Page MenuHomeFreeBSD
Differential D42440

sysent: Add sv_protect
ClosedPublic
Actions

Authored by andrew on Nov 2 2023, 10:32 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 11:18 AM
Unknown Object (File)
Mon, Nov 4, 10:26 AM
Unknown Object (File)
Thu, Oct 24, 2:52 AM
Unknown Object (File)
Oct 3 2024, 5:19 PM
Unknown Object (File)
Sep 28 2024, 1:06 PM
Unknown Object (File)
Sep 27 2024, 4:18 PM
Unknown Object (File)
Sep 24 2024, 8:07 PM
Unknown Object (File)
Sep 24 2024, 7:42 PM
View All 52 Files
Subscribers
imp

Details

Reviewers
kib
markj
Commits
rGeb32c1c75ab0: sysent: Add sv_protect
Summary

To allow for architecture specific protections add sv_protect to struct
sysent. This can be used to apply these after the executable is loaded
into the new address space.

Sponsored by: Arm Ltd

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

andrew created this revision.Nov 2 2023, 10:32 AM
Herald added a subscriber: imp. · View Herald TranscriptNov 2 2023, 10:32 AM
andrew requested review of this revision.Nov 2 2023, 10:32 AM
andrew added a parent revision: D42439: imgact_elf: Export __elfN(parse_notes).
Harbormaster completed remote builds in B54247: Diff 129623.Nov 2 2023, 10:32 AM
andrew added a child revision: D42441: arm64: Enable BTI in the kernel ELF loader.Nov 2 2023, 10:33 AM
kib accepted this revision.Nov 2 2023, 11:46 AM
kib added inline comments.
sys/kern/imgact_elf.c
1374–1377

May be move the call there? More data for imgp is initialized.

This revision is now accepted and ready to land.Nov 2 2023, 11:46 AM
andrew updated this revision to Diff 129645.Nov 2 2023, 2:32 PM

Move sv_protect later and add it to __elfN(load_file)

This revision now requires review to proceed.Nov 2 2023, 2:32 PM
Harbormaster completed remote builds in B54251: Diff 129645.Nov 2 2023, 2:32 PM
kib added a comment.Nov 3 2023, 5:08 AM
In D42440#968474, @andrew wrote:

Move sv_protect later and add it to __elfN(load_file)

Why adding it to load_file? Now the callback is executing three times at least.

andrew added a comment.Nov 3 2023, 1:52 PM

Why will it be called three times? It should only be called for the main executable, and in whichever load_file calls is successful.

I added it to load_file so the runtime linker will also be protected from when it starts executing.

kib added a comment.Nov 3 2023, 4:05 PM
In D42440#968760, @andrew wrote:

Why will it be called three times? It should only be called for the main executable, and in whichever load_file calls is successful.

I added it to load_file so the runtime linker will also be protected from when it starts executing.

Yes, it will be called twice, but I do not understand why is it should be arranged that way. Call it after everything is mapped, i.e. both the binary and optional interpreter.

andrew added a comment.Nov 3 2023, 4:50 PM

For BTI we need to parse the ELF file to read a note to decide if protection should be enabled for just the memory loaded from that file. Because of this it's easier to check if we should protect some address space on a per-file base to both check if we need to enable BTI, and for what memory it needs to be enabled.

kib added a comment.Nov 4 2023, 7:08 AM

Then would it be more logical to have two differently named callbacks, indicating their purpose?

andrew added a comment.Nov 6 2023, 1:26 PM

I added a flag for the callback to know if it's from the main executable, or the interpreter.

kib added inline comments.Nov 6 2023, 1:39 PM
sys/kern/imgact_elf.c
866

Can we name the constants? E.g. SV_PROTECT_IMAGE and SV_PROTECT_INTERP

andrew updated this revision to Diff 129775.Nov 6 2023, 3:42 PM

Use named flags

Harbormaster completed remote builds in B54301: Diff 129775.Nov 6 2023, 3:42 PM
kib accepted this revision.Nov 6 2023, 4:01 PM
This revision is now accepted and ready to land.Nov 6 2023, 4:01 PM
Closed by commit rGeb32c1c75ab0: sysent: Add sv_protect (authored by andrew). · Explain WhyNov 10 2023, 10:08 AM
This revision was automatically updated to reflect the committed changes.
andrew added a commit: rGeb32c1c75ab0: sysent: Add sv_protect.

Revision Contents
Changeset List

PathSize
sys/
kern/
6 lines
sys/
5 lines

Diff 129933

View Options

sys/kern/imgact_elf.c

Loading...
View Options

sys/sys/sysent.h

Loading...