diff options
author | Mark Kettenis <kettenis@cvs.openbsd.org> | 2018-10-30 11:10:04 +0000 |
---|---|---|
committer | Mark Kettenis <kettenis@cvs.openbsd.org> | 2018-10-30 11:10:04 +0000 |
commit | 79190ea628624babaa2d3047dc1f0d1d4ea507ff (patch) | |
tree | b1773358f5f98e1a67f8f0a5a92622b825883838 | |
parent | d9889404df2d122f758c71a9a8bbf626b47cf900 (diff) |
The way we currently generate gap.o using a linker script results in .rodata
and .data segments that have the X (executable) flag set when using lld.
This doesn't result in those sections being mapped executable in the bsd
kernel, but it does result in the X flag being set on those sections in
the final kernel binary, which confuses some scanning tools for (ROP)
gadgets.
Fix this by tweaking the generated gapdummy.c file that is used for
building gap.o. It now defines the .rodata section using inline asm.
This also fixes .data as it will inherit its flags from .rodata.
ok deraadt@, mortimer@
-rw-r--r-- | sys/arch/arm64/conf/Makefile.arm64 | 4 | ||||
-rw-r--r-- | sys/arch/armv7/conf/Makefile.armv7 | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/sys/arch/arm64/conf/Makefile.arm64 b/sys/arch/arm64/conf/Makefile.arm64 index b18c6cbff87..e7780e41196 100644 --- a/sys/arch/arm64/conf/Makefile.arm64 +++ b/sys/arch/arm64/conf/Makefile.arm64 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.arm64,v 1.29 2018/09/14 13:49:01 naddy Exp $ +# $OpenBSD: Makefile.arm64,v 1.30 2018/10/30 11:10:03 kettenis Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -118,7 +118,7 @@ ld.script: ${_archdir}/conf/kern.ldscript sed -e 's/@KERNEL_BASE_PHYS@/${KERNEL_BASE_PHYS}/' \ -e 's/@KERNEL_BASE_VIRT@/${KERNEL_BASE_VIRT}/' > ld.script gapdummy.o: - echo 'const char gapdummy;' > gapdummy.c + echo '__asm(".section .rodata,\"a\"");' > gapdummy.c ${CC} -c ${CFLAGS} ${CPPFLAGS} gapdummy.c -o $@ makegap.sh: diff --git a/sys/arch/armv7/conf/Makefile.armv7 b/sys/arch/armv7/conf/Makefile.armv7 index 4515f5e9646..4686ba9227d 100644 --- a/sys/arch/armv7/conf/Makefile.armv7 +++ b/sys/arch/armv7/conf/Makefile.armv7 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.armv7,v 1.42 2018/09/14 13:49:01 naddy Exp $ +# $OpenBSD: Makefile.armv7,v 1.43 2018/10/30 11:10:03 kettenis Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -126,7 +126,7 @@ ld.script: ${_archdir}/conf/kern.ldscript -e 's/(KERNEL_BASE_phys)/(KERNEL_BASE_virt)/' > ld.script gapdummy.o: - echo 'const char gapdummy;' > gapdummy.c + echo '__asm(".section .rodata,\"a\"");' > gapdummy.c ${CC} -c ${CFLAGS} ${CPPFLAGS} gapdummy.c -o $@ makegap.sh: |