* [PATCH] powerpc: Mark .opd section read-only
@ 2021-10-13 14:43 ` Christophe Leroy
0 siblings, 0 replies; 4+ messages in thread
From: Christophe Leroy @ 2021-10-13 14:43 UTC (permalink / raw)
To: Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman
Cc: Christophe Leroy, linux-kernel, linuxppc-dev
.opd section contains function descriptors used to locate
functions in the kernel. If someone is able to modify a
function descriptor he will be able to run arbitrary
kernel function instead of another.
To avoid that, move .opd section inside read-only memory.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/kernel/vmlinux.lds.S | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 40bdefe9caa7..18e42c74abdd 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -143,6 +143,12 @@ SECTIONS
SOFT_MASK_TABLE(8)
RESTART_TABLE(8)
+ .opd : AT(ADDR(.opd) - LOAD_OFFSET) {
+ __start_opd = .;
+ KEEP(*(.opd))
+ __end_opd = .;
+ }
+
. = ALIGN(8);
__stf_entry_barrier_fixup : AT(ADDR(__stf_entry_barrier_fixup) - LOAD_OFFSET) {
__start___stf_entry_barrier_fixup = .;
@@ -339,12 +345,6 @@ SECTIONS
*(.branch_lt)
}
- .opd : AT(ADDR(.opd) - LOAD_OFFSET) {
- __start_opd = .;
- KEEP(*(.opd))
- __end_opd = .;
- }
-
. = ALIGN(256);
.got : AT(ADDR(.got) - LOAD_OFFSET) {
__toc_start = .;
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] powerpc: Mark .opd section read-only
@ 2021-10-13 14:43 ` Christophe Leroy
0 siblings, 0 replies; 4+ messages in thread
From: Christophe Leroy @ 2021-10-13 14:43 UTC (permalink / raw)
To: Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman
Cc: linuxppc-dev, linux-kernel
.opd section contains function descriptors used to locate
functions in the kernel. If someone is able to modify a
function descriptor he will be able to run arbitrary
kernel function instead of another.
To avoid that, move .opd section inside read-only memory.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/kernel/vmlinux.lds.S | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 40bdefe9caa7..18e42c74abdd 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -143,6 +143,12 @@ SECTIONS
SOFT_MASK_TABLE(8)
RESTART_TABLE(8)
+ .opd : AT(ADDR(.opd) - LOAD_OFFSET) {
+ __start_opd = .;
+ KEEP(*(.opd))
+ __end_opd = .;
+ }
+
. = ALIGN(8);
__stf_entry_barrier_fixup : AT(ADDR(__stf_entry_barrier_fixup) - LOAD_OFFSET) {
__start___stf_entry_barrier_fixup = .;
@@ -339,12 +345,6 @@ SECTIONS
*(.branch_lt)
}
- .opd : AT(ADDR(.opd) - LOAD_OFFSET) {
- __start_opd = .;
- KEEP(*(.opd))
- __end_opd = .;
- }
-
. = ALIGN(256);
.got : AT(ADDR(.got) - LOAD_OFFSET) {
__toc_start = .;
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] powerpc: Mark .opd section read-only
2021-10-13 14:43 ` Christophe Leroy
@ 2021-11-02 10:11 ` Michael Ellerman
-1 siblings, 0 replies; 4+ messages in thread
From: Michael Ellerman @ 2021-11-02 10:11 UTC (permalink / raw)
To: Paul Mackerras, Michael Ellerman, Christophe Leroy,
Benjamin Herrenschmidt
Cc: linux-kernel, linuxppc-dev
On Wed, 13 Oct 2021 16:43:54 +0200, Christophe Leroy wrote:
> .opd section contains function descriptors used to locate
> functions in the kernel. If someone is able to modify a
> function descriptor he will be able to run arbitrary
> kernel function instead of another.
>
> To avoid that, move .opd section inside read-only memory.
>
> [...]
Applied to powerpc/next.
[1/1] powerpc: Mark .opd section read-only
https://git.kernel.org/powerpc/c/3091f5fc5f1df7741ddf326561384e0997eca2a1
cheers
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] powerpc: Mark .opd section read-only
@ 2021-11-02 10:11 ` Michael Ellerman
0 siblings, 0 replies; 4+ messages in thread
From: Michael Ellerman @ 2021-11-02 10:11 UTC (permalink / raw)
To: Paul Mackerras, Michael Ellerman, Christophe Leroy,
Benjamin Herrenschmidt
Cc: linuxppc-dev, linux-kernel
On Wed, 13 Oct 2021 16:43:54 +0200, Christophe Leroy wrote:
> .opd section contains function descriptors used to locate
> functions in the kernel. If someone is able to modify a
> function descriptor he will be able to run arbitrary
> kernel function instead of another.
>
> To avoid that, move .opd section inside read-only memory.
>
> [...]
Applied to powerpc/next.
[1/1] powerpc: Mark .opd section read-only
https://git.kernel.org/powerpc/c/3091f5fc5f1df7741ddf326561384e0997eca2a1
cheers
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-02 11:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-13 14:43 [PATCH] powerpc: Mark .opd section read-only Christophe Leroy
2021-10-13 14:43 ` Christophe Leroy
2021-11-02 10:11 ` Michael Ellerman
2021-11-02 10:11 ` Michael Ellerman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.