git.baikalelectronics.ru Git - kernel.git/commit

author	Dave Martin <Dave.Martin@arm.com>
	Mon, 16 Mar 2020 16:50:47 +0000 (16:50 +0000)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Mon, 16 Mar 2020 17:19:48 +0000 (17:19 +0000)
commit	7f670c8b6a0a85daac09dfad5dbfff2bf3f260a0
tree	8c9a55d036f6e42dd7917860ad9d1fac9605c672	tree \| snapshot
parent	bff6bccdc8b702335e5b56c44d8ce700a27058eb	commit \| diff

arm64: elf: Enable BTI at exec based on ELF program properties

For BTI protection to be as comprehensive as possible, it is
desirable to have BTI enabled from process startup. If this is not
done, the process must use mprotect() to enable BTI for each of its
executable mappings, but this is painful to do in the libc startup
code. It's simpler and more sound to have the kernel do it
instead.

To this end, detect BTI support in the executable (or ELF
interpreter, as appropriate), via the
NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot
flags for the process' executable pages to include PROT_BTI as
appropriate.

Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

arch/arm64/Kconfig		diff \| blob \| history
arch/arm64/include/asm/elf.h		diff \| blob \| history
arch/arm64/kernel/process.c		diff \| blob \| history
include/uapi/linux/elf.h		diff \| blob \| history