Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp1047122ybd; Wed, 26 Jun 2019 10:15:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqyXZ/d47DTSuJUp8D5du4AbbFxVodpHNNPPTUjIJk//KFIeQ6NgNJfaAYS0Yjjqdv7SJPo9 X-Received: by 2002:a63:e317:: with SMTP id f23mr3918419pgh.39.1561569307804; Wed, 26 Jun 2019 10:15:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561569307; cv=none; d=google.com; s=arc-20160816; b=o8OuWDF6jfHLXqDJYWbLRDrVumIHJ+OMdF8/N3GzPDBsro8EVgQwBr8EFR9k8xdAFZ KiML8dn+gEs59eRK9X2pANDlsVoZxzUVSS5jFoFoq7KPec9FmnRC+tJAj3N0C+kNtbnP Iz6XjdbJHQkNGaPpIPGV4NfdvJRxqg4uNMYIzdSSEBXMRaBIzZjXsAZucxXT5masA/03 kCpz8ntHgpOAE9PKpfRI5MGSvJiAOGGTz1DfXUAYabL6MU82gg2qAA/mMd8NJZ4MB8NK OEPogzcSIGE+l5M+Rysdil0FPMklbQeM9Hx1Wu5pgyTjYWNsJMe2IylLMWD3NM3FZImp Iv/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=iZ0b+/lUcP9zaaMexkUlQdqvpgfJZAjpzHawxGUTRJg=; b=ay9dvop8gVTNsXKYXag//3Lc2c1475B9KjNUAtukZTpPs+AKVRDVk9+mRPDwQLDSFt OiC7ndP1z29xJPALFdFhVUILhiQeTeQBmS23T8dDyEs0V7sq3JpmNuuuapwsill0T7++ ZrCQHIuBGKOM0Vw13EevZhiU9uHvhL6E4fBLFWen5u9WUrt8Rj3cMRGQXaFbPTJm65fy suZ+/uI7WNWp4L86Ei3ImckoMRE3533gPa4BWFDcA00qSxjApe7+pRxl7lwh+7YFFB1k T8myoR4MDyLBuHCDQmabv6OQFZ46p8JRgocbtV1WbiBj/2lk78Dudpsw5lvqVgnlLSen XI4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=m+cjANgM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u21si16351136pgm.431.2019.06.26.10.14.51; Wed, 26 Jun 2019 10:15:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=m+cjANgM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726614AbfFZROW (ORCPT + 99 others); Wed, 26 Jun 2019 13:14:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:54666 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726379AbfFZROW (ORCPT ); Wed, 26 Jun 2019 13:14:22 -0400 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9E4A52184C for ; Wed, 26 Jun 2019 17:14:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561569260; bh=IPJPblNMOSzpc4o8oUY4BwkKbCN4n/1QDhjL5Fv7ep4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=m+cjANgMOKu9iYPrmIEkq3ir867euC6fdTabpwRWKebv6Efr6ulwc+y5QuteG304H /QfQMK0QGFunEvQafok0oocQabttk4YNZs1+7OtTC3sL8zB6GFf2+B0BddImiFJWF2 BYP7KtBDmXc/06DRGFT2JJ7dkt9otFAQzEU2u14U= Received: by mail-wr1-f50.google.com with SMTP id n9so3667511wru.0 for ; Wed, 26 Jun 2019 10:14:20 -0700 (PDT) X-Gm-Message-State: APjAAAUn1DwDj4cdfh9s9WUYsakR+WU/NToNJmnrC2YgP/1wfG1FsDGM 2/FPg55wTbBgac6x8Lw9H9sxbSbb7rG4PCMXf+AUnA== X-Received: by 2002:adf:f28a:: with SMTP id k10mr4711752wro.343.1561569259059; Wed, 26 Jun 2019 10:14:19 -0700 (PDT) MIME-Version: 1.0 References: <20190501211217.5039-1-yu-cheng.yu@intel.com> <20190502111003.GO3567@e103592.cambridge.arm.com> In-Reply-To: <20190502111003.GO3567@e103592.cambridge.arm.com> From: Andy Lutomirski Date: Wed, 26 Jun 2019 10:14:07 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] binfmt_elf: Extract .note.gnu.property from an ELF file To: Dave Martin Cc: Yu-cheng Yu , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Szabolcs Nagy , libc-alpha Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 2, 2019 at 4:10 AM Dave Martin wrote: > > On Wed, May 01, 2019 at 02:12:17PM -0700, Yu-cheng Yu wrote: > > An ELF file's .note.gnu.property indicates features the executable file > > can support. For example, the property GNU_PROPERTY_X86_FEATURE_1_AND > > indicates the file supports GNU_PROPERTY_X86_FEATURE_1_IBT and/or > > GNU_PROPERTY_X86_FEATURE_1_SHSTK. > > > > This patch was part of the Control-flow Enforcement series; the original > > patch is here: https://lkml.org/lkml/2018/11/20/205. Dave Martin responded > > that ARM recently introduced new features to NT_GNU_PROPERTY_TYPE_0 with > > properties closely modelled on GNU_PROPERTY_X86_FEATURE_1_AND, and it is > > logical to split out the generic part. Here it is. > > > > With this patch, if an arch needs to setup features from ELF properties, > > it needs CONFIG_ARCH_USE_GNU_PROPERTY to be set, and a specific > > arch_setup_property(). > > > > For example, for X86_64: > > > > int arch_setup_property(void *ehdr, void *phdr, struct file *f, bool inter) > > { > > int r; > > uint32_t property; > > > > r = get_gnu_property(ehdr, phdr, f, GNU_PROPERTY_X86_FEATURE_1_AND, > > &property); > > ... > > } > > Thanks, this is timely for me. I should be able to build the needed > arm64 support pretty quickly around this now. > > [Cc'ing libc-alpha for the elf.h question -- see (2)] > > > A couple of questions before I look in more detail: > > 1) Can we rely on PT_GNU_PROPERTY being present in the phdrs to describe > the NT_GNU_PROPERTY_TYPE_0 note? If so, we can avoid trying to parse > irrelevant PT_NOTE segments. > > > 2) Are there standard types for things like the program property header? > If not, can we add something in elf.h? We should try to coordinate with > libc on that. Something like > Where did PT_GNU_PROPERTY come from? Are there actual docs for it? Can someone here tell us what the actual semantics of this new ELF thingy are? From some searching, it seems like it's kind of an ELF note but kind of not. An actual description would be fantastic. Also, I don't think there's any actual requirement that the upstream kernel recognize existing CET-enabled RHEL 8 binaries as being CET-enabled. I tend to think that RHEL 8 jumped the gun here. While the upstream kernel should make some reasonble effort to make sure that RHEL 8 binaries will continue to run, I don't see why we need to go out of our way to keep the full set of mitigations available for binaries that were developed against a non-upstream kernel. In fact, if we handle the legacy bitmap differently from RHEL 8, we may *have* to make sure that we don't recognize existing RHEL 8 binaries as CET-enabled. Sigh.