From: Dave Martin <Dave.Martin@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"H.J. Lu" <hjl.tools@gmail.com>, "Arnd Bergmann" <arnd@arndb.de>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Andrew Jones" <drjones@redhat.com>,
"Will Deacon" <will.deacon@arm.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"Sudakshina Das" <sudi.das@arm.com>,
"Paul Elliott" <paul.elliott@arm.com>
Subject: [PATCH 7/8] arm64: elf: Enable BTI at exec based on ELF program properties
Date: Fri, 24 May 2019 11:25:32 +0100 [thread overview]
Message-ID: <1558693533-13465-8-git-send-email-Dave.Martin@arm.com> (raw)
In-Reply-To: <1558693533-13465-1-git-send-email-Dave.Martin@arm.com>
For BTI protection to be as comprehensive as possible, it is
desirable to have BTI enabled from process startup. If this is not
done, the process must use mprotect() to enable BTI for each of its
executable mappings, but this is painful to do in the libc startup
code. It's simpler and more sound to have the kernel do it
instead.
To this end, detect BTI support in the executable (or ELF
interpreter, as appropriate), via the
NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot
flags for the process' executable pages to include PROT_BTI_GUARDED
as appropriate.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
---
arch/arm64/Kconfig | 3 +++
arch/arm64/include/asm/elf.h | 28 ++++++++++++++++++++++
arch/arm64/kernel/process.c | 55 ++++++++++++++++++++++++++++++++++++++++++++
include/uapi/linux/elf.h | 8 ++++++-
4 files changed, 93 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 0f6765e..f8af7f2 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -8,6 +8,7 @@ config ARM64
select ACPI_MCFG if (ACPI && PCI)
select ACPI_SPCR_TABLE if ACPI
select ACPI_PPTT if ACPI
+ select ARCH_BINFMT_ELF_STATE
select ARCH_CLOCKSOURCE_DATA
select ARCH_HAS_DEBUG_VIRTUAL
select ARCH_HAS_DEVMEM_IS_ALLOWED
@@ -33,6 +34,7 @@ config ARM64
select ARCH_HAS_SYSCALL_WRAPPER
select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
+ select ARCH_HAVE_ELF_PROT
select ARCH_HAVE_NMI_SAFE_CMPXCHG
select ARCH_INLINE_READ_LOCK if !PREEMPT
select ARCH_INLINE_READ_LOCK_BH if !PREEMPT
@@ -62,6 +64,7 @@ config ARM64
select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPT
select ARCH_KEEP_MEMBLOCK
select ARCH_USE_CMPXCHG_LOCKREF
+ select ARCH_USE_GNU_PROPERTY if BINFMT_ELF
select ARCH_USE_QUEUED_RWLOCKS
select ARCH_USE_QUEUED_SPINLOCKS
select ARCH_SUPPORTS_MEMORY_FAILURE
diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
index 355d120..bba45fa 100644
--- a/arch/arm64/include/asm/elf.h
+++ b/arch/arm64/include/asm/elf.h
@@ -126,6 +126,7 @@
#ifndef __ASSEMBLY__
#include <linux/bug.h>
+#include <linux/fs.h>
#include <asm/processor.h> /* for signal_minsigstksz, used by ARCH_DLINFO */
typedef unsigned long elf_greg_t;
@@ -221,6 +222,33 @@ extern int aarch32_setup_additional_pages(struct linux_binprm *bprm,
#endif /* CONFIG_COMPAT */
+struct arch_elf_state {
+ int flags;
+};
+
+#define ARM64_ELF_BTI (1 << 0)
+
+#define INIT_ARCH_ELF_STATE { \
+ .flags = 0, \
+}
+
+int arch_parse_property(void *ehdr, void *phdr, struct file *f, bool interp,
+ struct arch_elf_state *state);
+
+static inline int arch_elf_pt_proc(void *ehdr, void *phdr,
+ struct file *f, bool is_interp,
+ struct arch_elf_state *state)
+{
+ return 0;
+}
+
+static inline int arch_check_elf(void *ehdr, bool has_interp,
+ void *interp_ehdr,
+ struct arch_elf_state *state)
+{
+ return 0;
+}
+
#endif /* !__ASSEMBLY__ */
#endif
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 3767fb2..104b0d8 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -22,12 +22,14 @@
#include <linux/compat.h>
#include <linux/efi.h>
+#include <linux/elf.h>
#include <linux/export.h>
#include <linux/sched.h>
#include <linux/sched/debug.h>
#include <linux/sched/task.h>
