diff options
author | Mark Kettenis <kettenis@cvs.openbsd.org> | 2018-10-30 11:08:31 +0000 |
---|---|---|
committer | Mark Kettenis <kettenis@cvs.openbsd.org> | 2018-10-30 11:08:31 +0000 |
commit | d9889404df2d122f758c71a9a8bbf626b47cf900 (patch) | |
tree | ecd56f1b0a6aa3ed9925e3935b2c786204dabb31 /sys/arch/amd64 | |
parent | 753808a8145cb55e3510951c046e5b281c54eae6 (diff) |
The way we currently generate gap.o using a linker script results in .rodata
and .data segments that have the X (executable) flag set when using lld.
This doesn't result in those sections being mapped executable in the bsd
kernel, but it does result in the X flag being set on those sections in
the final kernel binary, which confuses some scanning tools for (ROP)
gadgets.
Fix this by tweaking the generated gapdummy.c file that is used for
building gap.o. It now defines the .rodata section using inline asm.
This also fixes .data as it will inherit its flags from .rodata.
ok deraadt@, mortimer@
Diffstat (limited to 'sys/arch/amd64')
-rw-r--r-- | sys/arch/amd64/conf/Makefile.amd64 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/arch/amd64/conf/Makefile.amd64 b/sys/arch/amd64/conf/Makefile.amd64 index 2afdae5472c..a1441d1b5b4 100644 --- a/sys/arch/amd64/conf/Makefile.amd64 +++ b/sys/arch/amd64/conf/Makefile.amd64 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.amd64,v 1.105 2018/10/16 16:39:18 naddy Exp $ +# $OpenBSD: Makefile.amd64,v 1.106 2018/10/30 11:08:30 kettenis Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -135,7 +135,7 @@ ld.script: ${_machdir}/conf/ld.script cp ${_machdir}/conf/ld.script $@ gapdummy.o: - echo 'const char gapdummy;' > gapdummy.c + echo '__asm(".section .rodata,\"a\"");' > gapdummy.c ${CC} -c ${CFLAGS} ${CPPFLAGS} gapdummy.c -o $@ makegap.sh: |