mirror of
https://gitee.com/bianbu-linux/linux-6.6
synced 2025-07-12 00:43:36 -04:00
arm64: elf: Enable BTI at exec based on ELF program properties
For BTI protection to be as comprehensive as possible, it is desirable to have BTI enabled from process startup. If this is not done, the process must use mprotect() to enable BTI for each of its executable mappings, but this is painful to do in the libc startup code. It's simpler and more sound to have the kernel do it instead. To this end, detect BTI support in the executable (or ELF interpreter, as appropriate), via the NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot flags for the process' executable pages to include PROT_BTI as appropriate. Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Dave Martin <Dave.Martin@arm.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
This commit is contained in:
Dave Martin
Catalin Marinas
parent
fe0f67660e
commit
ab7876a98a
4 changed files with 78 additions and 0 deletions
|
|
@ -448,4 +448,10 @@ typedef struct elf64_note {
|
|||
Elf64_Word n_type; /* Content type */
|
||||
} Elf64_Nhdr;
|
||||
|
||||
/* .note.gnu.property types for EM_AARCH64: */
|
||||
#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000
|
||||
|
||||
/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */
|
||||
#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0)
|
||||
|
||||
#endif /* _UAPI_LINUX_ELF_H */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue