diff options
| author | Dave Martin <Dave.Martin@arm.com> | 2020-03-16 19:50:47 +0300 |
|---|---|---|
| committer | Catalin Marinas <catalin.marinas@arm.com> | 2020-03-16 20:19:48 +0300 |
| commit | ab7876a98a2160092133de4c648e94b18bc3f139 (patch) | |
| tree | 8c9a55d036f6e42dd7917860ad9d1fac9605c672 /include/uapi/linux/elf.h | |
| parent | fe0f67660ee9c99408be5261ae045f8b41953b05 (diff) | |
| download | linux-ab7876a98a2160092133de4c648e94b18bc3f139.tar.xz | |
arm64: elf: Enable BTI at exec based on ELF program properties
For BTI protection to be as comprehensive as possible, it is
desirable to have BTI enabled from process startup. If this is not
done, the process must use mprotect() to enable BTI for each of its
executable mappings, but this is painful to do in the libc startup
code. It's simpler and more sound to have the kernel do it
instead.
To this end, detect BTI support in the executable (or ELF
interpreter, as appropriate), via the
NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot
flags for the process' executable pages to include PROT_BTI as
appropriate.
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'include/uapi/linux/elf.h')
| -rw-r--r-- | include/uapi/linux/elf.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 20900f4496b7..c6dd0215482e 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -448,4 +448,10 @@ typedef struct elf64_note { Elf64_Word n_type; /* Content type */ } Elf64_Nhdr; +/* .note.gnu.property types for EM_AARCH64: */ +#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000 + +/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */ +#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) + #endif /* _UAPI_LINUX_ELF_H */ |