHK8SDg5Zm6wZYwgZCRvdwr8AqJipCVRMVWEIA7L/gqx5GHTtOQ+tqvSGIjgxokb4w0AmfBKaBJKHLVSy+1+GuLA2pzTng81RqFZOMpKh8dmE90Hq447i3gWuq8XFwrnSANDzW8V1GVGxw75OXyqe8+MTMYZopnTS+HkxLy/nRZVhq3Q4zDSB/ICJXVQhT5ZNiIAishTLPcXvOal3tKJlKLE8pcFFBJgzUxT56iXTpxHc8cEIdP9Vw+WmiC3Q0XK3et3c0BO5XQsaf3wYSebcGeztlj+13K+A7OBvtRMLNFu+7IZP376CLhpG3pw8aq5J26ocPMhw== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(346002)(366004)(396003)(376002)(2906002)(36756003)(8886007)(316002)(26005)(83380400001)(7696005)(8676002)(16526019)(186003)(55016002)(53546011)(8936002)(52116002)(478600001)(44832011)(1076003)(6916009)(33656002)(956004)(2616005)(66946007)(66476007)(66556008)(86362001)(5660300002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: W4IW/zxPMVpMAMuCL3Y8mTCI5erfsLvVE4OrnAWs3QnLF2pM7C+Snplxon0UlnvGT0NaK432usIMeBCAxTNyy5e8FPi8KxcZY1NLFVjtyyLg5DKr5lY0H1/PoqSxdoF5Jw9XOWJ2VCYn/KFntCHsfMTb12t1oFc9ufGz8fbWoup6L3sl/Z2uthk5hvfREduSmid4O42zFJnlpv4RBLsofj8h6v4AhhPYG1DPBqLJ6XagXqIbhWFpCN2K4PyU1IXhNGVktqyOC5qM3crn3YDXO8NUUmWM47PwmhXmiFz28LYdJRpn7CBfCpQdJCu9EZM1YdXDb0wLvWXR9HwB5onMBl52VKDHjAMvvKjHfbGdbkKO4nNlGQ42W7ddMOQzxSp3b5C5wYnCEZITPLnTVqM/zeR9G6jHP0AZ83VjJRHYp22xeT2GnAYtiMvhMjPtwJavasgBSQ2gEaeRN0jVh7tJLY29/cjVBGKXV5uOoRhOKnxTc5XNimk/AzZtbJJb9u1R X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5142 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT010.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(346002)(376002)(39860400002)(46966005)(336012)(70206006)(70586007)(33656002)(8936002)(7696005)(2616005)(1076003)(356005)(36756003)(478600001)(86362001)(81166007)(82740400003)(82310400002)(16526019)(186003)(26005)(316002)(44832011)(8886007)(36906005)(956004)(83380400001)(2906002)(8676002)(53546011)(47076004)(5660300002)(55016002)(6916009); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: beaf925d-c40d-43fa-3696-08d82a610235 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2FuvTi/F30T+JlXSNQJeOlhBNBciHyoSPeu7cFweZVLqJCLoJJtiJhay3LDnIEqc0qOhkWklCVBEZddltHHaV0I/Gw2bHb1GeljIgHMVDck340YOhIYk3+Qfr367+/iZ7OhkrTfh0/2+PCYiFHBcWRc8ZjctrZuu2Q9EcukOZw+loOnRUXXLynZuzOv+GcDo5OXfGqt2RAfIVSAQd8Or8jPsjL3eNuIpq4GdVDw0lpiNJwHPVFMwZuR24I4pbO5na+GQQkai6PalwEK6i235sMqV7wRyDl5m1zpzD4A2WOpAVFkXuxO/wO3BNDpTR4IYwzjwNV40r+3DCz4G97XNrJKyKfgfTBaMaUjEt1MBEQMoE0G7X4J9LCw4/2XF0i2otL2pahf4gmO0dkmotRNMCQ== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2020 14:52:27.3999 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6bf321a5-0723-4847-fdce-08d82a610614 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT010.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2047 X-Spam-Status: No, score=-15.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 14:52:31 -0000 The 07/15/2020 16:44, Szabolcs Nagy wrote: > i'd like to commit the attached patch for 2.32 ping. or can i commit such a patch as a bug fix? > From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001 > From: Szabolcs Nagy > Date: Mon, 13 Jul 2020 11:28:18 +0100 > Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI > > Use PROT_READ and PROT_WRITE according to the load segment p_flags > when adding PROT_BTI. > > This is before processing relocations which may drop PROT_BTI in > case of textrels. Executable stacks are not protected via PROT_BTI > either. PROT_BTI is hardening in case memory corruption happened, > it's value is reduced if there is writable and executable memory > available so missing it on such memory is fine, but we should > respect the p_flags and should not drop PROT_WRITE. > --- > sysdeps/aarch64/dl-bti.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c > index 965ddcc732..196e462520 100644 > --- a/sysdeps/aarch64/dl-bti.c > +++ b/sysdeps/aarch64/dl-bti.c > @@ -24,13 +24,20 @@ static int > enable_bti (struct link_map *map, const char *program) > { > const ElfW(Phdr) *phdr; > - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI; > + unsigned prot; > > for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr) > if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X)) > { > void *start = (void *) (phdr->p_vaddr + map->l_addr); > size_t len = phdr->p_memsz; > + > + prot = PROT_EXEC | PROT_BTI; > + if (phdr->p_flags & PF_R) > + prot |= PROT_READ; > + if (phdr->p_flags & PF_W) > + prot |= PROT_WRITE; > + > if (__mprotect (start, len, prot) < 0) > { > if (program) > -- > 2.17.1 > --