diff options
author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2020-10-28 18:10:23 +0000 |
---|---|---|
committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2020-11-25 15:25:28 +0000 |
commit | ebce134991eae4261bbb32572a2062d3ca56e674 (patch) | |
tree | ef1cb71799cc6a09fb7a816f6366c1c67f57ffde /resolv/tst-res_use_inet6.c | |
parent | a23246987ec0a8b307a9a171193464b74a7cb416 (diff) | |
download | glibc-nsz/bti-1.tar.gz glibc-nsz/bti-1.tar.xz glibc-nsz/bti-1.zip |
aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831] nsz/bti-1
Re-mmap executable segments if possible instead of using mprotect to add PROT_BTI. This allows using BTI protection with security policies that prevent mprotect with PROT_EXEC. If the fd of the ELF module is not available because it was kernel mapped then mprotect is used and failures are ignored. To protect the main executable even when mprotect is filtered the linux kernel will have to be changed to add PROT_BTI to it. Computing the mapping bounds follows _dl_map_object_from_fd more closely now. The delayed failure reporting is mainly needed because currently _dl_process_gnu_properties does not propagate failures such that the required cleanups happen. Using the link_map_machine struct for error propagation is not ideal, but this seemed to be the least intrusive solution. Fixes bug 26831.
Diffstat (limited to 'resolv/tst-res_use_inet6.c')
0 files changed, 0 insertions, 0 deletions