From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Brown <broonie@kernel.org>,
Jeremy Linton <jeremy.linton@arm.com>,
Will Deacon <will@kernel.org>, "H . J . Lu" <hjl.tools@gmail.com>,
Yu-cheng Yu <yu-cheng.yu@intel.com>,
linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
libc-alpha@sourceware.org, Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH v7 0/4] arm64: Enable BTI for the executable as well as the interpreter
Date: Thu, 27 Jan 2022 14:48:20 +0000 [thread overview]
Message-ID: <20220127144820.GF1989194@arm.com> (raw)
In-Reply-To: <YfKO7r5l7AUvd8r/@arm.com>
The 01/27/2022 12:24, Catalin Marinas wrote:
> (Mark posted another series but I'm replying here to clarify some
> aspects)
>
> On Tue, Jan 18, 2022 at 11:02:55AM +0000, Szabolcs Nagy wrote:
> > The 01/17/2022 17:54, Catalin Marinas wrote:
> > > On Fri, Jan 07, 2022 at 12:01:17PM +0000, Catalin Marinas wrote:
> > > > I think we can look at this from two angles:
> > > >
> > > > 1. Ignoring MDWE, should whoever does the original mmap() also honour
> > > > PROT_BTI? We do this for static binaries but, for consistency, should
> > > > we extend it to dynamic executable?
> > > >
> > > > 2. A 'simple' fix to allow MDWE together with BTI.
> > >
> > > Thinking about it, (1) is not that different from the kernel setting
> > > PROT_EXEC on the main executable when the dynamic loader could've done
> > > it as well. There is a case for making this more consistent: whoever
> > > does the mmap() should use the full attributes.
> >
> > Yeah that was my original idea that it should be consistent.
> > One caveat is that protection flags are normally specified
> > in the program header, but the BTI marking is in
> > PT_GNU_PROPERTY which is harder to get to, so glibc does not
> > try to get it right for the initial mapping either: it has
> > to re-mmap or mprotect. (In principle we could use read
> > syscalls to parse the ELF headers and notes before mmap,
> > but that's more complicated with additional failure modes.)
> >
> > i.e. if (2) is fixed then mprotect can be used for library
> > mapping too which is simpler than re-mmap.
>
> I lost track of the userspace fixes here, was glibc changed to attempt a
> re-mmap of the dynamic libraries instead of mprotect()?
yes (so under mdwe, bti is lost on the exe but not on libs)
see the commit message for the fix
https://sourceware.org/bugzilla/show_bug.cgi?id=26831
>
> It looks like (2) is a simpler fix and (1) could still be added for
> consistency, it's complementary.
i agree.
if (2) is fixed then i would change glibc to use
mprotect and handle the failure (this will require an
update to systemd and disabling mdwe on old kernels)
if (1) is fixed then i would probably still keep
doing mprotect on the main exe so bti protection
works on old kernels.
prev parent reply other threads:[~2022-01-27 14:48 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 15:27 Mark Brown
2021-11-15 15:27 ` [PATCH v7 1/4] elf: Allow architectures to parse properties on the main executable Mark Brown
2021-11-15 15:27 ` [PATCH v7 2/4] arm64: Enable BTI for main executable as well as the interpreter Mark Brown
2021-11-15 15:27 ` [PATCH v7 3/4] elf: Remove has_interp property from arch_adjust_elf_prot() Mark Brown
2021-11-15 15:27 ` [PATCH v7 4/4] elf: Remove has_interp property from arch_parse_elf_property() Mark Brown
2021-12-08 18:23 ` [PATCH v7 0/4] arm64: Enable BTI for the executable as well as the interpreter Catalin Marinas
2021-12-09 11:10 ` Szabolcs Nagy
2022-01-04 17:32 ` Mark Brown
2022-01-05 22:42 ` Jeremy Linton
2022-01-06 11:00 ` Catalin Marinas
2022-01-06 16:09 ` Jeremy Linton
2022-01-06 18:13 ` Catalin Marinas
2022-01-06 19:07 ` Mark Brown
2022-01-07 12:01 ` Catalin Marinas
2022-01-07 13:10 ` Mark Brown
2022-01-17 17:54 ` Catalin Marinas
2022-01-17 18:16 ` Adhemerval Zanella
2022-01-17 19:01 ` H.J. Lu
2022-01-18 11:22 ` Szabolcs Nagy
2022-01-18 12:55 ` H.J. Lu
2022-01-18 11:02 ` Szabolcs Nagy
2022-01-27 12:24 ` Catalin Marinas
2022-01-27 14:48 ` Szabolcs Nagy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220127144820.GF1989194@arm.com \
--to=szabolcs.nagy@arm.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=hjl.tools@gmail.com \
--cc=jeremy.linton@arm.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=will@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).