From: Kees Cook <keescook@chromium.org>
To: Mark Brown <broonie@kernel.org>
Cc: "Catalin Marinas" <catalin.marinas@arm.com>,
"Will Deacon" <will@kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Paul Elliott" <paul.elliott@arm.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Amit Kachhap" <amit.kachhap@arm.com>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Marc Zyngier" <maz@kernel.org>,
"Eugene Syromiatnikov" <esyr@redhat.com>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"H . J . Lu " <hjl.tools@gmail.com>,
"Andrew Jones" <drjones@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Jann Horn" <jannh@google.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Florian Weimer" <fweimer@redhat.com>
Subject: Re: [PATCH v7 05/11] arm64: elf: Enable BTI at exec based on ELF program properties
Date: Wed, 26 Feb 2020 13:43:17 -0800 [thread overview]
Message-ID: <202002261343.1D0FC8DBE@keescook> (raw)
In-Reply-To: <20200226155714.43937-6-broonie@kernel.org>
On Wed, Feb 26, 2020 at 03:57:08PM +0000, Mark Brown wrote:
> From: Dave Martin <Dave.Martin@arm.com>
>
> For BTI protection to be as comprehensive as possible, it is
> desirable to have BTI enabled from process startup. If this is not
> done, the process must use mprotect() to enable BTI for each of its
> executable mappings, but this is painful to do in the libc startup
> code. It's simpler and more sound to have the kernel do it
> instead.
>
> To this end, detect BTI support in the executable (or ELF
> interpreter, as appropriate), via the
> NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot
> flags for the process' executable pages to include PROT_BTI as
> appropriate.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
> arch/arm64/Kconfig | 3 +++
> arch/arm64/include/asm/elf.h | 51 ++++++++++++++++++++++++++++++++++++
> arch/arm64/kernel/process.c | 19 ++++++++++++++
> include/uapi/linux/elf.h | 6 +++++
> 4 files changed, 79 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index e37f4f07b990..d65d226a77ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -9,6 +9,7 @@ config ARM64
> select ACPI_MCFG if (ACPI && PCI)
> select ACPI_SPCR_TABLE if ACPI
> select ACPI_PPTT if ACPI
> + select ARCH_BINFMT_ELF_STATE
> select ARCH_CLOCKSOURCE_DATA
> select ARCH_HAS_DEBUG_VIRTUAL
> select ARCH_HAS_DEVMEM_IS_ALLOWED
> @@ -33,6 +34,7 @@ config ARM64
> select ARCH_HAS_SYSCALL_WRAPPER
> select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT
> select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
> + select ARCH_HAVE_ELF_PROT
> select ARCH_HAVE_NMI_SAFE_CMPXCHG
> select ARCH_INLINE_READ_LOCK if !PREEMPTION
> select ARCH_INLINE_READ_LOCK_BH if !PREEMPTION
> @@ -62,6 +64,7 @@ config ARM64
> select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPTION
> select ARCH_KEEP_MEMBLOCK
> select ARCH_USE_CMPXCHG_LOCKREF
> + select ARCH_USE_GNU_PROPERTY if BINFMT_ELF
> select ARCH_USE_QUEUED_RWLOCKS
> select ARCH_USE_QUEUED_SPINLOCKS
> select ARCH_SUPPORTS_MEMORY_FAILURE
> diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
> index b618017205a3..c72e381fa86d 100644
> --- a/arch/arm64/include/asm/elf.h
> +++ b/arch/arm64/include/asm/elf.h
> @@ -114,7 +114,11 @@
>
> #ifndef __ASSEMBLY__
>
> +#include <uapi/linux/elf.h>
> #include <linux/bug.h>
> +#include <linux/errno.h>
> +#include <linux/fs.h>
> +#include <linux/types.h>
> #include <asm/processor.h> /* for signal_minsigstksz, used by ARCH_DLINFO */
>
> typedef unsigned long elf_greg_t;
> @@ -224,6 +228,53 @@ extern int aarch32_setup_additional_pages(struct linux_binprm *bprm,
>
> #endif /* CONFIG_COMPAT */
>
> +struct arch_elf_state {
> + int flags;
> +};
> +
> +#define ARM64_ELF_BTI (1 << 0)
> +
> +#define INIT_ARCH_ELF_STATE { \
> + .flags = 0, \
> +}
> +
> +static inline int arch_parse_elf_property(u32 type, const void *data,
> + size_t datasz, bool compat,
> + struct arch_elf_state *arch)
> +{
> + /* No known properties for AArch32 yet */
> + if (IS_ENABLED(CONFIG_COMPAT) && compat)
> + return 0;
> +
> + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) {
> + const u32 *p = data;
> +
> + if (datasz != sizeof(*p))
> + return -ENOEXEC;
> +
> + if (IS_ENABLED(CONFIG_ARM64_BTI) &&
> + system_supports_bti() &&
> + (*p & GNU_PROPERTY_AARCH64_FEATURE_1_BTI))
> + arch->flags |= ARM64_ELF_BTI;
> + }
> +
> + return 0;
> +}
> +
> +static inline int arch_elf_pt_proc(void *ehdr, void *phdr,
> + struct file *f, bool is_interp,
> + struct arch_elf_state *state)
> +{
> + return 0;
> +}
> +
> +static inline int arch_check_elf(void *ehdr, bool has_interp,
> + void *interp_ehdr,
> + struct arch_elf_state *state)
> +{
> + return 0;
> +}
> +
> #endif /* !__ASSEMBLY__ */
>
> #endif
> diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
> index 00626057a384..b8e3faa8d406 100644
> --- a/arch/arm64/kernel/process.c
> +++ b/arch/arm64/kernel/process.c
> @@ -11,6 +11,7 @@
>
> #include <linux/compat.h>
> #include <linux/efi.h>
> +#include <linux/elf.h>
> #include <linux/export.h>
> #include <linux/sched.h>
> #include <linux/sched/debug.h>
> @@ -18,6 +19,7 @@
> #include <linux/sched/task_stack.h>
> #include <linux/kernel.h>
> #include <linux/lockdep.h>
> +#include <linux/mman.h>
> #include <linux/mm.h>
> #include <linux/stddef.h>
> #include <linux/sysctl.h>
> @@ -654,3 +656,20 @@ asmlinkage void __sched arm64_preempt_schedule_irq(void)
> if (system_capabilities_finalized())
> preempt_schedule_irq();
> }
> +
> +#ifdef CONFIG_BINFMT_ELF
> +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state,
> + bool has_interp, bool is_interp)
> +{
> + if (is_interp != has_interp)
> + return prot;
> +
> + if (!(state->flags & ARM64_ELF_BTI))
> + return prot;
> +
> + if (prot & PROT_EXEC)
> + prot |= PROT_BTI;
> +
> + return prot;
> +}
> +#endif
> diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
> index 20900f4496b7..c6dd0215482e 100644
> --- a/include/uapi/linux/elf.h
> +++ b/include/uapi/linux/elf.h
> @@ -448,4 +448,10 @@ typedef struct elf64_note {
> Elf64_Word n_type; /* Content type */
> } Elf64_Nhdr;
>
> +/* .note.gnu.property types for EM_AARCH64: */
> +#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000
> +
> +/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */
> +#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0)
> +
> #endif /* _UAPI_LINUX_ELF_H */
> --
> 2.20.1
>
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Mark Brown <broonie@kernel.org>
Cc: "Catalin Marinas" <catalin.marinas@arm.com>,
"Will Deacon" <will@kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Paul Elliott" <paul.elliott@arm.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Amit Kachhap" <amit.kachhap@arm.com>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Marc Zyngier" <maz@kernel.org>,
"Eugene Syromiatnikov" <esyr@redhat.com>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"H . J . Lu " <hjl.tools@gmail.com>,
"Andrew Jones" <drjones@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Jann Horn" <jannh@google.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Florian Weimer" <fweimer@redhat.com>,
"Sudakshina Das" <sudi.das@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
"Dave Martin" <Dave.Martin@arm.com>
Subject: Re: [PATCH v7 05/11] arm64: elf: Enable BTI at exec based on ELF program properties
Date: Wed, 26 Feb 2020 13:43:17 -0800 [thread overview]
Message-ID: <202002261343.1D0FC8DBE@keescook> (raw)
Message-ID: <20200226214317.rcCjStfZ-57wJAWm16NRp4FaFQdw3y6ewQVJgMtilLY@z> (raw)
In-Reply-To: <20200226155714.43937-6-broonie@kernel.org>
On Wed, Feb 26, 2020 at 03:57:08PM +0000, Mark Brown wrote:
> From: Dave Martin <Dave.Martin@arm.com>
>
> For BTI protection to be as comprehensive as possible, it is
> desirable to have BTI enabled from process startup. If this is not
> done, the process must use mprotect() to enable BTI for each of its
> executable mappings, but this is painful to do in the libc startup
> code. It's simpler and more sound to have the kernel do it
> instead.
>
> To this end, detect BTI support in the executable (or ELF
> interpreter, as appropriate), via the
> NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot
> flags for the process' executable pages to include PROT_BTI as
> appropriate.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
> arch/arm64/Kconfig | 3 +++
> arch/arm64/include/asm/elf.h | 51 ++++++++++++++++++++++++++++++++++++
> arch/arm64/kernel/process.c | 19 ++++++++++++++
> include/uapi/linux/elf.h | 6 +++++
> 4 files changed, 79 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index e37f4f07b990..d65d226a77ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -9,6 +9,7 @@ config ARM64
> select ACPI_MCFG if (ACPI && PCI)
> select ACPI_SPCR_TABLE if ACPI
> select ACPI_PPTT if ACPI
> + select ARCH_BINFMT_ELF_STATE
> select ARCH_CLOCKSOURCE_DATA
> select ARCH_HAS_DEBUG_VIRTUAL
> select ARCH_HAS_DEVMEM_IS_ALLOWED
> @@ -33,6 +34,7 @@ config ARM64
> select ARCH_HAS_SYSCALL_WRAPPER
> select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT
> select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
> + select ARCH_HAVE_ELF_PROT
> select ARCH_HAVE_NMI_SAFE_CMPXCHG
> select ARCH_INLINE_READ_LOCK if !PREEMPTION
> select ARCH_INLINE_READ_LOCK_BH if !PREEMPTION
> @@ -62,6 +64,7 @@ config ARM64
> select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPTION
> select ARCH_KEEP_MEMBLOCK
> select ARCH_USE_CMPXCHG_LOCKREF
> + select ARCH_USE_GNU_PROPERTY if BINFMT_ELF
> select ARCH_USE_QUEUED_RWLOCKS
> select ARCH_USE_QUEUED_SPINLOCKS
> select ARCH_SUPPORTS_MEMORY_FAILURE
> diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
> index b618017205a3..c72e381fa86d 100644
> --- a/arch/arm64/include/asm/elf.h
> +++ b/arch/arm64/include/asm/elf.h
> @@ -114,7 +114,11 @@
>
> #ifndef __ASSEMBLY__
>
> +#include <uapi/linux/elf.h>
> #include <linux/bug.h>
> +#include <linux/errno.h>
> +#include <linux/fs.h>
> +#include <linux/types.h>
> #include <asm/processor.h> /* for signal_minsigstksz, used by ARCH_DLINFO */
>
> typedef unsigned long elf_greg_t;
> @@ -224,6 +228,53 @@ extern int aarch32_setup_additional_pages(struct linux_binprm *bprm,
>
> #endif /* CONFIG_COMPAT */
>
> +struct arch_elf_state {
> + int flags;
> +};
> +
> +#define ARM64_ELF_BTI (1 << 0)
> +
> +#define INIT_ARCH_ELF_STATE { \
> + .flags = 0, \
> +}
> +
> +static inline int arch_parse_elf_property(u32 type, const void *data,
> + size_t datasz, bool compat,
> + struct arch_elf_state *arch)
> +{
> + /* No known properties for AArch32 yet */
> + if (IS_ENABLED(CONFIG_COMPAT) && compat)
> + return 0;
> +
> + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) {
> + const u32 *p = data;
> +
> + if (datasz != sizeof(*p))
> + return -ENOEXEC;
> +
> + if (IS_ENABLED(CONFIG_ARM64_BTI) &&
> + system_supports_bti() &&
> + (*p & GNU_PROPERTY_AARCH64_FEATURE_1_BTI))
> + arch->flags |= ARM64_ELF_BTI;
> + }
> +
> + return 0;
> +}
> +
> +static inline int arch_elf_pt_proc(void *ehdr, void *phdr,
> + struct file *f, bool is_interp,
> + struct arch_elf_state *state)
> +{
> + return 0;
> +}
> +
> +static inline int arch_check_elf(void *ehdr, bool has_interp,
> + void *interp_ehdr,
> + struct arch_elf_state *state)
> +{
> + return 0;
> +}
> +
> #endif /* !__ASSEMBLY__ */
>
> #endif
> diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
> index 00626057a384..b8e3faa8d406 100644
