From patchwork Mon Jan 24 15:07:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 50402 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 151F63858438 for ; Mon, 24 Jan 2022 15:08:07 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 151F63858438 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1643036887; bh=OAp9LSOYq0ViNQY6OnLIqoWjuA5hCqrTVXE9TdL9UaM=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=leme2kNyTOFkCy5k8a5V/mlaH5uJnozMiWkZ/4fTsT9WR7aPr3n/jdJtUUm1+taLs zPxr1gtW7VCm/wbP4ekAwuc8vpLXYKf5N6uZcfGxBbwfubzpasazorlzLLXh6kL9kD e0kQRB4/SnCaMEXwfw8jDHFRELvN+cue+ZlxCbsU= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by sourceware.org (Postfix) with ESMTPS id 192143858D39 for ; Mon, 24 Jan 2022 15:07:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 192143858D39 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 69E6B61387; Mon, 24 Jan 2022 15:07:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A2A3EC340E7; Mon, 24 Jan 2022 15:07:42 +0000 (UTC) To: Catalin Marinas , Will Deacon Subject: [PATCH v8 0/4] arm64: Enable BTI for the executable as well as the interpreter Date: Mon, 24 Jan 2022 15:07:00 +0000 Message-Id: <20220124150704.2559523-1-broonie@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2407; h=from:subject; bh=WMgkeOdQ6YbZ5GIkHNwSa0O95o1TyPQ6kQHHyVZD1lU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBh7sCR+KQD4owTwEsFkgOrRjSCjH9/v7lBfvVL4+HB BHEQ46qJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCYe7AkQAKCRAk1otyXVSH0DsIB/ 4+6HTMMlaFtfwcaVnhkNLMyJiRyeTKZijSz6WgTwp/XNuXivIqEWrH1xDUKwpYduwfk2r5G9JBNQk/ 7kMvM2Cjr7PJCTSzCsWoM9v8bbfM5lj9l3VIh3pF7BUDulEuMX9Xn8KJPZH6DzpcQDqfDPkThograk 7IVvp8Ra8da4ZseUKVrBgoBU0VBg4tllFHbchZzwTGJUku+FCz3v0JqBnEKWZxNnvym0pGDF1nTqXd 0sXEvN3ys6dgD2TrVAeP9w4j8FNuexV5SqCAjmavCxfm9x9WwC9RTJJVMuSJm1MrFrusz4ZFxTE0C8 kGfR/hmIzxKXtQz7DylOgXVODstqlP X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Mark Brown via Libc-alpha From: Mark Brown Reply-To: Mark Brown Cc: linux-arch@vger.kernel.org, Yu-cheng Yu , libc-alpha@sourceware.org, Szabolcs Nagy , Jeremy Linton , Mark Brown , linux-arm-kernel@lists.infradead.org Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Deployments of BTI on arm64 have run into issues interacting with systemd's MemoryDenyWriteExecute feature. Currently for dynamically linked executables the kernel will only handle architecture specific properties like BTI for the interpreter, the expectation is that the interpreter will then handle any properties on the main executable. For BTI this means remapping the executable segments PROT_EXEC | PROT_BTI. This interacts poorly with MemoryDenyWriteExecute since that is implemented using a seccomp filter which prevents setting PROT_EXEC on already mapped memory and lacks the context to be able to detect that memory is already mapped with PROT_EXEC. This series resolves this by handling the BTI property for both the interpreter and the main executable. This does mean that we may get more code with BTI enabled if running on a system without BTI support in the dynamic linker, this is expected to be a safe configuration and testing seems to confirm that. It also reduces the flexibility userspace has to disable BTI but it is expected that for cases where there are problems which require BTI to be disabled it is more likely that it will need to be disabled on a system level. v8: - Rebase onto v5.17-rc1. v7: - Rebase onto v5.16-rc1. v6: - Rebase onto v5.15-rc1. v5: - Rebase onto v5.14-rc2. - Tweak changelog on patch 1. - Use the helper for interpreter/executable flag in elf.h as well. v4: - Rebase onto v5.14-rc1. v3: - Fix passing of properties for parsing by the main executable. - Drop has_interp from arch_parse_elf_property(). - Coding style tweaks. v2: - Add a patch dropping has_interp from arch_adjust_elf_prot() - Fix bisection issue with static executables on arm64 in the first patch. Mark Brown (4): elf: Allow architectures to parse properties on the main executable arm64: Enable BTI for main executable as well as the interpreter elf: Remove has_interp property from arch_adjust_elf_prot() elf: Remove has_interp property from arch_parse_elf_property() arch/arm64/include/asm/elf.h | 14 ++++++++++++-- arch/arm64/kernel/process.c | 16 +++------------- fs/binfmt_elf.c | 29 ++++++++++++++++++++--------- include/linux/elf.h | 8 +++++--- 4 files changed, 40 insertions(+), 27 deletions(-) base-commit: e783362eb54cd99b2cac8b3a9aeac942e6f6ac07