From: Catalin Marinas <catalin.marinas@arm.com>
To: Szabolcs Nagy <szabolcs.nagy@arm.com>
Cc: Mark Brown <broonie@kernel.org>,
Jeremy Linton <jeremy.linton@arm.com>,
Will Deacon <will@kernel.org>, "H . J . Lu" <hjl.tools@gmail.com>,
Yu-cheng Yu <yu-cheng.yu@intel.com>,
linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
libc-alpha@sourceware.org, Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH v7 0/4] arm64: Enable BTI for the executable as well as the interpreter
Date: Thu, 27 Jan 2022 12:24:14 +0000 [thread overview]
Message-ID: <YfKO7r5l7AUvd8r/@arm.com> (raw)
In-Reply-To: <20220118110255.GC3294453@arm.com>
(Mark posted another series but I'm replying here to clarify some
aspects)
On Tue, Jan 18, 2022 at 11:02:55AM +0000, Szabolcs Nagy wrote:
> The 01/17/2022 17:54, Catalin Marinas wrote:
> > On Fri, Jan 07, 2022 at 12:01:17PM +0000, Catalin Marinas wrote:
> > > I think we can look at this from two angles:
> > >
> > > 1. Ignoring MDWE, should whoever does the original mmap() also honour
> > > PROT_BTI? We do this for static binaries but, for consistency, should
> > > we extend it to dynamic executable?
> > >
> > > 2. A 'simple' fix to allow MDWE together with BTI.
> >
> > Thinking about it, (1) is not that different from the kernel setting
> > PROT_EXEC on the main executable when the dynamic loader could've done
> > it as well. There is a case for making this more consistent: whoever
> > does the mmap() should use the full attributes.
>
> Yeah that was my original idea that it should be consistent.
> One caveat is that protection flags are normally specified
> in the program header, but the BTI marking is in
> PT_GNU_PROPERTY which is harder to get to, so glibc does not
> try to get it right for the initial mapping either: it has
> to re-mmap or mprotect. (In principle we could use read
> syscalls to parse the ELF headers and notes before mmap,
> but that's more complicated with additional failure modes.)
>
> i.e. if (2) is fixed then mprotect can be used for library
> mapping too which is simpler than re-mmap.
I lost track of the userspace fixes here, was glibc changed to attempt a
re-mmap of the dynamic libraries instead of mprotect()?
It looks like (2) is a simpler fix and (1) could still be added for
consistency, it's complementary.
> > Question for the toolchain people: would the compiler ever generate
> > relocations in the main executable that the linker needs to resolve via
> > an mprotect(READ|WRITE) followed by mprotect(READ|EXEC)? If yes, we'd
> > better go for a proper MDWE implementation in the kernel.
>
> There is some support for text relocations in glibc, but it's not
> expected to be common (e.g. it is a bug if a distro binary has it).
Thanks for the clarification.
--
Catalin
next prev parent reply other threads:[~2022-01-27 12:24 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 15:27 Mark Brown
2021-11-15 15:27 ` [PATCH v7 1/4] elf: Allow architectures to parse properties on the main executable Mark Brown
2021-11-15 15:27 ` [PATCH v7 2/4] arm64: Enable BTI for main executable as well as the interpreter Mark Brown
2021-11-15 15:27 ` [PATCH v7 3/4] elf: Remove has_interp property from arch_adjust_elf_prot() Mark Brown
2021-11-15 15:27 ` [PATCH v7 4/4] elf: Remove has_interp property from arch_parse_elf_property() Mark Brown
2021-12-08 18:23 ` [PATCH v7 0/4] arm64: Enable BTI for the executable as well as the interpreter Catalin Marinas
2021-12-09 11:10 ` Szabolcs Nagy
2022-01-04 17:32 ` Mark Brown
2022-01-05 22:42 ` Jeremy Linton
2022-01-06 11:00 ` Catalin Marinas
2022-01-06 16:09 ` Jeremy Linton
2022-01-06 18:13 ` Catalin Marinas
2022-01-06 19:07 ` Mark Brown
2022-01-07 12:01 ` Catalin Marinas
2022-01-07 13:10 ` Mark Brown
2022-01-17 17:54 ` Catalin Marinas
2022-01-17 18:16 ` Adhemerval Zanella
2022-01-17 19:01 ` H.J. Lu
2022-01-18 11:22 ` Szabolcs Nagy
2022-01-18 12:55 ` H.J. Lu
2022-01-18 11:02 ` Szabolcs Nagy
2022-01-27 12:24 ` Catalin Marinas [this message]
2022-01-27 14:48 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YfKO7r5l7AUvd8r/@arm.com \
--to=catalin.marinas@arm.com \
--cc=broonie@kernel.org \
--cc=hjl.tools@gmail.com \
--cc=jeremy.linton@arm.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=szabolcs.nagy@arm.com \
--cc=will@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).