summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Kettenis <kettenis@cvs.openbsd.org>2018-10-30 11:10:04 +0000
committerMark Kettenis <kettenis@cvs.openbsd.org>2018-10-30 11:10:04 +0000
commit79190ea628624babaa2d3047dc1f0d1d4ea507ff (patch)
treeb1773358f5f98e1a67f8f0a5a92622b825883838
parentd9889404df2d122f758c71a9a8bbf626b47cf900 (diff)
The way we currently generate gap.o using a linker script results in .rodata
and .data segments that have the X (executable) flag set when using lld. This doesn't result in those sections being mapped executable in the bsd kernel, but it does result in the X flag being set on those sections in the final kernel binary, which confuses some scanning tools for (ROP) gadgets. Fix this by tweaking the generated gapdummy.c file that is used for building gap.o. It now defines the .rodata section using inline asm. This also fixes .data as it will inherit its flags from .rodata. ok deraadt@, mortimer@
-rw-r--r--sys/arch/arm64/conf/Makefile.arm644
-rw-r--r--sys/arch/armv7/conf/Makefile.armv74
2 files changed, 4 insertions, 4 deletions
diff --git a/sys/arch/arm64/conf/Makefile.arm64 b/sys/arch/arm64/conf/Makefile.arm64
index b18c6cbff87..e7780e41196 100644
--- a/sys/arch/arm64/conf/Makefile.arm64
+++ b/sys/arch/arm64/conf/Makefile.arm64
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.arm64,v 1.29 2018/09/14 13:49:01 naddy Exp $
+# $OpenBSD: Makefile.arm64,v 1.30 2018/10/30 11:10:03 kettenis Exp $
# For instructions on building kernels consult the config(8) and options(4)
# manual pages.
@@ -118,7 +118,7 @@ ld.script: ${_archdir}/conf/kern.ldscript
sed -e 's/@KERNEL_BASE_PHYS@/${KERNEL_BASE_PHYS}/' \
-e 's/@KERNEL_BASE_VIRT@/${KERNEL_BASE_VIRT}/' > ld.script
gapdummy.o:
- echo 'const char gapdummy;' > gapdummy.c
+ echo '__asm(".section .rodata,\"a\"");' > gapdummy.c
${CC} -c ${CFLAGS} ${CPPFLAGS} gapdummy.c -o $@
makegap.sh:
diff --git a/sys/arch/armv7/conf/Makefile.armv7 b/sys/arch/armv7/conf/Makefile.armv7
index 4515f5e9646..4686ba9227d 100644
--- a/sys/arch/armv7/conf/Makefile.armv7
+++ b/sys/arch/armv7/conf/Makefile.armv7
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.armv7,v 1.42 2018/09/14 13:49:01 naddy Exp $
+# $OpenBSD: Makefile.armv7,v 1.43 2018/10/30 11:10:03 kettenis Exp $
# For instructions on building kernels consult the config(8) and options(4)
# manual pages.
@@ -126,7 +126,7 @@ ld.script: ${_archdir}/conf/kern.ldscript
-e 's/(KERNEL_BASE_phys)/(KERNEL_BASE_virt)/' > ld.script
gapdummy.o:
- echo 'const char gapdummy;' > gapdummy.c
+ echo '__asm(".section .rodata,\"a\"");' > gapdummy.c
${CC} -c ${CFLAGS} ${CPPFLAGS} gapdummy.c -o $@
makegap.sh: