Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831]

From: Mark Brown
Date: Wed Nov 04 2020 - 13:53:57 EST

Next message: Rob Herring: "Re: [PATCH v2 1/2] dt-bindings: pinctrl: qcom: Add SDX55 pinctrl bindings"
Previous message: Jaegeuk Kim: "Re: [f2fs-dev] [PATCH 1/1] f2fs-toos:fsck.f2fs Fix bad return value"
In reply to: Jeremy Linton: "Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831]"
Next in thread: Topi Miettinen: "Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 04, 2020 at 12:47:09PM -0600, Jeremy Linton wrote:
> On 11/4/20 4:50 AM, Mark Brown wrote:

> > The effect on pre-BTI hardware is an issue, another option would be for
> > systemd to disable this seccomp usage but only after checking for BTI
> > support in the system rather than just doing so purely based on the
> > architecture.

> That works, but your also losing seccomp in the case where the machine is
> BTI capable, but the service isn't. So it should really be checking the elf
> notes, but at that point you might just as well patch glibc.

True, I guess I was assuming that a BTI rebuild is done at the distro
level but of course even if that's the case a system could have third
party binaries so you can't just assume that the world is BTI.

Attachment: signature.asc
Description: PGP signature

Next message: Rob Herring: "Re: [PATCH v2 1/2] dt-bindings: pinctrl: qcom: Add SDX55 pinctrl bindings"
Previous message: Jaegeuk Kim: "Re: [f2fs-dev] [PATCH 1/1] f2fs-toos:fsck.f2fs Fix bad return value"
In reply to: Jeremy Linton: "Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831]"
Next in thread: Topi Miettinen: "Re: [PATCH 0/4] aarch64: avoid mprotect(PROT_BTI|PROT_EXEC) [BZ #26831]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]