From: Catalin Marinas <catalin.marinas@arm.com>
To: Mark Brown <broonie@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
libc-alpha@sourceware.org, Kees Cook <keescook@chromium.org>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Jeremy Linton <jeremy.linton@arm.com>,
Will Deacon <will@kernel.org>, Dave Martin <dave.martin@arm.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] arm64: bti: Set PROT_BTI on all BTI executables mapped by the kernel
Date: Fri, 5 Feb 2021 17:51:29 +0000 [thread overview]
Message-ID: <20210205175128.GB12697@gaia> (raw)
In-Reply-To: <20210205173837.39315-1-broonie@kernel.org>
On Fri, Feb 05, 2021 at 05:38:37PM +0000, Mark Brown wrote:
> Currently for dynamically linked executables the kernel only enables
> PROT_BTI for the interpreter, the interpreter is responsible for
> enabling it for everything else including the main executable.
> Unfortunately this interacts poorly with systemd's
> MemoryDenyWriteExecute feature which uses a seccomp filter to prevent
> setting PROT_EXEC on already mapped memory via mprotect(), it lacks the
> context to detect that PROT_EXEC is already set and so refuses to allow
> the mprotect() on the main executable which the kernel has already
> mapped.
>
> Since we don't want to force users to choose between having MDWX and BTI
> as these are othogonal features have the kernel enable PROT_BTI for all
> the ELF objects it loads, not just the dynamic linker. This means that
> if there is a problem with BTI it will be harder to disable at the
> executable level but we currently have no conditional support for this
> in any libc anyway so that would be new development. Ideally we would
> have interfaces that allowed us to more clearly specify what is enabled
> and disabled by a given syscall but this would be a far more difficult
> change to deploy.
>
> Reported-by: Jeremy Linton <jeremy.linton@arm.com>
> Suggested-by: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Mark Brown <broonie@kernel.org>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>
> Cc: Dave Martin <dave.martin@arm.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: libc-alpha@sourceware.org
Thanks Mark for putting the patch together. You may want to add a
reference to some of the discussions around the ABI, one of them:
Link: https://lore.kernel.org/r/20201207200338.GB24625@arm.com/
(so we can keep Szabolcs accountable if something breaks ;))
For this patch:
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
I wouldn't merge it as a fix yet but I'm ok with getting in 5.12 if Will
is ok. It would give us some time to revert.
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-05 17:52 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-05 17:38 [PATCH] arm64: bti: Set PROT_BTI on all BTI executables mapped by the kernel Mark Brown
2021-02-05 17:51 ` Catalin Marinas [this message]
2021-02-05 19:01 ` Mark Brown
2021-02-08 12:44 ` Will Deacon
2021-02-08 14:13 ` Szabolcs Nagy
2021-02-08 16:47 ` Szabolcs Nagy
2021-02-08 17:40 ` Dave Martin
2021-02-08 18:49 ` Catalin Marinas
2021-02-08 14:53 ` Dave Martin
2021-02-08 15:06 ` Mark Brown
2021-02-08 16:50 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210205175128.GB12697@gaia \
--to=catalin.marinas@arm.com \
--cc=broonie@kernel.org \
--cc=dave.martin@arm.com \
--cc=jeremy.linton@arm.com \
--cc=keescook@chromium.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=szabolcs.nagy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.