#include <linux/sched/task_stack.h>
#include <linux/kernel.h>
+#include <linux/mman.h>
#include <linux/mm.h>
#include <linux/stddef.h>
#include <linux/unistd.h>
@@ -552,3 +554,56 @@ void arch_setup_new_exec(void)
ptrauth_thread_init_user(current);
}
+
+#ifdef CONFIG_BINFMT_ELF
+int arch_parse_property(void *ehdr, void *phdr, struct file *f, bool interp,
+ struct arch_elf_state *state)
+{
+ union any_elf_hdr {
+ struct elf32_hdr hdr32;
+ struct elf64_hdr hdr64;
+ };
+ const union any_elf_hdr *e = ehdr;
+
+ int ret;
+ u32 val;
+
+ /* Currently we have GNU program properties only for native: */
+ if (e->hdr64.e_machine != EM_AARCH64) {
+ WARN_ON(!IS_ENABLED(CONFIG_COMPAT) ||
+ e->hdr64.e_machine != EM_ARM);
+
+ return 0;
+ }
+
+ ret = get_gnu_property(ehdr, phdr, f,
+ GNU_PROPERTY_AARCH64_FEATURE_1_AND,
+ &val);
+ if (ret)
+ return ret;
+
+ if (val & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) {
+ if (!system_supports_bti())
+ return -EINVAL;
+
+ state->flags |= ARM64_ELF_BTI;
+ }
+
+ return 0;
+}
+
+int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state,
+ bool has_interp, bool is_interp)
+{
+ if (is_interp != has_interp)
+ return prot;
+
+ if (!(state->flags & ARM64_ELF_BTI))
+ return prot;
+
+ if (prot & PROT_EXEC)
+ prot |= PROT_BTI_GUARDED;
+
+ return prot;
+}
+#endif
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
index 7b7603a..1c8e455 100644
--- a/include/uapi/linux/elf.h
+++ b/include/uapi/linux/elf.h
@@ -444,11 +444,17 @@ typedef struct elf64_note {
Elf64_Word n_type; /* Content type */
} Elf64_Nhdr;
-/* .note.gnu.property types */
+/* .note.gnu.property types for x86: */
#define GNU_PROPERTY_X86_FEATURE_1_AND (0xc0000002)
/* Bits of GNU_PROPERTY_X86_FEATURE_1_AND */
#define GNU_PROPERTY_X86_FEATURE_1_IBT (0x00000001)
#define GNU_PROPERTY_X86_FEATURE_1_SHSTK (0x00000002)
+/* .note.gnu.property types for EM_AARCH64: */
+#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000
+
+/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */
+#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0)
+
#endif /* _UAPI_LINUX_ELF_H */
--
2.1.4
next prev parent reply other threads:[~2019-05-24 10:26 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-24 10:25 [PATCH 0/8] arm64: ARMv8.5-A: Branch Target Identification support Dave Martin
2019-05-24 10:25 ` [PATCH 1/8] binfmt_elf: Extract .note.gnu.property from an ELF file Dave Martin
2019-05-24 10:25 ` [PATCH 2/8] mm: Reserve asm-generic prot flag 0x10 for arch use Dave Martin
2019-05-24 10:25 ` [PATCH 3/8] arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 Dave Martin
2019-05-24 10:25 ` [PATCH 4/8] arm64: Basic Branch Target Identification support Dave Martin
2019-05-24 13:02 ` Mark Rutland
2019-05-24 14:53 ` Dave Martin
2019-05-24 15:38 ` Mark Rutland
2019-05-24 16:12 ` Dave Martin
2019-05-24 17:19 ` Mark Rutland
2019-05-28 10:52 ` Dave P Martin
2019-06-06 17:11 ` Catalin Marinas
2019-06-06 17:23 ` Dave Martin
2019-06-06 17:34 ` Yu-cheng Yu
2019-06-06 17:56 ` Dave Martin
2019-05-24 10:25 ` [PATCH 5/8] elf: Parse program properties before destroying the old process Dave Martin
2019-05-24 10:25 ` [PATCH 6/8] elf: Allow arch to tweak initial mmap prot flags Dave Martin
2019-05-24 10:25 ` Dave Martin [this message]
2019-05-24 10:25 ` [PATCH 8/8] arm64: BTI: Decode BYTPE bits when printing PSTATE Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1558693533-13465-8-git-send-email-Dave.Martin@arm.com \
--to=dave.martin@arm.com \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=drjones@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=kristina.martsenko@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul.elliott@arm.com \
--cc=richard.henderson@linaro.org \
--cc=sudi.das@arm.com \
--cc=szabolcs.nagy@arm.com \
--cc=will.deacon@arm.com \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).