diff options
| author | Visa Hankala <visa@cvs.openbsd.org> | 2017-06-08 11:44:01 +0000 |
|---|---|---|
| committer | Visa Hankala <visa@cvs.openbsd.org> | 2017-06-08 11:44:01 +0000 |
| commit | e528476c1e2bc150364b671274e40ad4b56392d2 (patch) | |
| tree | cd3a10a6c9859ddf979ec91e182e6559821d2948 /sys/arch/loongson/conf | |
| parent | f80604939c9261679bc25d5ec5df2e7488aedeed (diff) | |
Split early startup code out of locore.S into locore0.S. Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code. It has be smashed,
because loongson runs in the kseg0 space.
As a result, the internal layout of every newly build bsd kernel is
different from past kernels. Internal relative offsets are not known
to an outside attacker.
Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.
Diffstat (limited to 'sys/arch/loongson/conf')
| -rw-r--r-- | sys/arch/loongson/conf/Makefile.loongson | 26 | ||||
| -rw-r--r-- | sys/arch/loongson/conf/files.loongson | 3 |
2 files changed, 21 insertions, 8 deletions
diff --git a/sys/arch/loongson/conf/Makefile.loongson b/sys/arch/loongson/conf/Makefile.loongson index 450c2060347..306d4e2b430 100644 --- a/sys/arch/loongson/conf/Makefile.loongson +++ b/sys/arch/loongson/conf/Makefile.loongson @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.loongson,v 1.56 2017/06/05 12:43:59 deraadt Exp $ +# $OpenBSD: Makefile.loongson,v 1.57 2017/06/08 11:44:00 visa Exp $ # For instructions on building kernels consult the config(8) and options(4) # manual pages. @@ -36,9 +36,13 @@ CWARNFLAGS= -Werror -Wall -Wimplicit-function-declaration \ CMACHFLAGS= -mno-abicalls ${ABI} -msoft-float -Wa,-mfix-loongson2f-btb -G 0 CMACHFLAGS+= -ffreestanding ${NOPIE_FLAGS} +SORTR= sort -R .if ${IDENT:M-DNO_PROPOLICE} CMACHFLAGS+= -fno-stack-protector .endif +.if ${IDENT:M-DSMALL_KERNEL} +SORTR= cat +.endif DEBUG?= -g COPTS?= -O2 @@ -72,13 +76,14 @@ NORMAL_S= ${CC} ${AFLAGS} ${CPPFLAGS} -c $< # ${SYSTEM_LD_HEAD} # ${SYSTEM_LD} swapxxx.o # ${SYSTEM_LD_TAIL} -SYSTEM_HEAD= locore.o param.o ioconf.o -SYSTEM_OBJ= ${SYSTEM_HEAD} ${OBJS} +SYSTEM_HEAD= locore0.o gap.o +SYSTEM_OBJ= ${SYSTEM_HEAD} ${OBJS} param.o ioconf.o SYSTEM_DEP= Makefile ${SYSTEM_OBJ} ld.script SYSTEM_LD_HEAD= @rm -f $@ SYSTEM_LD= @echo ${LD} ${LINKFLAGS} -o $@ '$${SYSTEM_HEAD} vers.o $${OBJS}'; \ umask 007; \ - ${LD} ${LINKFLAGS} -o $@ ${SYSTEM_HEAD} vers.o ${OBJS} + echo ${OBJS} param.o ioconf.o vers.o | tr " " "\n" | ${SORTR} > lorder; \ + ${LD} ${LINKFLAGS} -o $@ ${SYSTEM_HEAD} `cat lorder` SYSTEM_LD_TAIL= @${SIZE} $@ .if ${DEBUG} == "-g" @@ -125,8 +130,15 @@ vers.o: ${SYSTEM_DEP} ${SYSTEM_SWAP_DEP} sh $S/conf/newvers.sh ${CC} ${CFLAGS} ${CPPFLAGS} ${PROF} -c vers.c +gap.S: ${SYSTEM_SWAP_DEP} Makefile $S/conf/makegap.sh + umask 007; sh $S/conf/makegap.sh 0xef > gap.S + +gap.o: gap.S + umask 007; ${CC} ${AFLAGS} ${CPPFLAGS} ${PROF} -c gap.S + clean: - rm -f *bsd *bsd.gdb *.[dio] [a-z]*.s assym.* ${DB_STRUCTINFO} param.c + rm -f *bsd *bsd.gdb *.[dio] [a-z]*.s assym.* ${DB_STRUCTINFO} \ + gap.S lorder param.c cleandir: clean rm -f Makefile *.h ioconf.c options machine ${_mach} vers.c @@ -142,8 +154,8 @@ db_structinfo.h: $S/ddb/db_structinfo.c $S/ddb/parse_structinfo.pl objdump -g db_structinfo.o | perl $S/ddb/parse_structinfo.pl > $@ rm -f db_structinfo.o -locore.o: ${_machdir}/${_mach}/locore.S assym.h -context.o cp0access.o exception.o: assym.h +locore0.o: ${_machdir}/${_mach}/locore0.S assym.h +context.o cp0access.o exception.o locore.o: assym.h lcore_access.o lcore_ddb.o lcore_float.o tlbhandler.o: assym.h pmon32.o: assym.h diff --git a/sys/arch/loongson/conf/files.loongson b/sys/arch/loongson/conf/files.loongson index f647efbd38c..c28f4b5b5c3 100644 --- a/sys/arch/loongson/conf/files.loongson +++ b/sys/arch/loongson/conf/files.loongson @@ -1,4 +1,4 @@ -# $OpenBSD: files.loongson,v 1.24 2016/11/17 14:41:21 visa Exp $ +# $OpenBSD: files.loongson,v 1.25 2017/06/08 11:44:00 visa Exp $ # Standard stanzas config(8) can't run without maxpartitions 16 @@ -21,6 +21,7 @@ file arch/loongson/loongson/gdium_machdep.c cpu_loongson2 file arch/loongson/loongson/generic2e_machdep.c cpu_loongson2 file arch/loongson/loongson/generic3a_machdep.c cpu_loongson3 file arch/loongson/loongson/isa_machdep.c isa +file arch/loongson/loongson/locore.S file arch/loongson/loongson/loongson2_machdep.c file arch/loongson/loongson/loongson3_intr.c cpu_loongson3 file arch/loongson/loongson/loongson3_machdep.c cpu_loongson3 |