From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id 4A76D3858438 for ; Tue, 18 Jan 2022 12:55:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4A76D3858438 Received: by mail-pg1-x530.google.com with SMTP id 188so1123853pgf.1 for ; Tue, 18 Jan 2022 04:55:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+hNhXZA5+gowIUg/TCF0bWEAltSYx0IpHpX6BM2FGyA=; b=GnWZN9PGLBJay0i3585U7CFVT1aoCysOl83o6mTMGUPS3oqL4tIyMpNCTrP8f3bYyF wKNa518k3t57VzJl25yFimUe6qhM9YpCFT5LVstw2STJaiPjwtkN3mZphxFu74AqnzUl Gxqwn6valH/yw4p4bII5MWziB0BJAVBXJ4h3EQKrS9pJcpxwzY7duPMah5RZPutX7RaH tidVkJmP+nMc/UDNvVXZ4jCm1B9kpJ2gxoihJlDxelj2InkUE5jBfF/L48iVexiJBxmf dokxLzht1dZ5hY/xLJHBNmfmsYvBso2KGT6Y5HJZhvhqEpVrbGOowobusaSlPmtrmoeZ cjwA== X-Gm-Message-State: AOAM533ZPQuqdrHrg+Y1NKH4R+ZoUhqXlgYbdDHCjAdsFMQfx/3p7JPs eR0jXPmB2+61eU+ylONZ2TNESxzxbs62z/dAKBk= X-Google-Smtp-Source: ABdhPJz+OYijyklInJ82gnAdPX5DHjvhR2QrfrN7RuDnJY/PqiDw/jSALB9OPjCLQOBw/o5hciY44JoBECkNxHmGb14= X-Received: by 2002:a63:b24e:: with SMTP id t14mr23265462pgo.381.1642510557302; Tue, 18 Jan 2022 04:55:57 -0800 (PST) MIME-Version: 1.0 References: <101d8e84-7429-bbf1-0271-5436eca0eea2@arm.com> <8550afd2-268d-a25f-88fd-0dd0b184ca23@arm.com> <20ae043b-a013-068d-2d83-16e63f5b4989@linaro.org> <20220118112211.GD3294453@arm.com> In-Reply-To: <20220118112211.GD3294453@arm.com> From: "H.J. Lu" Date: Tue, 18 Jan 2022 04:55:21 -0800 Message-ID: Subject: Re: [PATCH v7 0/4] arm64: Enable BTI for the executable as well as the interpreter To: Szabolcs Nagy Cc: Adhemerval Zanella , linux-arch , Mark Rutland , Yu-cheng Yu , GNU C Library , Catalin Marinas , Jeremy Linton , Mark Brown , Will Deacon , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-3021.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2022 12:55:59 -0000 On Tue, Jan 18, 2022 at 3:22 AM Szabolcs Nagy wrote: > > The 01/17/2022 11:01, H.J. Lu via Libc-alpha wrote: > > We are taking a different approach for CET enabling. CET will be > > changed to be enabled from user space: > > > > https://gitlab.com/x86-glibc/glibc/-/tree/users/hjl/cet/enable > > > > and the CET kernel no longer enables CET automatically: > > > > https://github.com/hjl-tools/linux/tree/hjl/cet%2F5.16.0-v4 > > we considered userspace handling of BTI in static exe > and ld.so too. at the time we wanted the protection to > be on whenever BTI marked code is executed, so it has > to be enabled at program entry. > > i no longer think that the entry code protection is very > important, but delaying mprotect for static exe does > not fix our mprotect(*|PROT_EXEC) problem with systemd. > > i also don't immediately see where you deal with shadow > stack allocation for the main stack if it is userspace > enabled, i expected that to require kernel assistance > if you want the main stack protected all the way up. We enable shadow stack in user space as soon as possible: https://gitlab.com/x86-glibc/glibc/-/commit/211abce607a9f6e4cd1cadefb87561413dd8fae9 -- H.J.