diff options
author | Stefan Fritsch <sf@cvs.openbsd.org> | 2018-07-13 08:30:35 +0000 |
---|---|---|
committer | Stefan Fritsch <sf@cvs.openbsd.org> | 2018-07-13 08:30:35 +0000 |
commit | 8ac70c3c9d880e70f1049b4601def123c4edb2ea (patch) | |
tree | 4f1c456f36dcd5bc0ee4e82d4665ef6902e77398 /sys/arch | |
parent | 868ec0e8bed6aec257096afd5b610496c83fe0aa (diff) |
Disable codepatching infrastructure after boot
This way, it is not available for use in ROP attacks. This diff puts the
codepatching code into a separate section and unmaps that section after boot.
In the future, the memory could potentially be reused but that would require
larger changes.
ok pguenther@
Diffstat (limited to 'sys/arch')
-rw-r--r-- | sys/arch/amd64/amd64/codepatch.c | 17 | ||||
-rw-r--r-- | sys/arch/amd64/amd64/mainbus.c | 4 | ||||
-rw-r--r-- | sys/arch/amd64/conf/ld.script | 11 | ||||
-rw-r--r-- | sys/arch/amd64/include/codepatch.h | 18 |
4 files changed, 40 insertions, 10 deletions
diff --git a/sys/arch/amd64/amd64/codepatch.c b/sys/arch/amd64/amd64/codepatch.c index a6a0194f51a..57cc9784f6f 100644 --- a/sys/arch/amd64/amd64/codepatch.c +++ b/sys/arch/amd64/amd64/codepatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: codepatch.c,v 1.6 2017/10/14 04:44:43 jsg Exp $ */ +/* $OpenBSD: codepatch.c,v 1.7 2018/07/13 08:30:34 sf Exp $ */ /* * Copyright (c) 2014-2015 Stefan Fritsch <sf@sfritsch.de> * @@ -17,6 +17,8 @@ #include <sys/param.h> #include <uvm/uvm_extern.h> +#include <machine/codepatch.h> +#include <uvm/uvm_extern.h> /* round_page */ #ifdef CODEPATCH_DEBUG #define DBGPRINT(fmt, args...) printf("%s: " fmt "\n", __func__, ## args) @@ -34,6 +36,8 @@ CTASSERT(sizeof(struct codepatch) % 8 == 0); extern struct codepatch codepatch_begin; extern struct codepatch codepatch_end; +extern char __cptext_start[]; +extern char __cptext_end[]; void codepatch_fill_nop(void *caddr, uint16_t len) @@ -174,3 +178,14 @@ codepatch_call(uint16_t tag, void *func) codepatch_unmaprw(rwmap); DBGPRINT("patched %d places", i); } + +void +codepatch_disable(void) +{ + size_t size = round_page(__cptext_end - __cptext_start); + /* If this assert fails, something is wrong with the cptext section */ + KASSERT(size > 0); + pmap_kremove((vaddr_t)__cptext_start, size); + pmap_update(pmap_kernel()); + DBGPRINT("%s: Unmapped %#zx bytes\n", __func__, size); +} diff --git a/sys/arch/amd64/amd64/mainbus.c b/sys/arch/amd64/amd64/mainbus.c index f3083712e1f..2f0a74f51d2 100644 --- a/sys/arch/amd64/amd64/mainbus.c +++ b/sys/arch/amd64/amd64/mainbus.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mainbus.c,v 1.43 2018/04/25 00:46:28 jsg Exp $ */ +/* $OpenBSD: mainbus.c,v 1.44 2018/07/13 08:30:34 sf Exp $ */ /* $NetBSD: mainbus.c,v 1.1 2003/04/26 18:39:29 fvdl Exp $ */ /* @@ -37,6 +37,7 @@ #include <machine/bus.h> #include <machine/specialreg.h> +#include <machine/codepatch.h> #include <dev/isa/isavar.h> #include <dev/pci/pcivar.h> @@ -259,6 +260,7 @@ mainbus_attach(struct device *parent, struct device *self, void *aux) config_found(self, &mba, mainbus_print); } #endif + codepatch_disable(); } #if NEFIFB > 0 diff --git a/sys/arch/amd64/conf/ld.script b/sys/arch/amd64/conf/ld.script index 7c0ee2b8c43..0f0026ecef1 100644 --- a/sys/arch/amd64/conf/ld.script +++ b/sys/arch/amd64/conf/ld.script @@ -1,4 +1,4 @@ -/* $OpenBSD: ld.script,v 1.13 2018/07/12 14:11:11 guenther Exp $ */ +/* $OpenBSD: ld.script,v 1.14 2018/07/13 08:30:34 sf Exp $ */ /* * Copyright (c) 2009 Tobias Weingartner <weingart@tepid.org> @@ -66,6 +66,15 @@ SECTIONS __kutext_end = ABSOLUTE(.); } :text =0xcccccccc + . = ALIGN(__ALIGN_SIZE); + __kernel_cptext_phys = . + __kernel_virt_to_phys; + .cptext : AT (__kernel_cptext_phys) + { + __cptext_start = ABSOLUTE(.); + *(.cptext) + __cptext_end = ABSOLUTE(.); + } :text =0xcccccccc + PROVIDE (etext = .); _etext = .; diff --git a/sys/arch/amd64/include/codepatch.h b/sys/arch/amd64/include/codepatch.h index 1fc008bffe1..a5bfc304e1f 100644 --- a/sys/arch/amd64/include/codepatch.h +++ b/sys/arch/amd64/include/codepatch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: codepatch.h,v 1.6 2018/07/12 14:11:11 guenther Exp $ */ +/* $OpenBSD: codepatch.h,v 1.7 2018/07/13 08:30:34 sf Exp $ */ /* * Copyright (c) 2014-2015 Stefan Fritsch <sf@sfritsch.de> * @@ -22,12 +22,16 @@ #ifndef _LOCORE -void *codepatch_maprw(vaddr_t *nva, vaddr_t dest); -void codepatch_unmaprw(vaddr_t nva); -void codepatch_fill_nop(void *caddr, uint16_t len); -void codepatch_nop(uint16_t tag); -void codepatch_replace(uint16_t tag, void *code, size_t len); -void codepatch_call(uint16_t tag, void *func); +/* code in this section will be unmapped after boot */ +#define __cptext __attribute__((section(".cptext"))) + +__cptext void *codepatch_maprw(vaddr_t *nva, vaddr_t dest); +__cptext void codepatch_unmaprw(vaddr_t nva); +__cptext void codepatch_fill_nop(void *caddr, uint16_t len); +__cptext void codepatch_nop(uint16_t tag); +__cptext void codepatch_replace(uint16_t tag, void *code, size_t len); +__cptext void codepatch_call(uint16_t tag, void *func); +void codepatch_disable(void); #endif /* !_LOCORE */ |