diff options
| author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2020-07-13 11:28:18 +0100 |
|---|---|---|
| committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2020-07-24 08:52:22 +0100 |
| commit | 7ebd114211dcd290efd54e610bbde0765bd7764c (patch) | |
| tree | 1f8e6257683da8693818aceccaf8b67de776ebff /sysdeps | |
| parent | 04726be814c6fd6d9cf974e15d684dd3ac1a180e (diff) | |
| download | glibc-7ebd114211dcd290efd54e610bbde0765bd7764c.zip glibc-7ebd114211dcd290efd54e610bbde0765bd7764c.tar.gz glibc-7ebd114211dcd290efd54e610bbde0765bd7764c.tar.bz2 | |
aarch64: Respect p_flags when protecting code with PROT_BTI
Use PROT_READ and PROT_WRITE according to the load segment p_flags
when adding PROT_BTI.
This is before processing relocations which may drop PROT_BTI in
case of textrels. Executable stacks are not protected via PROT_BTI
either. PROT_BTI is hardening in case memory corruption happened,
it's value is reduced if there is writable and executable memory
available so missing it on such memory is fine, but we should
respect the p_flags and should not drop PROT_WRITE.
Diffstat (limited to 'sysdeps')
| -rw-r--r-- | sysdeps/aarch64/dl-bti.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c index 965ddcc..196e462 100644 --- a/sysdeps/aarch64/dl-bti.c +++ b/sysdeps/aarch64/dl-bti.c @@ -24,13 +24,20 @@ static int enable_bti (struct link_map *map, const char *program) { const ElfW(Phdr) *phdr; - unsigned prot = PROT_READ | PROT_EXEC | PROT_BTI; + unsigned prot; for (phdr = map->l_phdr; phdr < &map->l_phdr[map->l_phnum]; ++phdr) if (phdr->p_type == PT_LOAD && (phdr->p_flags & PF_X)) { void *start = (void *) (phdr->p_vaddr + map->l_addr); size_t len = phdr->p_memsz; + + prot = PROT_EXEC | PROT_BTI; + if (phdr->p_flags & PF_R) + prot |= PROT_READ; + if (phdr->p_flags & PF_W) + prot |= PROT_WRITE; + if (__mprotect (start, len, prot) < 0) { if (program) |