From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150085.outbound.protection.outlook.com [40.107.15.85]) by sourceware.org (Postfix) with ESMTPS id 52D04385ED40 for ; Thu, 27 Jan 2022 14:48:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 52D04385ED40 Received: from DB8PR04CA0022.eurprd04.prod.outlook.com (2603:10a6:10:110::32) by PAXPR08MB7107.eurprd08.prod.outlook.com (2603:10a6:102:205::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.17; Thu, 27 Jan 2022 14:48:43 +0000 Received: from DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:110:cafe::cb) by DB8PR04CA0022.outlook.office365.com (2603:10a6:10:110::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15 via Frontend Transport; Thu, 27 Jan 2022 14:48:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT053.mail.protection.outlook.com (10.152.21.119) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15 via Frontend Transport; Thu, 27 Jan 2022 14:48:43 +0000 Received: ("Tessian outbound 63bb5eb69ee8:v113"); Thu, 27 Jan 2022 14:48:43 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 5cd3e99686449da8 X-CR-MTA-TID: 64aa7808 Received: from a0d92831d203.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 2E7EE147-6AB5-433D-AD87-93345D001B42.1; Thu, 27 Jan 2022 14:48:34 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a0d92831d203.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 27 Jan 2022 14:48:34 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q8nffH8gk65Q4yAuzbHdO2O1m4gpsjHTLQOEYvAXgfnrOkbTDk9zmadMpyLMG/p7Zur43lGxLrLLD7FjxBw0tQVbdm2qi9lK9rTek3mM0AzZ+hX3v8IEXRRjaU0c/VgVtoQwjPN3oo7QsPT1dT8lEbytVz2c+UWeWQyGa4uD/tFWEwAyoJ0RmDfclS9h4HkcTV0JnQJBoGZNdjRd9sdkyWWpG3N5MrqWEKGoUVuIgkhlQvtDeE8MmMF5F65qMrTDcoTHNereDxulHD0iEf4NEjLh5s/iTzePVmmjq40aaNLo1RXoCeluxqMjxh1dL/NXOxWLlHbaQ6HcRkBpKsrTkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Fpre9LfVjvmqU1C7IQSDLCKfZApWVeD0w1MPrT/qSK8=; b=dl0rcbyvCVlZZKzy19yVKA4yupbRO+h/GmjcNHk/XBJg4E8TKoYcgPPq5YHbJDIzbrrAFskd1fHSTninNhOCJXZF8ZO/KSI2Gr/E7bf7E8pd/13L7ORajXCdd4CjSRocqi7S+016p/xOT5xzWGmQH8tXVbU8+JKHe8NYIdgzSl1CHNaX7T+BusU1T/t3Dn+LKN0syBp0+047k0jlPU0hIx9Eid3OxEbKDD1Mi0GLFCJtRjO420IBGvLkBnA8lNjVhpNzrRQmG162RSsnl56kq69FsnwVvrAaz66HYD7Ocf6XCgC1UYyFE4D9Xds4STVgEjCopyGBOnOKOiGs8yByOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) by AM8PR08MB6322.eurprd08.prod.outlook.com (2603:10a6:20b:361::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.7; Thu, 27 Jan 2022 14:48:29 +0000 Received: from DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::dca:9146:2814:3f63]) by DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::dca:9146:2814:3f63%5]) with mapi id 15.20.4930.017; Thu, 27 Jan 2022 14:48:29 +0000 Date: Thu, 27 Jan 2022 14:48:20 +0000 From: Szabolcs Nagy To: Catalin Marinas Cc: Mark Brown , Jeremy Linton , Will Deacon , "H . J . Lu" , Yu-cheng Yu , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, libc-alpha@sourceware.org, Mark Rutland Subject: Re: [PATCH v7 0/4] arm64: Enable BTI for the executable as well as the interpreter Message-ID: <20220127144820.GF1989194@arm.com> References: <101d8e84-7429-bbf1-0271-5436eca0eea2@arm.com> <8550afd2-268d-a25f-88fd-0dd0b184ca23@arm.com> <20220118110255.GC3294453@arm.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: SN4PR0401CA0014.namprd04.prod.outlook.com (2603:10b6:803:21::24) To DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: e3cd238f-c451-46a9-1f5c-08d9e1a41d93 X-MS-TrafficTypeDiagnostic: AM8PR08MB6322:EE_|DB5EUR03FT053:EE_|PAXPR08MB7107:EE_ X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508;OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: VYwLRK3pB15OeAB+sXaK8oYyTiDuc1BNLRhu8REDjPUDgd2mfOwnsVjSjvpS7pX9GSROri2LQa2sfLSEf7+MLgD9DpCXTzmrbdLiWre40dwsLYuMLwxG6q16/kuorog2WyHEPWRFkWzT9CjgnGRsuZ5D/UOCHSfOmzh0ZHGbCXlJfCXyTliu3ioOgzpn+XNnTD0CjyQO/HP5LvGyG1E74ISW5bfNTrqf3+v12xzPSR9EQhYxzMxUHS/+Bgm+I7Xh60oWeX3wmD12tDGbOZkvkktjM/NNnjfHMV/q4vsDVxKtWTMwoxzvrsaAnRyTQTMJ6tG9uLO+jicL2isg5oAd2LhqcKuIOb86feF+4PpxJJfSJknw4IG/T3ocK8chBr3P6PNiC/F1ynow1GBfpqrWEgCxdM8Z7V2/iwud+vEtFn2N6Sy0xq+gzb6Q6hnZZJw/HC9jYWDpsiCPVZpsneeqqFSe53RfEqsDUUYdCWDU5bfKmHtyPgJ332vRmwWiXs5ac1vycVwl5SyWkY7zs6rQzwBsQ9jDY5UdoWLZv4fYncJMUX31INKf4wT5UuRbXPpdWNeEnb0EvDaDmlt6urfHUsGmknp8AEv/Gk4XqnfDKs07kySrXdgiC/yT/8wrI0V6K9u40P2Vd3Ee5RANRepJNQrowHZNJO3kkjtyyUey2lTjxny7ffkIMdTPdK2ermGP5o/0xyvNW8Zr56zdZcdKjW2CvpzqXPR38BGQiQu+25hHsk7J3/ROxDXpaiIzeYgY/ZYEIKEGerCIp6AM/faUc+7gigJFeY550ZYsomgf/wI= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR08MB7179.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(36756003)(1076003)(6666004)(66946007)(26005)(6636002)(83380400001)(33656002)(66556008)(66476007)(2616005)(52116002)(2906002)(508600001)(6486002)(8936002)(6506007)(966005)(8676002)(186003)(4326008)(86362001)(316002)(54906003)(38100700002)(38350700002)(37006003)(44832011)(5660300002)(6862004)(6512007); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB6322 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 63200a58-2166-4868-f459-08d9e1a414e9 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Qur6WEpSUgqxdcm/zzxyZASF9NO44AzWpbTsfYVVkwOqT5+hyoWCutL9fyc/9wm31SRI6lZMk43D5yHORguBYmPbgLHuAdlI31Zq1tmr3bFN0eKECguek7MFVcNPk/snpVYBJwn+i+XoI9ThCGEgITl/ymPTOqwZDWiQH4geBCRv2kHTPZCWRKDPLII0kfGPlX+QE88BVHrzXeL91weLo4RTtoYo1xw4/Ki77uR7JTLojFco98uo0z5HljUQP1KlHiGrN7Di5qDTJVVzpP1+RZME88Pv9C/JdIKy6WADKNd+bSYDQM3CShw986WJU2xQf1cUkPQQGabPzGddd+Uc0fezoaKI7hsD8yYhjM3EtaDAdcCzKSUUJN0Sfk87pV0sGjAIG+s/azRVrO1B1vBS2WmrVgRYwRuAu959TETUsMG8v+RYORdeRzB37wU0iATH3Zjsr5vb8cAMARK/P8krcgN74N+9In3A8J0YYsgcXskGRU8ZztCSh7WO5J3syP+OyvmVc4+oNjO8nSq4vhHQmVfCSCJMHQJZAYPhRqNWH+TVqrzTidwvKm7IYtQWB9wRVPBi7u5HEZnfHny6xxXptpVc2zzEqSQijoS0WCF/HOTkQXfa7gx8/dXDYfKmiGqdOK3W8X5xf+uSNN+qr9WvS9s96vZplDlnYGLs2KqCCS5CHhYYD5HkxQL6f59iJbfoiPZVSneXnRhrAN3n2uIuvNKER3f+YUi3KfNzT45JHCN1VmTZ2b95IOpWcvtN+17N0T8rXzkI4wNSb2DyQizS6Q== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(6486002)(6666004)(36756003)(5660300002)(8936002)(6506007)(336012)(70586007)(70206006)(4326008)(8676002)(6862004)(37006003)(6512007)(966005)(86362001)(316002)(40460700003)(6636002)(54906003)(508600001)(81166007)(356005)(44832011)(2906002)(2616005)(47076005)(1076003)(186003)(82310400004)(26005)(36860700001)(33656002)(83380400001)(20210929001); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jan 2022 14:48:43.6546 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e3cd238f-c451-46a9-1f5c-08d9e1a41d93 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB7107 X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2022 14:48:49 -0000 The 01/27/2022 12:24, Catalin Marinas wrote: > (Mark posted another series but I'm replying here to clarify some > aspects) > > On Tue, Jan 18, 2022 at 11:02:55AM +0000, Szabolcs Nagy wrote: > > The 01/17/2022 17:54, Catalin Marinas wrote: > > > On Fri, Jan 07, 2022 at 12:01:17PM +0000, Catalin Marinas wrote: > > > > I think we can look at this from two angles: > > > > > > > > 1. Ignoring MDWE, should whoever does the original mmap() also honour > > > > PROT_BTI? We do this for static binaries but, for consistency, should > > > > we extend it to dynamic executable? > > > > > > > > 2. A 'simple' fix to allow MDWE together with BTI. > > > > > > Thinking about it, (1) is not that different from the kernel setting > > > PROT_EXEC on the main executable when the dynamic loader could've done > > > it as well. There is a case for making this more consistent: whoever > > > does the mmap() should use the full attributes. > > > > Yeah that was my original idea that it should be consistent. > > One caveat is that protection flags are normally specified > > in the program header, but the BTI marking is in > > PT_GNU_PROPERTY which is harder to get to, so glibc does not > > try to get it right for the initial mapping either: it has > > to re-mmap or mprotect. (In principle we could use read > > syscalls to parse the ELF headers and notes before mmap, > > but that's more complicated with additional failure modes.) > > > > i.e. if (2) is fixed then mprotect can be used for library > > mapping too which is simpler than re-mmap. > > I lost track of the userspace fixes here, was glibc changed to attempt a > re-mmap of the dynamic libraries instead of mprotect()? yes (so under mdwe, bti is lost on the exe but not on libs) see the commit message for the fix https://sourceware.org/bugzilla/show_bug.cgi?id=26831 > > It looks like (2) is a simpler fix and (1) could still be added for > consistency, it's complementary. i agree. if (2) is fixed then i would change glibc to use mprotect and handle the failure (this will require an update to systemd and disabling mdwe on old kernels) if (1) is fixed then i would probably still keep doing mprotect on the main exe so bti protection works on old kernels.