summaryrefslogtreecommitdiff
path: root/sys/arch/i386
diff options
context:
space:
mode:
authorMark Kettenis <kettenis@cvs.openbsd.org>2018-10-30 11:08:31 +0000
committerMark Kettenis <kettenis@cvs.openbsd.org>2018-10-30 11:08:31 +0000
commitd9889404df2d122f758c71a9a8bbf626b47cf900 (patch)
treeecd56f1b0a6aa3ed9925e3935b2c786204dabb31 /sys/arch/i386
parent753808a8145cb55e3510951c046e5b281c54eae6 (diff)
The way we currently generate gap.o using a linker script results in .rodata
and .data segments that have the X (executable) flag set when using lld. This doesn't result in those sections being mapped executable in the bsd kernel, but it does result in the X flag being set on those sections in the final kernel binary, which confuses some scanning tools for (ROP) gadgets. Fix this by tweaking the generated gapdummy.c file that is used for building gap.o. It now defines the .rodata section using inline asm. This also fixes .data as it will inherit its flags from .rodata. ok deraadt@, mortimer@
Diffstat (limited to 'sys/arch/i386')
-rw-r--r--sys/arch/i386/conf/Makefile.i3864
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/arch/i386/conf/Makefile.i386 b/sys/arch/i386/conf/Makefile.i386
index 2a436cf24d7..3ee65a9256e 100644
--- a/sys/arch/i386/conf/Makefile.i386
+++ b/sys/arch/i386/conf/Makefile.i386
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.i386,v 1.129 2018/10/26 13:49:15 naddy Exp $
+# $OpenBSD: Makefile.i386,v 1.130 2018/10/30 11:08:30 kettenis Exp $
# For instructions on building kernels consult the config(8) and options(4)
# manual pages.
@@ -131,7 +131,7 @@ ld.script: ${_machdir}/conf/ld.script
cp ${_machdir}/conf/ld.script $@
gapdummy.o:
- echo 'const char gapdummy;' > gapdummy.c
+ echo '__asm(".section .rodata,\"a\"");' > gapdummy.c
${CC} -c ${CFLAGS} ${CPPFLAGS} gapdummy.c -o $@
makegap.sh: