* [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
@ 2020-07-15 15:44 Szabolcs Nagy
2020-07-17 14:52 ` Szabolcs Nagy
0 siblings, 1 reply; 4+ messages in thread
From: Szabolcs Nagy @ 2020-07-15 15:44 UTC (permalink / raw)
To: libc-alpha
[-- Attachment #1: Type: text/plain, Size: 47 bytes --]
i'd like to commit the attached patch for 2.32
[-- Attachment #2: 0001-aarch64-Respect-p_flags-when-protecting-code-with-PR.patch --]
[-- Type: text/x-diff, Size: 1588 bytes --]
From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001
From: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Mon, 13 Jul 2020 11:28:18 +0100
Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
Use PROT_READ and PROT_WRITE according to the load segment p_flags
when adding PROT_BTI.
This is before processing relocations which may drop PROT_BTI in
case of textrels. Executable stacks are not protected via PROT_BTI
either. PROT_BTI is hardening in case memory corruption happened,
it's value is reduced if there is writable and executable memory
available so missing it on such memory is fine, but we should
respect the p_flags and should not drop PROT_WRITE.
---
sysdeps/aarch64/dl-bti.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c
index 965ddcc732..196e462520 100644
--- a/sysdeps/aarch64/dl-bti.c
+++ b/sysdeps/aarch64/dl-bti.c
@@ -24,13 +24,20 @@ static int
enable_bti (struct link_map *map, const char *program)
{
const ElfW(Phdr) *phdr;
- unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI;
+ unsigned prot;
for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr)
if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X))
{
void *start = (void *) (phdr->p_vaddr + map->l_addr);
size_t len = phdr->p_memsz;
+
+ prot = PROT_EXEC | PROT_BTI;
+ if (phdr->p_flags & PF_R)
+ prot |= PROT_READ;
+ if (phdr->p_flags & PF_W)
+ prot |= PROT_WRITE;
+
if (__mprotect (start, len, prot) < 0)
{
if (program)
--
2.17.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
2020-07-15 15:44 [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI Szabolcs Nagy
@ 2020-07-17 14:52 ` Szabolcs Nagy
2020-07-23 12:17 ` Szabolcs Nagy
0 siblings, 1 reply; 4+ messages in thread
From: Szabolcs Nagy @ 2020-07-17 14:52 UTC (permalink / raw)
To: libc-alpha
The 07/15/2020 16:44, Szabolcs Nagy wrote:
> i'd like to commit the attached patch for 2.32
ping.
or can i commit such a patch as a bug fix?
> From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001
> From: Szabolcs Nagy <szabolcs.nagy@arm.com>
> Date: Mon, 13 Jul 2020 11:28:18 +0100
> Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
>
> Use PROT_READ and PROT_WRITE according to the load segment p_flags
> when adding PROT_BTI.
>
> This is before processing relocations which may drop PROT_BTI in
> case of textrels. Executable stacks are not protected via PROT_BTI
> either. PROT_BTI is hardening in case memory corruption happened,
> it's value is reduced if there is writable and executable memory
> available so missing it on such memory is fine, but we should
> respect the p_flags and should not drop PROT_WRITE.
> ---
> sysdeps/aarch64/dl-bti.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c
> index 965ddcc732..196e462520 100644
> --- a/sysdeps/aarch64/dl-bti.c
> +++ b/sysdeps/aarch64/dl-bti.c
> @@ -24,13 +24,20 @@ static int
> enable_bti (struct link_map *map, const char *program)
> {
> const ElfW(Phdr) *phdr;
> - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI;
> + unsigned prot;
>
> for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr)
> if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X))
> {
> void *start = (void *) (phdr->p_vaddr + map->l_addr);
> size_t len = phdr->p_memsz;
> +
> + prot = PROT_EXEC | PROT_BTI;
> + if (phdr->p_flags & PF_R)
> + prot |= PROT_READ;
> + if (phdr->p_flags & PF_W)
> + prot |= PROT_WRITE;
> +
> if (__mprotect (start, len, prot) < 0)
> {
> if (program)
> --
> 2.17.1
>
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
2020-07-17 14:52 ` Szabolcs Nagy
@ 2020-07-23 12:17 ` Szabolcs Nagy
2020-07-23 21:25 ` Carlos O'Donell
0 siblings, 1 reply; 4+ messages in thread
From: Szabolcs Nagy @ 2020-07-23 12:17 UTC (permalink / raw)
To: libc-alpha
The 07/17/2020 15:52, Szabolcs Nagy wrote:
> The 07/15/2020 16:44, Szabolcs Nagy wrote:
> > i'd like to commit the attached patch for 2.32
>
> ping.
>
> or can i commit such a patch as a bug fix?
Carlos, is there any particular reason this is not approved for 2.32?
> > From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001
> > From: Szabolcs Nagy <szabolcs.nagy@arm.com>
> > Date: Mon, 13 Jul 2020 11:28:18 +0100
> > Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
> >
> > Use PROT_READ and PROT_WRITE according to the load segment p_flags
> > when adding PROT_BTI.
> >
> > This is before processing relocations which may drop PROT_BTI in
> > case of textrels. Executable stacks are not protected via PROT_BTI
> > either. PROT_BTI is hardening in case memory corruption happened,
> > it's value is reduced if there is writable and executable memory
> > available so missing it on such memory is fine, but we should
> > respect the p_flags and should not drop PROT_WRITE.
> > ---
> > sysdeps/aarch64/dl-bti.c | 9 ++++++++-
> > 1 file changed, 8 insertions(+), 1 deletion(-)
> >
> > diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c
> > index 965ddcc732..196e462520 100644
> > --- a/sysdeps/aarch64/dl-bti.c
> > +++ b/sysdeps/aarch64/dl-bti.c
> > @@ -24,13 +24,20 @@ static int
> > enable_bti (struct link_map *map, const char *program)
> > {
> > const ElfW(Phdr) *phdr;
> > - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI;
> > + unsigned prot;
> >
> > for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr)
> > if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X))
> > {
> > void *start = (void *) (phdr->p_vaddr + map->l_addr);
> > size_t len = phdr->p_memsz;
> > +
> > + prot = PROT_EXEC | PROT_BTI;
> > + if (phdr->p_flags & PF_R)
> > + prot |= PROT_READ;
> > + if (phdr->p_flags & PF_W)
> > + prot |= PROT_WRITE;
> > +
> > if (__mprotect (start, len, prot) < 0)
> > {
> > if (program)
> > --
> > 2.17.1
> >
>
>
> --
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
2020-07-23 12:17 ` Szabolcs Nagy
@ 2020-07-23 21:25 ` Carlos O'Donell
0 siblings, 0 replies; 4+ messages in thread
From: Carlos O'Donell @ 2020-07-23 21:25 UTC (permalink / raw)
To: Szabolcs Nagy, libc-alpha
On 7/23/20 8:17 AM, Szabolcs Nagy wrote:
> The 07/17/2020 15:52, Szabolcs Nagy wrote:
>> The 07/15/2020 16:44, Szabolcs Nagy wrote:
>>> i'd like to commit the attached patch for 2.32
>>
>> ping.
>>
>> or can i commit such a patch as a bug fix?
>
> Carlos, is there any particular reason this is not approved for 2.32?
No, I missed it in my review.
OK for 2.32.
>>> From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001
>>> From: Szabolcs Nagy <szabolcs.nagy@arm.com>
>>> Date: Mon, 13 Jul 2020 11:28:18 +0100
>>> Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
>>>
>>> Use PROT_READ and PROT_WRITE according to the load segment p_flags
>>> when adding PROT_BTI.
>>>
>>> This is before processing relocations which may drop PROT_BTI in
>>> case of textrels. Executable stacks are not protected via PROT_BTI
>>> either. PROT_BTI is hardening in case memory corruption happened,
>>> it's value is reduced if there is writable and executable memory
>>> available so missing it on such memory is fine, but we should
>>> respect the p_flags and should not drop PROT_WRITE.
>>> ---
>>> sysdeps/aarch64/dl-bti.c | 9 ++++++++-
>>> 1 file changed, 8 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c
>>> index 965ddcc732..196e462520 100644
>>> --- a/sysdeps/aarch64/dl-bti.c
>>> +++ b/sysdeps/aarch64/dl-bti.c
>>> @@ -24,13 +24,20 @@ static int
>>> enable_bti (struct link_map *map, const char *program)
>>> {
>>> const ElfW(Phdr) *phdr;
>>> - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI;
>>> + unsigned prot;
OK.
>>>
>>> for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr)
>>> if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X))
>>> {
>>> void *start = (void *) (phdr->p_vaddr + map->l_addr);
>>> size_t len = phdr->p_memsz;
>>> +
>>> + prot = PROT_EXEC | PROT_BTI;
>>> + if (phdr->p_flags & PF_R)
>>> + prot |= PROT_READ;
>>> + if (phdr->p_flags & PF_W)
>>> + prot |= PROT_WRITE;
OK.
>>> +
>>> if (__mprotect (start, len, prot) < 0)
>>> {
>>> if (program)
>>> --
>>> 2.17.1
>>>
>>
>>
>> --
>
--
Cheers,
Carlos.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-07-23 21:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-15 15:44 [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI Szabolcs Nagy
2020-07-17 14:52 ` Szabolcs Nagy
2020-07-23 12:17 ` Szabolcs Nagy
2020-07-23 21:25 ` Carlos O'Donell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).