aarch64: enable BTI at runtime

System Internals / glibc - Sudakshina Das [arm.com] - 8 July 2020 14:02 UTC

Binaries can opt-in to using BTI via an ELF object file marking. The dynamic linker has to then mprotect the executable segments with PROT_BTI. In case of static linked executables or in case of the dynamic linker itself, PROT_BTI protection is done by the operating system.

On AArch64 glibc uses PT_GNU_PROPERTY instead of PT_NOTE to check the properties of a binary because PT_NOTE can be unreliable with old linkers (old linkers just append the notes of input objects together and add them to the output without checking them for consistency which means multiple incompatible GNU property notes can be present in PT_NOTE).

BTI property is handled in the loader even if glibc is not built with BTI support, so in theory user code can be BTI protected independently of glibc. In practice though user binaries are not marked with the BTI property if glibc has no support because the static linked libc objects (crt files, libc_nonshared.a) are unmarked.

This patch relies on Linux userspace API that is not yet in a linux release but in v5.8-rc1 so scheduled to be in Linux 5.8.

605338745b aarch64: enable BTI at runtime
sysdeps/aarch64/Makefile | 4 ++
sysdeps/aarch64/dl-bti.c | 54 ++++++++++++++++++++++
sysdeps/aarch64/dl-prop.h | 63 ++++++++++++++++++++++++++
sysdeps/aarch64/linkmap.h | 3 ++
sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h | 1 +
sysdeps/unix/sysv/linux/aarch64/bits/mman.h | 31 +++++++++++++
sysdeps/unix/sysv/linux/aarch64/cpu-features.c | 3 ++
sysdeps/unix/sysv/linux/aarch64/cpu-features.h | 2 +
8 files changed, 161 insertions(+)

Upstream: sourceware.org


  • Share