From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=JBzc=EK=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.0 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,
	SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3D57DC2D0A3
	for <linux-arm-kernel@archiver.kernel.org>; Wed,  4 Nov 2020 09:03:17 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id B31072220B
	for <linux-arm-kernel@archiver.kernel.org>; Wed,  4 Nov 2020 09:03:16 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="iiYYznh4";
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="r3rL2JTF"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B31072220B
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Type:
	Content-Transfer-Encoding:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From:
	References:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=e/gGOXIBSzNZiwbXcfWsMyPpLjq4pZfb9bfo+QhNf+4=; b=iiYYznh4LGpgBM/Fb9P/K6ul4
	ofMTjn3K7rMtHNWpXkzbBIs6V4utDaStjW0J8meDYZsqpcSwGl+zYQMDn1epPeLtqzwaZWp4Dbsm/
	m3h/cn+XWd0GmEXcdHTv74uRqDaNU8UqSO914JM7bsqulXjGGqFOen0tJ/uMN+x2drOtr4/S+LOSj
	Gqm/7QJc8LBuCBIIK41OXtsJy3Rb96KsZSbjwg/wYykHzQuGB5mVPfCZo1VBlKNzrgoGfBfZu5ZiJ
	ae/8OCqFbTwGQpWuwfgnMJgbOaMU0x+Ux/N+LpSMKBdUCYRHX2H2Dd+yVaNqJd61VJCmzjF8nF5kn
	w3ux5WHLw==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1kaEgk-0003EQ-Ei; Wed, 04 Nov 2020 09:02:42 +0000
Received: from mail-lf1-x143.google.com ([2a00:1450:4864:20::143])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1kaEgh-0003DS-Gm
 for linux-arm-kernel@lists.infradead.org; Wed, 04 Nov 2020 09:02:40 +0000
Received: by mail-lf1-x143.google.com with SMTP id v6so26065234lfa.13
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 04 Nov 2020 01:02:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=cUfqmk4CS+f0MkoXlQUbUwaniISb0nfd1xI3bjYQruE=;
 b=r3rL2JTFlXYhTBb+MVUgBXn7F05AIlcOzdjKcGAX51JLWJo285Gp8AGwKdb2pmyQ4W
 T87cjxMDq4ETiJJjub3xI/zmbBarCKI3/y2WV3KHlNTZpiQDkyy6dBzvJl+BRdckoyOa
 6/QgtfC4icr20ZJkpymjgIY254pLlNx3RlbeCUBf0fgcVz75lTcEVO3YIIzROC/ywQNo
 7I6REbAONEQrMeoi6GSVLazLawcFAFai2eGZORNJ3YSc6bE5Hxar8EgbGf3/TCS9wEPK
 J9tWU/53KOLYNYGBC9U2NvgsAumAhgsEtRb8FX9C/cO08cFQeH+djmG365tfMG72T3eW
 rjYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=cUfqmk4CS+f0MkoXlQUbUwaniISb0nfd1xI3bjYQruE=;
 b=bmaAcIjGDUG5aPygVhFbW/FdEH1x9vjmbVyJeVFucWK9yLa1LyzLvxM3pPnTGtBX8z
 SuHG0+/JV/v1+th/qFxWULLNv9zxEAY3pohBbs6Ha5VGMcUgCyAcqYsBh/t1whc6p+zm
 YHFor7JAx54lNOJM81fp5mCj+sLxmvz5fktQ1s5bLzQnFLL4R4CR6J7KD/K/gQcQmeBA
 H75bIzm9CUiNjVLhtYI0SP7aT1/PUcfTTNe/FXc6nltIhHOSPdQaQafOazCUZaFPI/fs
 en9soMXl/oS/34qY2bBDN5PVN+yFK7s1BKjAvCa8crhw6tpURZUuoDlWeCm0XVCrkUTV
 cjrw==
X-Gm-Message-State: AOAM533ivShHFqdu7be15Z9MKZG4mI720iJZjTHbK4kXOtvAg+ENVPhX
 OiWqI+PHFmCRDhqZGqiC5lk=
X-Google-Smtp-Source: ABdhPJyhcqd4yRgKGAJDY0HD2ZbWObiFhbBhAkTQ+PRtTbuTm/eKn39jhR+ek9tM2v2eK3mBpnHB9A==
X-Received: by 2002:a19:c013:: with SMTP id q19mr842930lff.96.1604480556236;
 Wed, 04 Nov 2020 01:02:36 -0800 (PST)
Received: from [192.168.1.112] (88-114-211-119.elisa-laajakaista.fi.
 [88.114.211.119])
 by smtp.gmail.com with ESMTPSA id x15sm450586ljd.106.2020.11.04.01.02.34
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Wed, 04 Nov 2020 01:02:35 -0800 (PST)
Subject: Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ
 #26831]
To: Mark Brown <broonie@kernel.org>, Szabolcs Nagy <szabolcs.nagy@arm.com>
References: <cover.1604393169.git.szabolcs.nagy@arm.com>
 <20201103173438.GD5545@sirena.org.uk>
From: Topi Miettinen <toiwoton@gmail.com>
Message-ID: <060292c1-5ce5-0183-8500-c92063351a69@gmail.com>
Date: Wed, 4 Nov 2020 11:02:32 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.4.0
MIME-Version: 1.0
In-Reply-To: <20201103173438.GD5545@sirena.org.uk>
Content-Language: en-US
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20201104_040239_662584_C5024B4C 
X-CRM114-Status: GOOD (  19.94  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Mark Rutland <mark.rutland@arm.com>, Florian Weimer <fweimer@redhat.com>,
 libc-alpha@sourceware.org, Kees Cook <keescook@chromium.org>,
 kernel-hardening@lists.openwall.com,
 Salvatore Mesoraca <s.mesoraca16@gmail.com>,
 Catalin Marinas <catalin.marinas@arm.com>, linux-kernel@vger.kernel.org,
 Jeremy Linton <jeremy.linton@arm.com>,
 Lennart Poettering <mzxreary@0pointer.de>, linux-hardening@vger.kernel.org,
 Will Deacon <will@kernel.org>, linux-arm-kernel@lists.infradead.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On 3.11.2020 19.34, Mark Brown wrote:
> On Tue, Nov 03, 2020 at 10:25:37AM +0000, Szabolcs Nagy wrote:
> 
>> Re-mmap executable segments instead of mprotecting them in
>> case mprotect is seccomp filtered.
> 
>> For the kernel mapped main executable we don't have the fd
>> for re-mmap so linux needs to be updated to add BTI. (In the
>> presence of seccomp filters for mprotect(PROT_EXEC) the libc
>> cannot change BTI protection at runtime based on user space
>> policy so it is better if the kernel maps BTI compatible
>> binaries with PROT_BTI by default.)
> 
> Given that there were still some ongoing discussions on a more robust
> kernel interface here and there seem to be a few concerns with this
> series should we perhaps just take a step back and disable this seccomp
> filter in systemd on arm64, at least for the time being?

Filtering mprotect() and mmap() with seccomp also protects BTI, since 
without it the attacker could remove PROT_BTI from existing pages, or 
map new pages without BTI. This would be possible even with SARA or 
SELinux execmem protections enabled, since they don't care about PROT_BTI.

-Topi

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel