To allow for architecture specific protections add sv_protect to struct
sysent. This can be used to apply these after the executable is loaded
into the new address space.
Sponsored by: Arm Ltd
Differential D42440
sysent: Add sv_protect andrew on Nov 2 2023, 10:32 AM. Authored by Tags None Referenced Files
Subscribers
Details
To allow for architecture specific protections add sv_protect to struct Sponsored by: Arm Ltd
Diff Detail
Event Timeline
Comment Actions Why will it be called three times? It should only be called for the main executable, and in whichever load_file calls is successful. I added it to load_file so the runtime linker will also be protected from when it starts executing. Comment Actions Yes, it will be called twice, but I do not understand why is it should be arranged that way. Call it after everything is mapped, i.e. both the binary and optional interpreter. Comment Actions For BTI we need to parse the ELF file to read a note to decide if protection should be enabled for just the memory loaded from that file. Because of this it's easier to check if we should protect some address space on a per-file base to both check if we need to enable BTI, and for what memory it needs to be enabled. Comment Actions Then would it be more logical to have two differently named callbacks, indicating their purpose? Comment Actions I added a flag for the callback to know if it's from the main executable, or the interpreter.
|