> --- a/arch/arm64/kernel/process.c
> +++ b/arch/arm64/kernel/process.c
> @@ -11,6 +11,7 @@
>
> #include <linux/compat.h>
> #include <linux/efi.h>
> +#include <linux/elf.h>
> #include <linux/export.h>
> #include <linux/sched.h>
> #include <linux/sched/debug.h>
> @@ -18,6 +19,7 @@
> #include <linux/sched/task_stack.h>
> #include <linux/kernel.h>
> #include <linux/lockdep.h>
> +#include <linux/mman.h>
> #include <linux/mm.h>
> #include <linux/stddef.h>
> #include <linux/sysctl.h>
> @@ -654,3 +656,20 @@ asmlinkage void __sched arm64_preempt_schedule_irq(void)
> if (system_capabilities_finalized())
> preempt_schedule_irq();
> }
> +
> +#ifdef CONFIG_BINFMT_ELF
> +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state,
> + bool has_interp, bool is_interp)
> +{
> + if (is_interp != has_interp)
> + return prot;
> +
> + if (!(state->flags & ARM64_ELF_BTI))
> + return prot;
> +
> + if (prot & PROT_EXEC)
> + prot |= PROT_BTI;
> +
> + return prot;
> +}
> +#endif
> diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
> index 20900f4496b7..c6dd0215482e 100644
> --- a/include/uapi/linux/elf.h
> +++ b/include/uapi/linux/elf.h
> @@ -448,4 +448,10 @@ typedef struct elf64_note {
> Elf64_Word n_type; /* Content type */
> } Elf64_Nhdr;
>
> +/* .note.gnu.property types for EM_AARCH64: */
> +#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000
> +
> +/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */
> +#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0)
> +
> #endif /* _UAPI_LINUX_ELF_H */
> --
> 2.20.1
>
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Mark Brown <broonie@kernel.org>
Cc: "Paul Elliott" <paul.elliott@arm.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Andrew Jones" <drjones@redhat.com>,
"Amit Kachhap" <amit.kachhap@arm.com>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Will Deacon" <will@kernel.org>,
linux-arch@vger.kernel.org, "Marc Zyngier" <maz@kernel.org>,
"Eugene Syromiatnikov" <esyr@redhat.com>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"Dave Martin" <Dave.Martin@arm.com>,
"H . J . Lu " <hjl.tools@gmail.com>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Jann Horn" <jannh@google.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Thomas Gleixner" <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org,
"Florian Weimer" <fweimer@redhat.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"Sudakshina Das" <sudi.das@arm.com>
Subject: Re: [PATCH v7 05/11] arm64: elf: Enable BTI at exec based on ELF program properties
Date: Wed, 26 Feb 2020 13:43:17 -0800 [thread overview]
Message-ID: <202002261343.1D0FC8DBE@keescook> (raw)
In-Reply-To: <20200226155714.43937-6-broonie@kernel.org>
On Wed, Feb 26, 2020 at 03:57:08PM +0000, Mark Brown wrote:
> From: Dave Martin <Dave.Martin@arm.com>
>
> For BTI protection to be as comprehensive as possible, it is
> desirable to have BTI enabled from process startup. If this is not
> done, the process must use mprotect() to enable BTI for each of its
> executable mappings, but this is painful to do in the libc startup
> code. It's simpler and more sound to have the kernel do it
> instead.
>
> To this end, detect BTI support in the executable (or ELF
> interpreter, as appropriate), via the
> NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot
> flags for the process' executable pages to include PROT_BTI as
> appropriate.
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
> arch/arm64/Kconfig | 3 +++
> arch/arm64/include/asm/elf.h | 51 ++++++++++++++++++++++++++++++++++++
> arch/arm64/kernel/process.c | 19 ++++++++++++++
> include/uapi/linux/elf.h | 6 +++++
> 4 files changed, 79 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index e37f4f07b990..d65d226a77ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -9,6 +9,7 @@ config ARM64
> select ACPI_MCFG if (ACPI && PCI)
> select ACPI_SPCR_TABLE if ACPI
> select ACPI_PPTT if ACPI
> + select ARCH_BINFMT_ELF_STATE
> select ARCH_CLOCKSOURCE_DATA
> select ARCH_HAS_DEBUG_VIRTUAL
> select ARCH_HAS_DEVMEM_IS_ALLOWED
> @@ -33,6 +34,7 @@ config ARM64
> select ARCH_HAS_SYSCALL_WRAPPER
> select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT
> select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
> + select ARCH_HAVE_ELF_PROT
> select ARCH_HAVE_NMI_SAFE_CMPXCHG
> select ARCH_INLINE_READ_LOCK if !PREEMPTION
> select ARCH_INLINE_READ_LOCK_BH if !PREEMPTION
> @@ -62,6 +64,7 @@ config ARM64
> select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPTION
> select ARCH_KEEP_MEMBLOCK
> select ARCH_USE_CMPXCHG_LOCKREF
> + select ARCH_USE_GNU_PROPERTY if BINFMT_ELF
> select ARCH_USE_QUEUED_RWLOCKS
> select ARCH_USE_QUEUED_SPINLOCKS
> select ARCH_SUPPORTS_MEMORY_FAILURE
> diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
> index b618017205a3..c72e381fa86d 100644
> --- a/arch/arm64/include/asm/elf.h
> +++ b/arch/arm64/include/asm/elf.h
> @@ -114,7 +114,11 @@
>
> #ifndef __ASSEMBLY__
>
> +#include <uapi/linux/elf.h>
> #include <linux/bug.h>
> +#include <linux/errno.h>
> +#include <linux/fs.h>
> +#include <linux/types.h>
> #include <asm/processor.h> /* for signal_minsigstksz, used by ARCH_DLINFO */
>
> typedef unsigned long elf_greg_t;
> @@ -224,6 +228,53 @@ extern int aarch32_setup_additional_pages(struct linux_binprm *bprm,
>
> #endif /* CONFIG_COMPAT */
>
> +struct arch_elf_state {
> + int flags;
> +};
> +
> +#define ARM64_ELF_BTI (1 << 0)
> +
> +#define INIT_ARCH_ELF_STATE { \
> + .flags = 0, \
> +}
> +
> +static inline int arch_parse_elf_property(u32 type, const void *data,
> + size_t datasz, bool compat,
> + struct arch_elf_state *arch)
> +{
> + /* No known properties for AArch32 yet */
> + if (IS_ENABLED(CONFIG_COMPAT) && compat)
> + return 0;
> +
> + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) {
> + const u32 *p = data;
> +
> + if (datasz != sizeof(*p))
> + return -ENOEXEC;
> +
> + if (IS_ENABLED(CONFIG_ARM64_BTI) &&
> + system_supports_bti() &&
> + (*p & GNU_PROPERTY_AARCH64_FEATURE_1_BTI))
> + arch->flags |= ARM64_ELF_BTI;
> + }
> +
> + return 0;
> +}
> +
> +static inline int arch_elf_pt_proc(void *ehdr, void *phdr,
> + struct file *f, bool is_interp,
> + struct arch_elf_state *state)
> +{
> + return 0;
> +}
> +
> +static inline int arch_check_elf(void *ehdr, bool has_interp,
> + void *interp_ehdr,
> + struct arch_elf_state *state)
> +{
> + return 0;
> +}
> +
> #endif /* !__ASSEMBLY__ */
>
> #endif
> diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
> index 00626057a384..b8e3faa8d406 100644
> --- a/arch/arm64/kernel/process.c
> +++ b/arch/arm64/kernel/process.c
> @@ -11,6 +11,7 @@
>
> #include <linux/compat.h>
> #include <linux/efi.h>
> +#include <linux/elf.h>
> #include <linux/export.h>
> #include <linux/sched.h>
> #include <linux/sched/debug.h>
> @@ -18,6 +19,7 @@
> #include <linux/sched/task_stack.h>
> #include <linux/kernel.h>
> #include <linux/lockdep.h>
> +#include <linux/mman.h>
> #include <linux/mm.h>
> #include <linux/stddef.h>
> #include <linux/sysctl.h>
> @@ -654,3 +656,20 @@ asmlinkage void __sched arm64_preempt_schedule_irq(void)
> if (system_capabilities_finalized())
> preempt_schedule_irq();
> }
> +
> +#ifdef CONFIG_BINFMT_ELF
> +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state,
