| Message ID | 20200715154444.GA26693@arm.com |
|---|---|
| State | Committed |
| Headers |
Return-Path: <libc-alpha-bounces@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
by sourceware.org (Postfix) with ESMTP id AC5103840C0C;
Wed, 15 Jul 2020 15:45:05 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from EUR03-VE1-obe.outbound.protection.outlook.com
(mail-eopbgr50055.outbound.protection.outlook.com [40.107.5.55])
by sourceware.org (Postfix) with ESMTPS id 830D1386F457
for <libc-alpha@sourceware.org>; Wed, 15 Jul 2020 15:45:02 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 830D1386F457
Authentication-Results: sourceware.org;
dmarc=none (p=none dis=none) header.from=arm.com
Authentication-Results: sourceware.org;
spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
s=selector2-armh-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=bNj7BRhyeENqaCSzpwRmRXaaTJxTzD2/9dIQGdXohNI=;
b=S4QehyZK60LxTut2drHOfVkYSnWDUtYkPZKz/6CxGjro9QqexBYnqSZruKfwpC5l7k3/25XmNp6jmaKtJ9VRj8zO+5QqxVcS5zzAHOV6XnHufBlZp7kEVIe3YoI6MA/piZCBh2jLcGxWC0AAexDI5lHblMnQnHRfrQtuBq2T1Uk=
Received: from DB6PR0201CA0041.eurprd02.prod.outlook.com (2603:10a6:4:3f::51)
by DB8PR08MB3977.eurprd08.prod.outlook.com (2603:10a6:10:ad::31) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.22; Wed, 15 Jul
2020 15:45:00 +0000
Received: from DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com
(2603:10a6:4:3f:cafe::c8) by DB6PR0201CA0041.outlook.office365.com
(2603:10a6:4:3f::51) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.18 via Frontend
Transport; Wed, 15 Jul 2020 15:44:59 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified)
header.d=armh.onmicrosoft.com; sourceware.org;
dmarc=bestguesspass action=none
header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
63.35.35.123 as permitted sender) receiver=protection.outlook.com;
client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
DB5EUR03FT006.mail.protection.outlook.com (10.152.20.106) with
Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3195.18 via Frontend Transport; Wed, 15 Jul 2020 15:44:59 +0000
Received: ("Tessian outbound 1c27ecaec3d6:v62");
Wed, 15 Jul 2020 15:44:59 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 2ad7e44716b4e989
X-CR-MTA-TID: 64aa7808
Received: from 4a7fde77b95f.1
by 64aa7808-outbound-1.mta.getcheckrecipient.com id
5E8CAEE1-543F-4A15-A05B-282A40739896.1;
Wed, 15 Jul 2020 15:44:53 +0000
Received: from EUR03-DB5-obe.outbound.protection.outlook.com
by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id
4a7fde77b95f.1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
Wed, 15 Jul 2020 15:44:53 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=hbAG+XuW5EK1Aqt8j5B7RNEVFt65o3Ua37nKi2k5+8lvCs9wbIlMaUhXcerc2DHm9O+oA2Rf5UU/TGfqb6sSXDRPkdWTZPQKsvxQiEyC9tNvlum2tCZBkjFxy5cuIbssDCDzduKI3YvzrsRmBAtFmdbK8acpPGUaZ6+bWALpQ2G/C6yk7GjF89cwyGn18nETTFKIDGVCPVam45PXYfmc/50lhxaESuwo7+qkHnFMFGWfV41Q2ymiINXtn2+FAfBDSWDQky5tZTl6skjQS700TlvQY9V7YzYWOctPwsqtXGuHMgAW4orcXSmyZNo6w1PgXueF2p9FHGsGtcRksJZZaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=bNj7BRhyeENqaCSzpwRmRXaaTJxTzD2/9dIQGdXohNI=;
b=aMMPD3dY7saHfgsIrXA+5AWhPgdBr2vENcPekX+xpoJ16ROtcG3RBgaFKWoD2oT8V/vox8drLNBT51VzupkkMqa5MEK7JWACiCoiPz5Z2HRHCW28tjxlM3hVM5dT96SCWgRy8HNDSfU8oJqXg5L18zoY7IH1IIfIknjcez7UpOTnTpXZ+lmvq8yTF0/TtD1B+NSAMIxy5SNsb747ZkBm+2czvSkbsMVzOl/UNKjSNC/5VUdIKP9S2oQz4mEeH15r8n9nHvcHMZQPasfDTAPAcbe7vE4Ryat/hByZvxdX4KUWHd5PI3Y0cibp7w+3D2hQGL+LzWEHBvQt4S44lfmVlQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
s=selector2-armh-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=bNj7BRhyeENqaCSzpwRmRXaaTJxTzD2/9dIQGdXohNI=;
b=S4QehyZK60LxTut2drHOfVkYSnWDUtYkPZKz/6CxGjro9QqexBYnqSZruKfwpC5l7k3/25XmNp6jmaKtJ9VRj8zO+5QqxVcS5zzAHOV6XnHufBlZp7kEVIe3YoI6MA/piZCBh2jLcGxWC0AAexDI5lHblMnQnHRfrQtuBq2T1Uk=
Authentication-Results-Original: sourceware.org; dkim=none (message not
signed) header.d=none;sourceware.org; dmarc=none action=none
header.from=arm.com;
Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23)
