Add a new PT_OPENBSD_NOBTCFI "segment type" to indicate that the kernel

should not enforce branch target control flow integrety for a binary.
This works analoguous to PT_OPENBSD_WXNEEDED in that we will set it on
binaries that don't have the necessary landing pads (yet).  The kernel
will enforce branch target CFI by default in the near future!

This is a better match for what we want to achieve than the GNU property
note mechanism that the Linux folks came up with.  We can still use the
GNU property notes for diagnostic purposes so we won't disable their
generation in the toolchain.  But ports will need to pass an explicit
-Wl,-z,nobtcfi option to disable branch target CFI.

Like with PT_OPENBSD_WXNEEDED we convert the presence of PT_OPENBSD_NOBTCFI
into a flag in struct exec_package.  From there MD code can pick it up
and set a struct process flag or take action in setregs().

ok deraadt@

diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c
index 6b4f45c..f7c11b4 100644 (file)
--- a/sys/kern/exec_elf.c
+++ b/sys/kern/exec_elf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: exec_elf.c,v 1.180 2023/01/16 07:09:11 guenther Exp $ */
+/*     $OpenBSD: exec_elf.c,v 1.181 2023/04/19 15:37:36 kettenis Exp $ */
 
 /*
  * Copyright (c) 1996 Per Fogelstrom
@@ -918,6 +918,10 @@ elf_os_pt_note(struct proc *p, struct exec_package *epp, Elf_Ehdr *eh, int *name
                        epp->ep_flags |= EXEC_WXNEEDED;
                        continue;
                }
+               if (ph->p_type == PT_OPENBSD_NOBTCFI) {
+                       epp->ep_flags |= EXEC_NOBTCFI;
+                       continue;
+               }
 
                if (ph->p_type != PT_NOTE || ph->p_filesz > 1024)
                        continue;

diff --git a/sys/sys/exec.h b/sys/sys/exec.h
index d083c6d..c70d1d9 100644 (file)
--- a/sys/sys/exec.h
+++ b/sys/sys/exec.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: exec.h,v 1.51 2022/10/30 17:43:40 guenther Exp $      */
+/*     $OpenBSD: exec.h,v 1.52 2023/04/19 15:37:36 kettenis Exp $      */
 /*     $NetBSD: exec.h,v 1.59 1996/02/09 18:25:09 christos Exp $       */
 
 /*-
@@ -138,6 +138,7 @@ struct exec_package {
 #define        EXEC_SKIPARG    0x0008          /* don't copy user-supplied argv[0] */
 #define        EXEC_DESTR      0x0010          /* destructive ops performed */
 #define        EXEC_WXNEEDED   0x0020          /* executable will violate W^X */
+#define        EXEC_NOBTCFI    0x0040          /* no branch target CFI */
 
 #ifdef _KERNEL
 /*

diff --git a/sys/sys/exec_elf.h b/sys/sys/exec_elf.h
index e077519..80580a0 100644 (file)
--- a/sys/sys/exec_elf.h
+++ b/sys/sys/exec_elf.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: exec_elf.h,v 1.99 2023/04/16 13:35:58 kettenis Exp $  */
+/*     $OpenBSD: exec_elf.h,v 1.100 2023/04/19 15:37:36 kettenis Exp $ */
 /*
  * Copyright (c) 1995, 1996 Erik Theisen.  All rights reserved.
  *
@@ -481,6 +481,7 @@ typedef struct {
 #define PT_OPENBSD_MUTABLE     0x65a3dbe5      /* like bss, but not immutable */
 #define PT_OPENBSD_RANDOMIZE   0x65a3dbe6      /* fill with random data */
 #define PT_OPENBSD_WXNEEDED    0x65a3dbe7      /* program performs W^X violations */
+#define PT_OPENBSD_NOBTCFI     0x65a3dbe8      /* no branch target CFI */
 #define PT_OPENBSD_BOOTDATA    0x65a41be6      /* section for boot arguments */
 
 /* Segment flags - p_flags */