Message ID | 8756cc1083eb4cd93d3766cd39b2f34b6623bbcb.1606319495.git.szabolcs.nagy@arm.com |
---|---|
State | Committed |
Headers |
Return-Path: <libc-alpha-bounces@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 777393972C28; Fri, 27 Nov 2020 13:20:08 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 777393972C28 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1606483208; bh=9A7jyF9nJCx5qjd6mb9MA3ZfKz/fr2f9ttL3ctZTfxQ=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=KDna62wbgka6fYs1jRzuhk4G5U386MZ+IrxM1K4ItjKO6CoNziIuG+YeN4vCfOGj8 +eJp5hz+hADdN2mCr+gzfpvw+c9GCWegYlhElC9aB7NM34tyEU3yEx7SWSkXNkXH2z cCfVIBzczF/O8hzKgle/qudJpgFcfOTcuvFXDBaw= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2078.outbound.protection.outlook.com [40.107.21.78]) by sourceware.org (Postfix) with ESMTPS id 9C656396E463 for <libc-alpha@sourceware.org>; Fri, 27 Nov 2020 13:20:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 9C656396E463 Received: from DB6PR0801CA0056.eurprd08.prod.outlook.com (2603:10a6:4:2b::24) by AM6PR08MB4627.eurprd08.prod.outlook.com (2603:10a6:20b:d1::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Fri, 27 Nov 2020 13:20:03 +0000 Received: from DB5EUR03FT043.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:2b:cafe::2d) by DB6PR0801CA0056.outlook.office365.com (2603:10a6:4:2b::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20 via Frontend Transport; Fri, 27 Nov 2020 13:20:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;sourceware.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT043.mail.protection.outlook.com (10.152.20.236) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.26 via Frontend Transport; Fri, 27 Nov 2020 13:20:03 +0000 Received: ("Tessian outbound 39167997cde8:v71"); Fri, 27 Nov 2020 13:20:03 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: ed2580a6f81f2e3b X-CR-MTA-TID: 64aa7808 Received: from 101fef75b2b3.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3020D548-B854-468E-AD38-42394A12F666.1; Fri, 27 Nov 2020 13:19:58 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 101fef75b2b3.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 27 Nov 2020 13:19:58 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SthThQMQPbTk/YiRyPCygY0nI/tM7T5S87cxpXX7GyX/UZQWuj28wYJ9QK/LyDVe7VoApn5QfnF8zIuZae/LQODqeAUcDq7D7LJHwmGhybgKvp6ziz757l35iGQ/Il04Eocw2G7+iImCzbna0BX7WvbaU2/afbJLuOLT3A3f1p5qaxbfa8DozM7hqqW7G1+4hKf+5QeCk1eW0L4KdnuJQGq8BmW5o/nI3lpFL5zNH/rPpYSkfHjBnvcpSSz6GGm5/ruYTe69c/MO+4fsD9Fi9k0pBhpOF1xvQpI2k3rQ6Wy84kG0ZUn/hLEOCsFCk6ij2Zsamg2/tPu+X5kcH0spxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9A7jyF9nJCx5qjd6mb9MA3ZfKz/fr2f9ttL3ctZTfxQ=; b=GpGiTrR6ZE0P7wuT59kguCB0pkOIA+UwvPRo1nrjo5+Cp6qr5Au6g31nzVZ6C9+vRwpf6yZj8slOcZdj7PZzEJsK2iglPx7jNfYbK4ZPTV8XPz/kT66duwaTDRdGQ/12aZyAsduvReAZXFtbVYPsqQryPJnLzP+/z3GVRB2UBJyGRj6j4ks9WWHWkVvz9dj+JO0gq71mH0MOrLtdeVHMb3/ByQaxdipTLl3v3CUmFJIe0ATq1hOu/omJMW3ealy+pjeIxclz/OxXhMOvoE5DE1/Dksnpn8BpahIXl9UuyPGXljbpBPTBNwiDf7b9Hj8eP5o53ijrIjmeWt3TGHlRig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from PR3PR08MB5564.eurprd08.prod.outlook.com (2603:10a6:102:87::18) by PA4PR08MB6014.eurprd08.prod.outlook.com (2603:10a6:102:ee::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Fri, 27 Nov 2020 13:19:57 +0000 Received: from PR3PR08MB5564.eurprd08.prod.outlook.com ([fe80::ac13:db5:ef4:2dd2]) by PR3PR08MB5564.eurprd08.prod.outlook.com ([fe80::ac13:db5:ef4:2dd2%4]) with mapi id 15.20.3611.025; Fri, 27 Nov 2020 13:19:57 +0000 To: libc-alpha@sourceware.org Subject: [PATCH v2 1/6] aarch64: Fix missing BTI protection from dependencies [BZ #26926] Date: Fri, 27 Nov 2020 13:19:43 +0000 Message-Id: <8756cc1083eb4cd93d3766cd39b2f34b6623bbcb.1606319495.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <cover.1606319495.git.szabolcs.nagy@arm.com> References: <cover.1606319495.git.szabolcs.nagy@arm.com> Content-Type: text/plain X-Originating-IP: [217.140.106.54] X-ClientProxiedBy: DM6PR11CA0031.namprd11.prod.outlook.com (2603:10b6:5:190::44) To PR3PR08MB5564.eurprd08.prod.outlook.com (2603:10a6:102:87::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.54) by DM6PR11CA0031.namprd11.prod.outlook.com (2603:10b6:5:190::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20 via Frontend Transport; Fri, 27 Nov 2020 13:19:54 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6f4faeb8-f2fc-4f0d-1929-08d892d7269b X-MS-TrafficTypeDiagnostic: PA4PR08MB6014:|AM6PR08MB4627: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: <AM6PR08MB462763564B74D6266E39DF70EDF80@AM6PR08MB4627.eurprd08.prod.outlook.com> x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:6790;OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: uSOwfWKWO7RxbVFSGdFP/D5GTUPDuWc6xJHr7c2rKOJx6XtCt45M03i7MD4PK3VtDRWG0coWsJjud9+eS9NV1vvzyY+na74m5ImrbrJJBkyUb3StlEcpihIkClCgAr7UEcRNF+apCI/27rWWsJOR6cYafjGzw1odfcoWw+aWv6MYNYh9bT0WAFqczem3BfDdQjLiOtt5tIC+VY2BID/p/gerYuv+UBUuuzPZRToaBaVIM8rO4iyhqSj87Ijy+2eV8YlyhohWNRObi/zNTYl/+gNCYbr7+IeBVNgKZILxTMq4jiu9RTrIM1eTTY47c4bIieKNBivTlRRoxeorr7Q8xZNHPDAJ8vMZ3WxmCaXMVxOKSlq2LhRwptAZOWVlNJhk X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PR3PR08MB5564.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(346002)(376002)(366004)(396003)(4326008)(54906003)(69590400008)(6916009)(6512007)(36756003)(6486002)(6666004)(316002)(478600001)(5660300002)(2616005)(86362001)(44832011)(2906002)(956004)(8936002)(16526019)(186003)(26005)(8676002)(66476007)(66946007)(6506007)(66556008)(52116002)(83380400001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: mE0W7bVcxrzcoVIn/VsONJxpsphrN/LkSiNomsqtOsOC3e0N1nrc341aqCU4R2J+YZKxtOPrETF6gwx1S0FRj8qq7NB1X29cF5vsWJVHw5dv6/2D7bzmjzPhm42EGMzdCEJz/1MKzqONSC/TtsD00YDY7Gx2semgeWEHgS1oWrmE6kBFo9J2snqrjThRD346+X1Gadu0TuAdugaA0eVrdlkakrPdwqgWsh+CXn3PlHxoSApq1NmR9dFHNIzqMJeH04rfZeo9mP3t5p2mm8K77dVyVJzGiKj1l/TMkadaatwfVfQgCQiDC5Kk4AF2B8XMeVppDtG+LDXmbcnWRISGcOAN3hwEay0WZL4d+myfOENIkyQ0clcbamNWybUU5kGCgeaMVBXqPQGVphwkveIuiRqgZRgUNPD6W5Z9ZlJYB3OdOH4RouMLHK7JnaZd1IzupglxEv1AAGQ9FaHt01etzZhL/cGuATAngROoNINu53r4m9MA6aH/rNc3qTrA16cs7ukEem04sEk5/psQ0SNnJHbD9/iUZKioyxsHRSIPTiJo6E3b63jmfMsqxhKHTSZ2Uo3oXkboo87BERejQaGbjbc64P6gyno7uRytQ5rx4OwKOM9qHVED4U4An42sLpwcN1fCZMUe0GZXpOFpZ5UgKvTavmAKmqP5NLaqWg88ssisgj0c+3XK26Pn0ryxbJSQm9s7GQssys/QgRW+i9Jo7+tcf2y0Bf/jiwdMBh9f2yJ7KIQpAaJrPS7LwfPCyip4wxx74XLdeJw1tZLKaq5+VeAhEhtLQEbJS4+Vb0I2ytXihAWQs9rtzYzJl/+aJd50c0tM32DllryjnKFdNEmIjiJ520/0h6diOFw+DXPLRCBDLcwinAvPxhyEOyoLlYGESM8zEOs1mGWKN/FEjRJqSmjt0Pk5QX8eHJzRo9iPGLbd81273R06CyVXqFLxct2zdQvUQ8vrw1Su9Jc33BuQHzLig4nRpzpPZWV3TW40Q+Pajmw4UkctetstoG3jCOzK X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB6014 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT043.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 452f73ad-b22f-4e13-96b2-08d892d722a2 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZPHv2RYoTPb1ZDNSmUOWmeI3AnHVoZt3Jg299cc16pubXnIOZ8PsLGPLgBlPLLTpbra+rBvdenlpsGhiWtsNsv8NPYrDykAyC6NG9yCfVy7YCnI72/h9+Mf4BR49+fKvrGf6jDZLs5zfa8PFHu51bNzBg/mA9PS53jsr8qyq8YRPSYwRr2GvOQhBqq8TUjUU6sHnBQ3jBZ+GnlpY+QPUXCxU6voO2tbH8nTNjLSC5/0M5+AENsi5x8lwalvPUEFKFEUZxcLKOaYsvoc9zuNPtuOitBMGtpAcU7oP6zj0sQ/773iciIE4jXhnIz+XTwY75OypnbocuqlGW8HF1USlWnUREVobQTBj4rol1ZSEedYHrYcCfeC92IhckElNO9FGy0HG1SKLwQI5ab96UMWzcznzq9B9cWr6xr5h7MEhm99V42aZyRL3BWE+XbSKcHLV X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(376002)(136003)(39860400002)(346002)(46966005)(6666004)(26005)(16526019)(336012)(4326008)(82310400003)(69590400008)(186003)(478600001)(36756003)(6506007)(70586007)(5660300002)(356005)(44832011)(2906002)(6486002)(83380400001)(86362001)(8676002)(6916009)(81166007)(82740400003)(8936002)(107886003)(2616005)(70206006)(316002)(47076004)(956004)(6512007)(54906003); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Nov 2020 13:20:03.6177 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6f4faeb8-f2fc-4f0d-1929-08d892d7269b X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT043.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4627 X-Spam-Status: No, score=-14.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Szabolcs Nagy via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Szabolcs Nagy <szabolcs.nagy@arm.com> Cc: Mark Rutland <mark.rutland@arm.com>, kernel-hardening@lists.openwall.com, Catalin Marinas <catalin.marinas@arm.com>, linux-kernel@vger.kernel.org, Jeremy Linton <jeremy.linton@arm.com>, Mark Brown <broonie@kernel.org>, Topi Miettinen <toiwoton@gmail.com>, Will Deacon <will@kernel.org>, linux-arm-kernel@lists.infradead.org Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org> |
Series |
aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831]
|
|
Commit Message
Szabolcs Nagy
Nov. 27, 2020, 1:19 p.m. UTC
The _dl_open_check and _rtld_main_check hooks are not called on the dependencies of a loaded module, so BTI protection was missed on every module other than the main executable and directly dlopened libraries. The fix just iterates over dependencies to enable BTI. Fixes bug 26926. --- sysdeps/aarch64/dl-bti.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-)
Comments
On 27/11/2020 10:19, Szabolcs Nagy via Libc-alpha wrote: > The _dl_open_check and _rtld_main_check hooks are not called on the > dependencies of a loaded module, so BTI protection was missed on > every module other than the main executable and directly dlopened > libraries. > > The fix just iterates over dependencies to enable BTI. > > Fixes bug 26926. LGTM, modulus the argument name change. I also think it would be better to add a testcase, for both DT_NEEDED and dlopen case. > --- > sysdeps/aarch64/dl-bti.c | 21 +++++++++++++++++---- > 1 file changed, 17 insertions(+), 4 deletions(-) > > diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c > index 196e462520..8f4728adce 100644 > --- a/sysdeps/aarch64/dl-bti.c > +++ b/sysdeps/aarch64/dl-bti.c > @@ -51,11 +51,24 @@ enable_bti (struct link_map *map, const char *program) > return 0; > } > > -/* Enable BTI for L if required. */ > +/* Enable BTI for MAP and its dependencies. */ > > void > -_dl_bti_check (struct link_map *l, const char *program) > +_dl_bti_check (struct link_map *map, const char *program) I don't see much gain changing the argument name. > { > - if (GLRO(dl_aarch64_cpu_features).bti && l->l_mach.bti) > - enable_bti (l, program); > + if (!GLRO(dl_aarch64_cpu_features).bti) > + return; > + > + if (map->l_mach.bti) > + enable_bti (map, program); > + > + unsigned int i = map->l_searchlist.r_nlist; > + while (i-- > 0) > + { > + struct link_map *l = map->l_initfini[i]; > + if (l->l_init_called) > + continue; > + if (l->l_mach.bti) > + enable_bti (l, program); > + } > } > Ok.
The 12/10/2020 14:51, Adhemerval Zanella wrote: > On 27/11/2020 10:19, Szabolcs Nagy via Libc-alpha wrote: > > The _dl_open_check and _rtld_main_check hooks are not called on the > > dependencies of a loaded module, so BTI protection was missed on > > every module other than the main executable and directly dlopened > > libraries. > > > > The fix just iterates over dependencies to enable BTI. > > > > Fixes bug 26926. > > LGTM, modulus the argument name change. > > I also think it would be better to add a testcase, for both DT_NEEDED > and dlopen case. thanks, i committed this with fixed argument name as attached. i plan to do tests later once i understand the BTI semantics (right now it's not clear if in the presence of some W^X policy BTI may be silently ignored or not).
diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c index 196e462520..8f4728adce 100644 --- a/sysdeps/aarch64/dl-bti.c +++ b/sysdeps/aarch64/dl-bti.c @@ -51,11 +51,24 @@ enable_bti (struct link_map *map, const char *program) return 0; } -/* Enable BTI for L if required. */ +/* Enable BTI for MAP and its dependencies. */ void -_dl_bti_check (struct link_map *l, const char *program) +_dl_bti_check (struct link_map *map, const char *program) { - if (GLRO(dl_aarch64_cpu_features).bti && l->l_mach.bti) - enable_bti (l, program); + if (!GLRO(dl_aarch64_cpu_features).bti) + return; + + if (map->l_mach.bti) + enable_bti (map, program); + + unsigned int i = map->l_searchlist.r_nlist; + while (i-- > 0) + { + struct link_map *l = map->l_initfini[i]; + if (l->l_init_called) + continue; + if (l->l_mach.bti) + enable_bti (l, program); + } }