From: Catalin Marinas <catalin.marinas@arm.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: "Mark Brown" <broonie@kernel.org>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"Will Deacon" <will@kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Paul Elliott" <paul.elliott@arm.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Amit Kachhap" <amit.kachhap@arm.com>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Marc Zyngier" <maz@kernel.org>,
"Eugene Syromiatnikov" <esyr@redhat.com>,
"H . J . Lu " <hjl.tools@gmail.com>,
"Andrew Jones" <drjones@redhat.com>,
"Kees Cook" <keescook@chromium.org>,
"Arnd Bergmann" <arnd@arndb.de>, "Jann Horn" <jannh@google.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Florian Weimer" <fweimer@redhat.com>,
"Sudakshina Das" <sudi.das@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
linux-fsdevel@vger.kernel.org, nd@arm.com
Subject: Re: [PATCH v10 00/13] arm64: Branch Target Identification support
Date: Mon, 23 Mar 2020 14:39:55 +0000 [thread overview]
Message-ID: <20200323143954.GC4892@mbp> (raw)
In-Reply-To: <20200323135722.GA3959@C02TD0UTHF1T.local>
On Mon, Mar 23, 2020 at 01:57:22PM +0000, Mark Rutland wrote:
> On Mon, Mar 23, 2020 at 01:24:12PM +0000, Mark Brown wrote:
> > On Mon, Mar 23, 2020 at 12:21:44PM +0000, Catalin Marinas wrote:
> > > On Fri, Mar 20, 2020 at 05:39:46PM +0000, Szabolcs Nagy wrote:
> >
> > > +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state,
> > > + bool has_interp, bool is_interp)
> > > +{
> > > + if (is_interp != has_interp)
> > > + return prot;
> > > +
> > > + if (!(state->flags & ARM64_ELF_BTI))
> > > + return prot;
> > > +
> > > + if (prot & PROT_EXEC)
> > > + prot |= PROT_BTI;
> > > +
> > > + return prot;
> > > +}
> >
> > > At a quick look, for dynamic binaries we have has_interp == true and
> > > is_interp == false. I don't know why but, either way, the above code
> > > needs a comment with some justification.
> >
> > I don't really know for certain either, I inherited this code as is with
> > the understanding that this was all agreed with the toolchain and libc
> > people - the actual discussion that lead to the decisions being made
> > happened before I was involved. My understanding is that the idea was
> > that the dynamic linker would be responsible for mapping everything in
> > dynamic applications other than itself but other than consistency I
> > don't know why. I guess it defers more decision making to userspace but
> > I'm having a hard time thinking of sensible cases where one might wish
> > to make a decision other than enabling PROT_BTI.
>
> My understanding was this had been agreed with the toolchain folk a
> while back -- anything static loaded by the kernel (i.e. a static
> executable or the dynamic linker) would get GP set. In other cases the
> linker will mess with the permissions on the pages anyhow, and needs to
> be aware of BTI in order to do the right thing, so it was better to
> leave it to userspace consistently (e.g. as that had the least risk of
> subtle changes in behaviour leading to ABI difficulties).
So this means that the interpreter will have to mprotect(PROT_BTI) the
text section of the primary executable. For subsequent libraries, it
calls mmap() explicitly anyway but not for the main executable (IIUC).
> > I'd be perfectly happy to drop the check if that makes more sense to
> > people, otherwise I can send a patch adding a comment explaining the
> > situation.
>
> I think it would be best to document the current behaviour, as it's a
> simple ABI that we can guarantee, and the dynamic linker will have to be
> aware of BTI in order to do the right thing anyhow.
That's a valid point. If we have an old dynamic linker and the kernel
enabled BTI automatically for the main executable, could things go wrong
(e.g. does the PLT need to be BTI-aware)?
--
Catalin
next prev parent reply other threads:[~2020-03-23 14:40 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-16 16:50 [PATCH v10 00/13] arm64: Branch Target Identification support Mark Brown
2020-03-16 16:50 ` [PATCH v10 01/13] ELF: UAPI and Kconfig additions for ELF program properties Mark Brown
2020-03-16 16:50 ` [PATCH v10 02/13] ELF: Add ELF program property parsing support Mark Brown
2020-03-16 16:50 ` [PATCH v10 03/13] arm64: Basic Branch Target Identification support Mark Brown
2020-03-16 16:50 ` [PATCH v10 04/13] elf: Allow arch to tweak initial mmap prot flags Mark Brown
2020-03-16 16:50 ` [PATCH v10 05/13] arm64: elf: Enable BTI at exec based on ELF program properties Mark Brown
2020-03-16 16:50 ` [PATCH v10 06/13] arm64: BTI: Decode BYTPE bits when printing PSTATE Mark Brown
2020-03-16 16:50 ` [PATCH v10 07/13] arm64: unify native/compat instruction skipping Mark Brown
2020-03-16 16:50 ` [PATCH v10 08/13] arm64: traps: Shuffle code to eliminate forward declarations Mark Brown
2020-03-16 16:50 ` [PATCH v10 09/13] arm64: BTI: Reset BTYPE when skipping emulated instructions Mark Brown
2020-03-16 16:50 ` [PATCH v10 10/13] KVM: " Mark Brown
2020-03-16 16:50 ` [PATCH v10 11/13] arm64: mm: Display guarded pages in ptdump Mark Brown
2020-03-16 16:50 ` [PATCH v10 12/13] mm: smaps: Report arm64 guarded pages in smaps Mark Brown
2020-03-16 16:50 ` [PATCH v10 13/13] arm64: BTI: Add Kconfig entry for userspace BTI Mark Brown
2020-03-17 18:49 ` [PATCH v10 00/13] arm64: Branch Target Identification support Catalin Marinas
2020-03-20 17:39 ` Szabolcs Nagy
2020-03-23 12:21 ` Catalin Marinas
2020-03-23 13:24 ` Mark Brown
2020-03-23 13:57 ` Mark Rutland
2020-03-23 14:39 ` Catalin Marinas [this message]
2020-03-23 14:55 ` Mark Rutland
2020-03-23 15:32 ` Mark Brown
2020-03-24 15:43 ` Szabolcs Nagy
2020-03-23 15:02 ` Mark Rutland
2020-04-22 15:44 ` Mark Brown
2020-04-22 16:29 ` Catalin Marinas
2020-04-28 13:28 ` Will Deacon
2020-04-28 15:12 ` Mark Brown
2020-04-28 15:18 ` Will Deacon
2020-04-28 15:58 ` Mark Brown
2020-04-28 16:01 ` Will Deacon
2020-04-30 21:26 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200323143954.GC4892@mbp \
--to=catalin.marinas@arm.com \
--cc=amit.kachhap@arm.com \
--cc=arnd@arndb.de \
--cc=broonie@kernel.org \
--cc=drjones@redhat.com \
--cc=esyr@redhat.com \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kristina.martsenko@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=nd@arm.com \
--cc=paul.elliott@arm.com \
--cc=peterz@infradead.org \
--cc=richard.henderson@linaro.org \
--cc=sudi.das@arm.com \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=vincenzo.frascino@arm.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).