From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 686FAC8262A for ; Tue, 3 Nov 2020 10:37:40 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E4D9822409 for ; Tue, 3 Nov 2020 10:37:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="DA/A3Meh"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="G2m6oY9M" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E4D9822409 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:In-Reply-To:Date:References: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=x3wKfiqU5LU3rGM4mRh/dQhANC4CpwdKhj6gEFq3dE8=; b=DA/A3MehRsRASoe5+MHKUkZrR 3d39kDfJN3tDmsBdMnWDWhdgn1UP93Z+MvPgwEYm1HvNCYFth1zstPvvywTS2cOySbYDK2+3kk6+I XkQNIQMKRNLV4ZYDTQ6XJ7haKw5iAgBri6x7ExhDr7wiph4qSHk+CKE1CM67tyi/VhdVWC8vmMnfL Fnwkd4+UJeBdLdlSlKomM5JDyvFE2aFNQxylkBKQRv2IQYk4TFc/O+9hgR22GkOYihRHSIhzwZy8L CFl5AjjBoJaKOxy5THwGFo1F+2O80aWwf0ZL8baQvxiCc9G4/NYBZjHIx+0oNIBBhA8PRj4HdMhHj zIHX26oqA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kZtfE-000448-Es; Tue, 03 Nov 2020 10:35:49 +0000 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kZteA-0003Vd-86 for linux-arm-kernel@lists.infradead.org; Tue, 03 Nov 2020 10:34:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1604399672; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=NeyfLxLqbPXnSVbIXerlFIoWQVVpshnlirjJvDi476c=; b=G2m6oY9MEDd0TjvSK3ZdWeC7ntfOjNQZMQQuTIDAKmmiVQlgVMK3eS6I2k1BP/7XTDf2/s gamrhB52tmGDCNFF1V7mfZ5rb71rgtZyLnYh6kkn1t6UypZXWLrW5wbjGdWeFhdQNP9LBN hIf/Z9YnC9EcQwiUWQXyNXaVfBGezms= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-269-9pmT0jXYPpibXCdCo9ZU8g-1; Tue, 03 Nov 2020 05:34:30 -0500 X-MC-Unique: 9pmT0jXYPpibXCdCo9ZU8g-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 95DB580B72B; Tue, 3 Nov 2020 10:34:27 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-113-12.ams2.redhat.com [10.36.113.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CAB611C4; Tue, 3 Nov 2020 10:34:23 +0000 (UTC) From: Florian Weimer To: Szabolcs Nagy Subject: Re: [PATCH 3/4] aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831] References: Date: Tue, 03 Nov 2020 11:34:22 +0100 In-Reply-To: (Szabolcs Nagy's message of "Tue, 3 Nov 2020 10:26:29 +0000") Message-ID: <87v9embufl.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201103_053439_244991_F6F17280 X-CRM114-Status: GOOD ( 15.13 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Salvatore Mesoraca , libc-alpha@sourceware.org, Kees Cook , kernel-hardening@lists.openwall.com, Catalin Marinas , Will Deacon , linux-kernel@vger.kernel.org, Jeremy Linton , Mark Brown , Lennart Poettering , linux-hardening@vger.kernel.org, Topi Miettinen , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org * Szabolcs Nagy: > Re-mmap executable segments if possible instead of using mprotect > to add PROT_BTI. This allows using BTI protection with security > policies that prevent mprotect with PROT_EXEC. > > If the fd of the ELF module is not available because it was kernel > mapped then mprotect is used and failures are ignored. It is > expected that linux kernel will add PROT_BTI when mapping a module > (current linux as of version 5.9 does not do this). > > Computing the mapping parameters follows the logic of > _dl_map_object_from_fd more closely now. What's the performance of this on execve-heavy workloads, such as kernel or glibc builds? Hopefully it's cheap because these mappings have not been faulted in yet. Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel