From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by sourceware.org (Postfix) with ESMTPS id AEF37385736B for ; Wed, 20 Apr 2022 16:51:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AEF37385736B Received: by mail-pf1-x433.google.com with SMTP id z16so2479783pfh.3 for ; Wed, 20 Apr 2022 09:51:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=75aEtLVVskQwplfG1XbK/PPMy44vZPZUgB+8LUXq4M4=; b=egx5Yd/KX+D+W14Ln22BXEMjljAIiUfpTrggJSZEDFeffu9Qqi7ZxUSy+i75Vcpyv2 7CwS86JbMl0x3dYtdA//LUvwu6jZI+/X+UbtloHASzkmi6+JA8jhIOMg6jTeZM7HMw9W 9eytTMkgzUdONaGul9x8FyKAHS+MZNG3+QG3nycXbRG6L9BWbOf+wXCUY6rww5EUr3Mc KV2QdwJkwN56ak+LO2/wh06Qv7KrfI2nKDts+9uSeqmD/RQ9lW+WJl+KjNdgOOdmKpHy L8DTbJa2C0GfPXi6+wfz456v8xXYnbacmj9MpvitayAb3Ozu2wkRvO2uNoBih4Ch5MKc zFpA== X-Gm-Message-State: AOAM533Ptzm0DYXohcP90XOWb0Mk7Ti7QKL9k9RCvn+fs9pEV5Z21xZy ZleAIc0gBMCglb2rwO71l1LW/w== X-Google-Smtp-Source: ABdhPJwBhq5nUAt/GWX1jJoxxnvjt8PlAWyO9xz4E4dpr0gW4ecUCqHufOp+thKUgWbRKKCVCUg1ow== X-Received: by 2002:a63:6c8a:0:b0:398:5208:220a with SMTP id h132-20020a636c8a000000b003985208220amr20113824pgc.176.1650473485783; Wed, 20 Apr 2022 09:51:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id r32-20020a17090a43a300b001cdbda883ccsm278919pjg.38.2022.04.20.09.51.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Apr 2022 09:51:25 -0700 (PDT) Date: Wed, 20 Apr 2022 09:51:24 -0700 From: Kees Cook To: Mark Brown Cc: Catalin Marinas , Will Deacon , Szabolcs Nagy , Jeremy Linton , "H . J . Lu" , Yu-cheng Yu , Eric Biederman , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, libc-alpha@sourceware.org, Dave Martin Subject: Re: [PATCH v13 1/2] elf: Allow architectures to parse properties on the main executable Message-ID: <202204200951.24D7A5A24@keescook> References: <20220419105156.347168-1-broonie@kernel.org> <20220419105156.347168-2-broonie@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220419105156.347168-2-broonie@kernel.org> X-Spam-Status: No, score=-3.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2022 16:51:28 -0000 On Tue, Apr 19, 2022 at 11:51:55AM +0100, Mark Brown wrote: > Currently the ELF code only attempts to parse properties on the image > that will start execution, either the interpreter or for statically linked > executables the main executable. The expectation is that any property > handling for the main executable will be done by the interpreter. This is > a bit inconsistent since we do map the executable and is causing problems > for the arm64 BTI support when used in conjunction with systemd's use of > seccomp to implement MemoryDenyWriteExecute which stops the dynamic linker > adjusting the permissions of executable segments. > > Allow architectures to handle properties for both the dynamic linker and > main executable, adjusting arch_parse_elf_properties() to have a new > flag is_interp flag as with arch_elf_adjust_prot() and calling it for > both the main executable and any intepreter. > > The user of this code, arm64, is adapted to ensure that there is no > functional change. > > Signed-off-by: Mark Brown Acked-by: Kees Cook -- Kees Cook