by AM6PR08MB4087.eurprd08.prod.outlook.com (2603:10a6:20b:ac::10)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.20; Wed, 15 Jul
2020 15:44:52 +0000
Received: from AM6PR08MB3047.eurprd08.prod.outlook.com
([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com
([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3174.026; Wed, 15 Jul 2020
15:44:52 +0000
Date: Wed, 15 Jul 2020 16:44:45 +0100
From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: libc-alpha@sourceware.org
Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI
Message-ID: <20200715154444.GA26693@arm.com>
Content-Type: multipart/mixed; boundary="u3/rZRmxL6MmkK24"
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
X-ClientProxiedBy: DM5PR19CA0031.namprd19.prod.outlook.com
(2603:10b6:3:9a::17) To AM6PR08MB3047.eurprd08.prod.outlook.com
(2603:10a6:209:4c::23)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from arm.com (217.140.106.53) by
DM5PR19CA0031.namprd19.prod.outlook.com (2603:10b6:3:9a::17) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3195.18 via Frontend Transport; Wed, 15 Jul 2020 15:44:51 +0000
X-Originating-IP: [217.140.106.53]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: a743fedc-c0af-4b0b-8188-08d828d60831
X-MS-TrafficTypeDiagnostic: AM6PR08MB4087:|DB8PR08MB3977:
X-Microsoft-Antispam-PRVS:
<DB8PR08MB3977AE3615C3A4C299A36841ED7E0@DB8PR08MB3977.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Oob-TLC-OOBClassifiers: OLM:2276;OLM:2276;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
DQnS+avvyMnowKHwUFa7U04xipETRJBUwalTLOvKB5JPxw48uHWqN+CrXP7v23XneHJh13jf/NxaxrswE8wvYEZdnAVJ4VZOKr7UklEqFIkufGpmBHH5Bt2964OUhHeW3Jmx2HcWw5jSO9CFSWJooacGbWAsCeAbs2W0HDj6r6tumutKWbWBCyAV8aQWmoihNALjS4ncCYMQGaZqNfTtes8oGGWet2IwsGMze2WXDTdv0++86wIB6YahJ6ImF+QPP4WvT94igN8WAtiloCBTJzKwnqcjUfcLFqwMGoFt5F1TjoCzy2XChFgRI9akGkwDbFcKg0tgmfZbbINM0Qtm9DZ4W8YllaWeFdHXgtpQt301nhgC0jRYcpVsldJdgZi8
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com;
PTR:; CAT:NONE; SFTY:;
SFS:(4636009)(136003)(39860400002)(366004)(376002)(346002)(396003)(66616009)(66556008)(66476007)(316002)(26005)(5660300002)(2906002)(33656002)(235185007)(36756003)(8886007)(2616005)(66946007)(8676002)(8936002)(16526019)(186003)(7696005)(478600001)(55016002)(44144004)(564344004)(6916009)(86362001)(1076003)(44832011)(956004)(52116002)(6666004)(33964004)(2700100001);
DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData:
wCYPyw57eer3BxRE18wIn1L3PCO33fLWAWS+lpsMNktd85GnfPm9ln4Db+Pwk1XEA3iV3Ykay0ApdRKMnWML4XXMPSQfJTiKFO8zzI07qn6BsNN0UOt64dmpTTXCBZQ0ez0WUgm7QvutaDsIpozKy8x2LzophXaUAAm3pmoG+NG6OJL6BSBB5PLIagN95OPu56FQWA9gCRqMxjhwUnVeQuTUoeD1qU1MStqZc+R7482GVJWQJJzsyqOX9yJRLdDb3lNaSuKjXDH69eJ/QITnA/AHDglDL0u2YFRQCeiJxxKiSJEHn/lYd1Bz/YORyolzqfENE6oi02HJ80B2YuNS0UDFON7k2NQpyOnn56XsaZnS7ADlcPOSpYD7Y3C2GQixkre9aUwqaJcyAsxJO3xkRYAATixbJRrF1AD1umtCsbJlQnczmRJllp9NvM7WQAaCbpoa/6dt1SPdGh0R6StvZvA5p1PU/VXr/kJGWXMFMCkwaBgIEa996AD6qThiBBjA
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4087
Original-Authentication-Results: sourceware.org;
dkim=none (message not signed)
header.d=none; sourceware.org;
dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:;
SFS:(4636009)(39860400002)(376002)(136003)(346002)(396003)(46966005)(47076004)(70206006)(81166007)(356005)(66616009)(2906002)(44832011)(82740400003)(316002)(70586007)(8676002)(36756003)(82310400002)(33656002)(6666004)(2616005)(26005)(336012)(8886007)(564344004)(186003)(86362001)(235185007)(5660300002)(6916009)(44144004)(7696005)(33964004)(956004)(55016002)(478600001)(16526019)(1076003)(8936002)(2700100001);
DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs:
e27207b2-ba67-473a-bd5e-08d828d603c7
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
m4r3TkSWWI5rndrR8KBTCchQDRUdtJZFVzFCxRBqyCkuKp2DrdbDQ8GOfWzk/6f6WYqDz2Yoem4f44vqhNB47xutRyxuSfRHUopSkEaS1qDBIx1ZbSaWvNhX1hXSQmR+hGI13EQZSJ3QS6gS+Hvlu+DqeL4w9tpwni8zQ0Lhdy7eCeDUyKX7zRjwknQ1EEZSjWSD2EY0lM4lZszUuBplvVp2465Vq/+poX27UiSPDNvVlqoTpAot61EgD/YdnKn35E9Z6z6pu6C6myeOxm6aFcoIcvSd+mLadwf5gM4xzzJuBDyDtspIq5mIa9ryzRHCkyl4YLTU6L5viOFmK6hSi4rJkURrxBBhZ3H1fyRH1mdgkDRfTAypT3srP7ojNeffkvXI2vqBYZ9CEU+t2fF4KijGAME1IxEmpyezjKdL7zQ=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jul 2020 15:44:59.8429 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
a743fedc-c0af-4b0b-8188-08d828d60831
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource:
DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB3977
X-Spam-Status: No, score=-15.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP,
UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
<mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>
|
| Series |
aarch64: Respect p_flags when protecting code with PROT_BTI
|
|
Commit Message
Szabolcs Nagy
July 15, 2020, 3:44 p.m. UTC
i'd like to commit the attached patch for 2.32
Comments
The 07/15/2020 16:44, Szabolcs Nagy wrote: > i'd like to commit the attached patch for 2.32 ping. or can i commit such a patch as a bug fix? > From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001 > From: Szabolcs Nagy <szabolcs.nagy@arm.com> > Date: Mon, 13 Jul 2020 11:28:18 +0100 > Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI > > Use PROT_READ and PROT_WRITE according to the load segment p_flags > when adding PROT_BTI. > > This is before processing relocations which may drop PROT_BTI in > case of textrels. Executable stacks are not protected via PROT_BTI > either. PROT_BTI is hardening in case memory corruption happened, > it's value is reduced if there is writable and executable memory > available so missing it on such memory is fine, but we should > respect the p_flags and should not drop PROT_WRITE. > --- > sysdeps/aarch64/dl-bti.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c > index 965ddcc732..196e462520 100644 > --- a/sysdeps/aarch64/dl-bti.c > +++ b/sysdeps/aarch64/dl-bti.c > @@ -24,13 +24,20 @@ static int > enable_bti (struct link_map *map, const char *program) > { > const ElfW(Phdr) *phdr; > - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI; > + unsigned prot; > > for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr) > if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X)) > { > void *start = (void *) (phdr->p_vaddr + map->l_addr); > size_t len = phdr->p_memsz; > + > + prot = PROT_EXEC | PROT_BTI; > + if (phdr->p_flags & PF_R) > + prot |= PROT_READ; > + if (phdr->p_flags & PF_W) > + prot |= PROT_WRITE; > + > if (__mprotect (start, len, prot) < 0) > { > if (program) > -- > 2.17.1 > --
The 07/17/2020 15:52, Szabolcs Nagy wrote: > The 07/15/2020 16:44, Szabolcs Nagy wrote: > > i'd like to commit the attached patch for 2.32 > > ping. > > or can i commit such a patch as a bug fix? Carlos, is there any particular reason this is not approved for 2.32? > > From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001 > > From: Szabolcs Nagy <szabolcs.nagy@arm.com> > > Date: Mon, 13 Jul 2020 11:28:18 +0100 > > Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI > > > > Use PROT_READ and PROT_WRITE according to the load segment p_flags > > when adding PROT_BTI. > > > > This is before processing relocations which may drop PROT_BTI in > > case of textrels. Executable stacks are not protected via PROT_BTI > > either. PROT_BTI is hardening in case memory corruption happened, > > it's value is reduced if there is writable and executable memory > > available so missing it on such memory is fine, but we should > > respect the p_flags and should not drop PROT_WRITE. > > --- > > sysdeps/aarch64/dl-bti.c | 9 ++++++++- > > 1 file changed, 8 insertions(+), 1 deletion(-) > > > > diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c > > index 965ddcc732..196e462520 100644 > > --- a/sysdeps/aarch64/dl-bti.c > > +++ b/sysdeps/aarch64/dl-bti.c > > @@ -24,13 +24,20 @@ static int > > enable_bti (struct link_map *map, const char *program) > > { > > const ElfW(Phdr) *phdr; > > - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI; > > + unsigned prot; > > > > for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr) > > if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X)) > > { > > void *start = (void *) (phdr->p_vaddr + map->l_addr); > > size_t len = phdr->p_memsz; > > + > > + prot = PROT_EXEC | PROT_BTI; > > + if (phdr->p_flags & PF_R) > > + prot |= PROT_READ; > > + if (phdr->p_flags & PF_W) > > + prot |= PROT_WRITE; > > + > > if (__mprotect (start, len, prot) < 0) > > { > > if (program) > > -- > > 2.17.1 > > > > > -- --
