]> git.baikalelectronics.ru Git - kernel.git/commit
arm64: elf: Enable BTI at exec based on ELF program properties
authorDave Martin <Dave.Martin@arm.com>
Mon, 16 Mar 2020 16:50:47 +0000 (16:50 +0000)
committerCatalin Marinas <catalin.marinas@arm.com>
Mon, 16 Mar 2020 17:19:48 +0000 (17:19 +0000)
commit7f670c8b6a0a85daac09dfad5dbfff2bf3f260a0
tree8c9a55d036f6e42dd7917860ad9d1fac9605c672
parentbff6bccdc8b702335e5b56c44d8ce700a27058eb
arm64: elf: Enable BTI at exec based on ELF program properties

For BTI protection to be as comprehensive as possible, it is
desirable to have BTI enabled from process startup.  If this is not
done, the process must use mprotect() to enable BTI for each of its
executable mappings, but this is painful to do in the libc startup
code.  It's simpler and more sound to have the kernel do it
instead.

To this end, detect BTI support in the executable (or ELF
interpreter, as appropriate), via the
NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot
flags for the process' executable pages to include PROT_BTI as
appropriate.

Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
arch/arm64/Kconfig
arch/arm64/include/asm/elf.h
arch/arm64/kernel/process.c
include/uapi/linux/elf.h