> + bool has_interp, bool is_interp)
> +{
> + if (is_interp != has_interp)
> + return prot;
> +
> + if (!(state->flags & ARM64_ELF_BTI))
> + return prot;
> +
> + if (prot & PROT_EXEC)
> + prot |= PROT_BTI;
> +
> + return prot;
> +}
> +#endif
> diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
> index 20900f4496b7..c6dd0215482e 100644
> --- a/include/uapi/linux/elf.h
> +++ b/include/uapi/linux/elf.h
> @@ -448,4 +448,10 @@ typedef struct elf64_note {
> Elf64_Word n_type; /* Content type */
> } Elf64_Nhdr;
>
> +/* .note.gnu.property types for EM_AARCH64: */
> +#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000
> +
> +/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */
> +#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0)
> +
> #endif /* _UAPI_LINUX_ELF_H */
> --
> 2.20.1
>
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-02-26 21:43 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-26 15:57 [PATCH v7 00/11] arm64: Branch Target Identification support Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` [PATCH v7 01/11] ELF: UAPI and Kconfig additions for ELF program properties Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` [PATCH v7 02/11] ELF: Add ELF program property parsing support Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` [PATCH v7 03/11] arm64: Basic Branch Target Identification support Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` [PATCH v7 04/11] elf: Allow arch to tweak initial mmap prot flags Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` [PATCH v7 05/11] arm64: elf: Enable BTI at exec based on ELF program properties Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 21:43 ` Kees Cook [this message]
2020-02-26 21:43 ` Kees Cook
2020-02-26 21:43 ` Kees Cook
2020-02-27 4:45 ` Amit Kachhap
2020-02-27 4:45 ` Amit Kachhap
2020-02-27 4:45 ` Amit Kachhap
2020-02-26 15:57 ` [PATCH v7 06/11] arm64: BTI: Decode BYTPE bits when printing PSTATE Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 21:42 ` Kees Cook
2020-02-26 21:42 ` Kees Cook
2020-02-26 21:42 ` Kees Cook
2020-02-26 15:57 ` [PATCH v7 07/11] arm64: unify native/compat instruction skipping Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 21:41 ` Kees Cook
2020-02-26 21:41 ` Kees Cook
2020-02-26 21:41 ` Kees Cook
2020-02-26 15:57 ` [PATCH v7 08/11] arm64: traps: Shuffle code to eliminate forward declarations Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 21:39 ` Kees Cook
2020-02-26 21:39 ` Kees Cook
2020-02-26 21:39 ` Kees Cook
2020-02-26 15:57 ` [PATCH v7 09/11] arm64: BTI: Reset BTYPE when skipping emulated instructions Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` [PATCH v7 10/11] KVM: " Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` [PATCH v7 11/11] arm64: mm: Display guarded pages in ptdump Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 15:57 ` Mark Brown
2020-02-26 21:38 ` Kees Cook
2020-02-26 21:38 ` Kees Cook
2020-02-26 21:38 ` Kees Cook
2020-02-26 21:44 ` [PATCH v7 00/11] arm64: Branch Target Identification support Kees Cook
2020-02-26 21:44 ` Kees Cook
2020-02-26 21:44 ` Kees Cook
2020-02-27 13:13 ` Mark Brown
2020-02-27 13:13 ` Mark Brown
2020-02-27 13:13 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202002261343.1D0FC8DBE@keescook \
--to=keescook@chromium.org \
--cc=amit.kachhap@arm.com \
--cc=arnd@arndb.de \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=drjones@redhat.com \
--cc=esyr@redhat.com \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=jannh@google.com \
--cc=kristina.martsenko@arm.com \
--cc=maz@kernel.org \
--cc=paul.elliott@arm.com \
--cc=peterz@infradead.org \
--cc=richard.henderson@linaro.org \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=vincenzo.frascino@arm.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.