summaryrefslogtreecommitdiff
path: root/sys/arch/amd64
diff options
context:
space:
mode:
authorMark Kettenis <kettenis@cvs.openbsd.org>2018-10-30 11:08:31 +0000
committerMark Kettenis <kettenis@cvs.openbsd.org>2018-10-30 11:08:31 +0000
commitd9889404df2d122f758c71a9a8bbf626b47cf900 (patch)
treeecd56f1b0a6aa3ed9925e3935b2c786204dabb31 /sys/arch/amd64
parent753808a8145cb55e3510951c046e5b281c54eae6 (diff)
The way we currently generate gap.o using a linker script results in .rodata
and .data segments that have the X (executable) flag set when using lld. This doesn't result in those sections being mapped executable in the bsd kernel, but it does result in the X flag being set on those sections in the final kernel binary, which confuses some scanning tools for (ROP) gadgets. Fix this by tweaking the generated gapdummy.c file that is used for building gap.o. It now defines the .rodata section using inline asm. This also fixes .data as it will inherit its flags from .rodata. ok deraadt@, mortimer@
Diffstat (limited to 'sys/arch/amd64')
-rw-r--r--sys/arch/amd64/conf/Makefile.amd644
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/arch/amd64/conf/Makefile.amd64 b/sys/arch/amd64/conf/Makefile.amd64
index 2afdae5472c..a1441d1b5b4 100644
--- a/sys/arch/amd64/conf/Makefile.amd64
+++ b/sys/arch/amd64/conf/Makefile.amd64
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.amd64,v 1.105 2018/10/16 16:39:18 naddy Exp $
+# $OpenBSD: Makefile.amd64,v 1.106 2018/10/30 11:08:30 kettenis Exp $
# For instructions on building kernels consult the config(8) and options(4)
# manual pages.
@@ -135,7 +135,7 @@ ld.script: ${_machdir}/conf/ld.script
cp ${_machdir}/conf/ld.script $@
gapdummy.o:
- echo 'const char gapdummy;' > gapdummy.c
+ echo '__asm(".section .rodata,\"a\"");' > gapdummy.c
${CC} -c ${CFLAGS} ${CPPFLAGS} gapdummy.c -o $@
makegap.sh: