Thread (1 message) 1 message, 1 author, 2020-10-22

Re: [systemd-devel] BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures

From: Florian Weimer <hidden>
Date: 2020-10-22 08:25:37
Also in: lkml

* Topi Miettinen:
quoted
The dynamic loader has to process the LOAD segments to get to the ELF
note that says to enable BTI.  Maybe we could do a first pass and
load only the segments that cover notes.  But that requires lots of
changes to generic code in the loader.
What if the loader always enabled BTI for PROT_EXEC pages, but then
when discovering that this was a mistake, mprotect() the pages without
BTI?
Is that architecturally supported?  How costly is the mprotect change if
the pages have not been faulted in yet?
Then both BTI and MDWX would work and the penalty of not getting
MDWX would fall to non-BTI programs. What's the expected proportion of
BTI enabled code vs. disabled in the future, is it perhaps expected
that a distro would enable the flag globally so eventually only a few
legacy programs might be unprotected?
Eventually, I expect that mainstream distributions build everything for
BTI, so yes, the PROT_BTI removal would only be needed for legacy
programs.

Thanks,
Florian
-- 
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help