diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-05-31 19:18:20 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-05-31 19:18:20 +0000 |
| commit | c4cda060d41613faf55d1850cf44830fd702efe9 (patch) | |
| tree | c863e437ff6ed15b3e3496eafcba9dd7f2e8a42a /sys/arch/i386/conf | |
| parent | 8b03cf129e5e2d5a745565e8568bd6f752b55f19 (diff) | |
Split early startup code out of locore.S into locore0.S. Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, unmap the early startup code.
As a result, the internal layout of every newly build bsd kernel is
different from past kernels. Internal relative offsets are not known
to an outside attacker. The only known offsets are in the startup code,
which has been unmapped.
Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.
ok kettenis mlarkin visa, also thanks to tedu for getting me back to this
Diffstat (limited to 'sys/arch/i386/conf')
| -rw-r--r-- | sys/arch/i386/conf/Makefile.i386 | 27 | ||||
| -rw-r--r-- | sys/arch/i386/conf/files.i386 | 3 | ||||
| -rw-r--r-- | sys/arch/i386/conf/ld.script | 4 |
3 files changed, 24 insertions, 10 deletions
diff --git a/sys/arch/i386/conf/Makefile.i386 b/sys/arch/i386/conf/Makefile.i386 index f45631b23a8..687fdba75a4 100644 --- a/sys/arch/i386/conf/Makefile.i386 +++ b/sys/arch/i386/conf/Makefile.i386 @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.i386,v 1.103 2017/05/28 13:20:37 jsg Exp $ +# $OpenBSD: Makefile.i386,v 1.104 2017/05/31 19:18:18 deraadt Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -29,9 +29,13 @@ CWARNFLAGS= -Werror -Wall -Wimplicit-function-declaration \ CMACHFLAGS= CMACHFLAGS+= -ffreestanding ${NOPIE_FLAGS} +SORTR= sort -R .if ${IDENT:M-DNO_PROPOLICE} CMACHFLAGS+= -fno-stack-protector .endif + .if ${IDENT:M-DSMALL_KERNEL} +SORTR= cat +.endif DEBUG?= -g COPTS?= -O2 @@ -72,12 +76,13 @@ NORMAL_S= ${CC} ${AFLAGS} ${CPPFLAGS} -c $< # ${SYSTEM_LD_HEAD} # ${SYSTEM_LD} swapxxx.o # ${SYSTEM_LD_TAIL} -SYSTEM_HEAD= locore.o param.o ioconf.o -SYSTEM_OBJ= ${SYSTEM_HEAD} ${OBJS} +SYSTEM_HEAD= locore0.o gap.o +SYSTEM_OBJ= ${SYSTEM_HEAD} ${OBJS} param.o ioconf.o SYSTEM_DEP= Makefile ${SYSTEM_OBJ} ${LDSCRIPT} SYSTEM_LD_HEAD= @rm -f $@ SYSTEM_LD= @echo ${LD} ${LINKFLAGS} -o $@ '$${SYSTEM_HEAD} vers.o $${OBJS}'; \ - ${LD} ${LINKFLAGS} -o $@ ${SYSTEM_HEAD} vers.o ${OBJS} + echo ${OBJS} param.o ioconf.o vers.o | tr " " "\n" | ${SORTR} > lorder; \ + ${LD} ${LINKFLAGS} -o $@ ${SYSTEM_HEAD} `cat lorder` SYSTEM_LD_TAIL= @${SIZE} $@; chmod 755 $@ .if ${DEBUG} == "-g" @@ -121,8 +126,15 @@ vers.o: ${SYSTEM_DEP} ${SYSTEM_SWAP_DEP} sh $S/conf/newvers.sh ${CC} ${CFLAGS} ${CPPFLAGS} ${PROF} -c vers.c +gap.S: ${SYSTEM_SWAP_DEP} Makefile + sh $S/conf/makegap.sh 0xcc > gap.S + +gap.o: gap.S + ${CC} ${AFLAGS} ${CPPFLAGS} ${PROF} -c gap.S + clean: - rm -f *bsd *bsd.gdb *.[dio] [a-z]*.s assym.* ${DB_STRUCTINFO} param.c + rm -f *bsd *bsd.gdb *.[dio] [a-z]*.s assym.* ${DB_STRUCTINFO} \ + gap.S lorder param.c cleandir: clean rm -f Makefile *.h ioconf.c options machine ${_mach} vers.c @@ -134,8 +146,9 @@ db_structinfo.h: $S/ddb/db_structinfo.c $S/ddb/parse_structinfo.pl objdump -g db_structinfo.o | perl $S/ddb/parse_structinfo.pl > $@ rm -f db_structinfo.o -locore.o: ${_machdir}/${_mach}/locore.s assym.h -in_cksum.o mptramp.o kvm86call.o acpi_wakecode.o vmm_support.o: assym.h +locore0.o: ${_machdir}/${_mach}/locore0.S assym.h +locore.o mutex.o in_cksum.o mptramp.o: assym.h +kvm86call.o acpi_wakecode.o vmm_support.o: assym.h # The install target can be redefined by putting a # install-kernel-${MACHINE_NAME} target into /etc/mk.conf diff --git a/sys/arch/i386/conf/files.i386 b/sys/arch/i386/conf/files.i386 index 2ca9e1264fd..4388e969b29 100644 --- a/sys/arch/i386/conf/files.i386 +++ b/sys/arch/i386/conf/files.i386 @@ -1,4 +1,4 @@ -# $OpenBSD: files.i386,v 1.232 2017/04/30 13:04:49 mpi Exp $ +# $OpenBSD: files.i386,v 1.233 2017/05/31 19:18:18 deraadt Exp $ # # new style config file for i386 architecture # @@ -23,6 +23,7 @@ file arch/i386/i386/in_cksum.s file arch/i386/i386/machdep.c file arch/i386/i386/hibernate_machdep.c hibernate file arch/i386/i386/via.c +file arch/i386/i386/locore.s file arch/i386/i386/amd64errata.c !small_kernel file arch/i386/i386/longrun.c !small_kernel file arch/i386/i386/mem.c diff --git a/sys/arch/i386/conf/ld.script b/sys/arch/i386/conf/ld.script index 68f1bee0090..42444b0c31f 100644 --- a/sys/arch/i386/conf/ld.script +++ b/sys/arch/i386/conf/ld.script @@ -1,4 +1,4 @@ -/* $OpenBSD: ld.script,v 1.5 2016/10/18 18:44:47 deraadt Exp $ */ +/* $OpenBSD: ld.script,v 1.6 2017/05/31 19:18:18 deraadt Exp $ */ /* * Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org> @@ -53,7 +53,7 @@ SECTIONS __text_start = ABSOLUTE(.) & 0xfffff000; __text_size = SIZEOF(.text); __text_load = LOADADDR(.text); - locore.o(.text) + locore0.o(.text) *(.text .text.*) } :text PROVIDE (__etext = .); |