From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39BD4C433DB for ; Fri, 5 Feb 2021 17:40:55 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BE6D864DA5 for ; Fri, 5 Feb 2021 17:40:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BE6D864DA5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=EV/XS+w+rMX1+usICvJni6WHy2egBVqr+RTwLevAh04=; b=xbjwejfs2lVJ87Fkshki51c0lg DAvOLmQj5rAqgYCnZSKOb8mky+DmKUAKADdZyvC+0qCa0JQgVXnP7XCpM/2M5PrDqpVTt0n4eIbbL ObiXirj8vZ210KwP9P1cIYexVJZbNp7imTnhkaLwPfxHAE9y9jwzaoDcP8PQKJXOT86yFtqSNqjSi dPNlYeuUzeGyE6mFUa5e6KfQVctg9H2E3xJSdDEBC13Ln+qcIikdesqnGGEz+nI6p2C/WH/T49Wm/ NTx5qw5hz5ad/ktELiz3fNu6t2pB4eQrG9yPmiCjpIsdeLoxpw4/cSztabP+RYnOlZbEooLcnNrEl gLngKShQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l8557-00076y-Qy; Fri, 05 Feb 2021 17:39:45 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1l8553-00075G-I5 for linux-arm-kernel@lists.infradead.org; Fri, 05 Feb 2021 17:39:43 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id B6DE260C3F; Fri, 5 Feb 2021 17:39:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1612546780; bh=/AHZ9CUEvWjs6C1L5b4csE96CedUqSUXZmAoVxRXKn8=; h=From:To:Cc:Subject:Date:From; b=bTqYfdR+uC9J21uKXwEeSBJxiyWsvO0htdzAGPevTl3K6op4NkFPE4IigzUtegfPx aTrU94WVP0sRI9ORAhupXLsP2nNzX7F/mksTVNeulP/xxRckonZb4clymQjN46O+TY /hqME+smbKjs4kLBC002xuYde2smdPDqgwobj4cNSYukSqEp15b6du/zoaPaNG6u+e 8oIJxPcrXUJxSIsXLTZnAegTctLuN5Ke9cftjT9QFejq3lA3Vy5cAviMLAbmv8Irmn dT+MrMJ8C4yG/hs6h5G6U41WJOckydTtMNnYiPIK2o2JrTnJ4iVOhmLhbN/e4iZMgZ sXkxqPrtABdmw== From: Mark Brown To: Catalin Marinas , Will Deacon Subject: [PATCH] arm64: bti: Set PROT_BTI on all BTI executables mapped by the kernel Date: Fri, 5 Feb 2021 17:38:37 +0000 Message-Id: <20210205173837.39315-1-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=7zN43aXdXMdmfaLj4FX8gMm7a76OOvJsogge4/nn8Y4=; m=dy0D/ccU8fG3zSNioE+eBi2SH0YOdNWPkq8kfTP7sq8=; p=fDryMjcYCFaY94nuNd8JVY/L7W1xGukVcWRmSZ1mHXY=; g=0f8818e661955edd30fd55277d55e6b5dbe31f48 X-Patch-Sig: m=pgp; i=broonie@kernel.org; s=0xC3F436CA30F5D8EB; b=iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmAdgP4ACgkQJNaLcl1Uh9AN/gf+N1V Uu7Zv9yx+E+3Fn5F8dUqn4p4hjv2ILNoQzG1dwNQljW8z/HJyyR8Gm+zsHfWyBJ3D5kAIxXAQzjq4 GJ7dLF1uWNcsRzT/nZQGqTMBI4jOhb4Rb0RR4hH4zpAGZ5OWasC2Dd+u+6nVzyRs2Nv+31w/LQoBr ggZGk18HL66O+jaOd14DGLjVWpbbjKTytnGiq3T66p/JEm9IN5lRNjHWeEjshkSsy1auIxZfjLzPZ GXXmR7U865dKTjdT7y5jG5087vu5HUXQNn1vNBPREm06p+k78Qby+4s3baWUnHmmbgaZiewJjqm6v 4RqYRxexAbQNyWZr7/EI/nhPpVgQwWQ== X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210205_123941_782623_0DC7E302 X-CRM114-Status: GOOD ( 15.73 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , libc-alpha@sourceware.org, Kees Cook , Szabolcs Nagy , Jeremy Linton , Mark Brown , Dave Martin , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Currently for dynamically linked executables the kernel only enables PROT_BTI for the interpreter, the interpreter is responsible for enabling it for everything else including the main executable. Unfortunately this interacts poorly with systemd's MemoryDenyWriteExecute feature which uses a seccomp filter to prevent setting PROT_EXEC on already mapped memory via mprotect(), it lacks the context to detect that PROT_EXEC is already set and so refuses to allow the mprotect() on the main executable which the kernel has already mapped. Since we don't want to force users to choose between having MDWX and BTI as these are othogonal features have the kernel enable PROT_BTI for all the ELF objects it loads, not just the dynamic linker. This means that if there is a problem with BTI it will be harder to disable at the executable level but we currently have no conditional support for this in any libc anyway so that would be new development. Ideally we would have interfaces that allowed us to more clearly specify what is enabled and disabled by a given syscall but this would be a far more difficult change to deploy. Reported-by: Jeremy Linton Suggested-by: Catalin Marinas Signed-off-by: Mark Brown Cc: Mark Rutland Cc: Szabolcs Nagy Cc: Dave Martin Cc: Kees Cook Cc: libc-alpha@sourceware.org --- This solution was proposed by Catalin, I'm just writing it up into a patch since it looks to be what we've converged on as the most practical solution and but things seemed to have stalled out. arch/arm64/kernel/process.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 71c8265b9139..0967f9e1f9fd 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -717,14 +717,6 @@ asmlinkage void __sched arm64_preempt_schedule_irq(void) int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state, bool has_interp, bool is_interp) { - /* - * For dynamically linked executables the interpreter is - * responsible for setting PROT_BTI on everything except - * itself. - */ - if (is_interp != has_interp) - return prot; - if (!(state->flags & ARM64_ELF_BTI)) return prot; -- 2.20.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel