From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by sourceware.org (Postfix) with ESMTPS id 85B053840C32 for ; Thu, 21 Apr 2022 17:59:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 85B053840C32 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9D46A61E53; Thu, 21 Apr 2022 17:59:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B04CAC385A1; Thu, 21 Apr 2022 17:59:01 +0000 (UTC) Date: Thu, 21 Apr 2022 18:58:58 +0100 From: Mark Brown To: Jeremy Linton Cc: Catalin Marinas , Will Deacon , Kees Cook , linux-arm-kernel@lists.infradead.org, hjl.tools@gmail.com, libc-alpha@sourceware.org, szabolcs.nagy@arm.com, yu-cheng.yu@intel.com, ebiederm@xmission.com, linux-arch@vger.kernel.org Subject: Re: [PATCH v13 0/2] arm64: Enable BTI for the executable as well as the interpreter Message-ID: References: <20220419105156.347168-1-broonie@kernel.org> <165043278356.1481705.13924459838445776007.b4-ty@chromium.org> <20220420093612.GB6954@willie-the-truck> <52a79b24-deec-108e-4b7f-5bc33500c802@arm.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="zY7P2cSeDhvk3jaq" Content-Disposition: inline In-Reply-To: <52a79b24-deec-108e-4b7f-5bc33500c802@arm.com> X-Cookie: Two percent of zero is almost nothing. X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2022 17:59:06 -0000 --zY7P2cSeDhvk3jaq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Apr 21, 2022 at 10:52:52AM -0500, Jeremy Linton wrote: > Or maybe simpler yet, we provide a tool which wipes out the gnu BTI note on > binaries that are found to have BTI bugs, thereby (correctly) fixing the > problem at its source. This is at least presumably doable if we are also > assuming we can update glibc/etc in any environment with the problem. This seems like the most sensible thing if we do find we're running into BTI executables that are incorrectly annotated and difficult to fix - it avoids having to manage any new permissions for bypassing BTI. --zY7P2cSeDhvk3jaq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmJhm2EACgkQJNaLcl1U h9D22Qf/bUhryTD+1wfEMb4NyHbQxFkOHPHvqtaRR1jHrV1Vv/uWpgokevT1PDHJ MV9lWmacUNvzqn3Vj3jNaJxZcfPHhRS2kUa2kpLa5VF+GnXxRQgie9JKlicSEor7 EJLQqVpA6YYS2F0ywDaBRu/O1B00nf/aSI/Vpcgl5yHjcvdOymnhwUES8qXFTkCU 5UnIIouImngnDo0UczLiEfOKn7bO1B1KhtpYDBk9Q1QwZowVyyPK5bFQe7ezsSZ1 MKyGTlaroN/Jq91wohwhJlYmhrd3U/ok2Q7tKH+cosapOoWu968dbFDFGNoIDe5U MnwWNuS1BVkpxUYC95b70ScwItDStw== =qeXh -----END PGP SIGNATURE----- --zY7P2cSeDhvk3jaq--