On 7/23/20 8:17 AM, Szabolcs Nagy wrote: > The 07/17/2020 15:52, Szabolcs Nagy wrote: >> The 07/15/2020 16:44, Szabolcs Nagy wrote: >>> i'd like to commit the attached patch for 2.32 >> >> ping. >> >> or can i commit such a patch as a bug fix? > > Carlos, is there any particular reason this is not approved for 2.32? No, I missed it in my review. OK for 2.32. >>> From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001 >>> From: Szabolcs Nagy <szabolcs.nagy@arm.com> >>> Date: Mon, 13 Jul 2020 11:28:18 +0100 >>> Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI >>> >>> Use PROT_READ and PROT_WRITE according to the load segment p_flags >>> when adding PROT_BTI. >>> >>> This is before processing relocations which may drop PROT_BTI in >>> case of textrels. Executable stacks are not protected via PROT_BTI >>> either. PROT_BTI is hardening in case memory corruption happened, >>> it's value is reduced if there is writable and executable memory >>> available so missing it on such memory is fine, but we should >>> respect the p_flags and should not drop PROT_WRITE. >>> --- >>> sysdeps/aarch64/dl-bti.c | 9 ++++++++- >>> 1 file changed, 8 insertions(+), 1 deletion(-) >>> >>> diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c >>> index 965ddcc732..196e462520 100644 >>> --- a/sysdeps/aarch64/dl-bti.c >>> +++ b/sysdeps/aarch64/dl-bti.c >>> @@ -24,13 +24,20 @@ static int >>> enable_bti (struct link_map *map, const char *program) >>> { >>> const ElfW(Phdr) *phdr; >>> - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI; >>> + unsigned prot; OK. >>> >>> for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr) >>> if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X)) >>> { >>> void *start = (void *) (phdr->p_vaddr + map->l_addr); >>> size_t len = phdr->p_memsz; >>> + >>> + prot = PROT_EXEC | PROT_BTI; >>> + if (phdr->p_flags & PF_R) >>> + prot |= PROT_READ; >>> + if (phdr->p_flags & PF_W) >>> + prot |= PROT_WRITE; OK. >>> + >>> if (__mprotect (start, len, prot) < 0) >>> { >>> if (program) >>> -- >>> 2.17.1 >>> >> >> >> -- >
From af3c11a811cfcc2b72f07efa0696c2200e928e12 Mon Sep 17 00:00:00 2001 From: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Mon, 13 Jul 2020 11:28:18 +0100 Subject: [PATCH] aarch64: Respect p_flags when protecting code with PROT_BTI Use PROT_READ and PROT_WRITE according to the load segment p_flags when adding PROT_BTI. This is before processing relocations which may drop PROT_BTI in case of textrels. Executable stacks are not protected via PROT_BTI either. PROT_BTI is hardening in case memory corruption happened, it's value is reduced if there is writable and executable memory available so missing it on such memory is fine, but we should respect the p_flags and should not drop PROT_WRITE. --- sysdeps/aarch64/dl-bti.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c index 965ddcc732..196e462520 100644 --- a/sysdeps/aarch64/dl-bti.c +++ b/sysdeps/aarch64/dl-bti.c @@ -24,13 +24,20 @@ static int enable_bti (struct link_map *map, const char *program) { const ElfW(Phdr) *phdr; - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI; + unsigned prot; for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr) if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X)) { void *start = (void *) (phdr->p_vaddr + map->l_addr); size_t len = phdr->p_memsz; + + prot = PROT_EXEC | PROT_BTI; + if (phdr->p_flags & PF_R) + prot |= PROT_READ; + if (phdr->p_flags & PF_W) + prot |= PROT_WRITE; + if (__mprotect (start, len, prot) < 0) { if (program) -- 2.17.1