From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
stable@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Nick Desaulniers <ndesaulniers@google.com>,
Nathan Chancellor <nathan@kernel.org>
Subject: [PATCH] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
Date: Fri, 8 Oct 2021 18:58:40 +0200 [thread overview]
Message-ID: <8900731fbc05fb8b0de18af7133a8fc07c3c53a1.1633712176.git.christophe.leroy@csgroup.eu> (raw)
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the
function content zeroes only:
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 00 00 00 00 .long 0x0
Add the contents flag in order to keep the content of the section
while renaming it.
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 4e 80 00 20 blr
Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Cc: stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
drivers/misc/lkdtm/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile
index aa12097668d3..e2984ce51fe4 100644
--- a/drivers/misc/lkdtm/Makefile
+++ b/drivers/misc/lkdtm/Makefile
@@ -20,7 +20,7 @@ CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO)
OBJCOPYFLAGS :=
OBJCOPYFLAGS_rodata_objcopy.o := \
- --rename-section .noinstr.text=.rodata,alloc,readonly,load
+ --rename-section .noinstr.text=.rodata,alloc,readonly,load,contents
targets += rodata.o rodata_objcopy.o
$(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE
$(call if_changed,objcopy)
--
2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Nathan Chancellor <nathan@kernel.org>,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
Date: Fri, 8 Oct 2021 18:58:40 +0200 [thread overview]
Message-ID: <8900731fbc05fb8b0de18af7133a8fc07c3c53a1.1633712176.git.christophe.leroy@csgroup.eu> (raw)
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the
function content zeroes only:
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 00 00 00 00 .long 0x0
Add the contents flag in order to keep the content of the section
while renaming it.
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 4e 80 00 20 blr
Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Cc: stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
drivers/misc/lkdtm/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile
index aa12097668d3..e2984ce51fe4 100644
--- a/drivers/misc/lkdtm/Makefile
+++ b/drivers/misc/lkdtm/Makefile
@@ -20,7 +20,7 @@ CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO)
OBJCOPYFLAGS :=
OBJCOPYFLAGS_rodata_objcopy.o := \
- --rename-section .noinstr.text=.rodata,alloc,readonly,load
+ --rename-section .noinstr.text=.rodata,alloc,readonly,load,contents
targets += rodata.o rodata_objcopy.o
$(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE
$(call if_changed,objcopy)
--
2.31.1
next reply other threads:[~2021-10-08 16:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-08 16:58 Christophe Leroy [this message]
2021-10-08 16:58 ` [PATCH] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() Christophe Leroy
2021-10-08 18:09 ` Nick Desaulniers
2021-10-08 18:09 ` Nick Desaulniers
2021-10-08 21:16 ` Kees Cook
2021-10-08 21:16 ` Kees Cook
2021-10-08 21:17 ` Kees Cook
2021-10-08 21:17 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8900731fbc05fb8b0de18af7133a8fc07c3c53a1.1633712176.git.christophe.leroy@csgroup.eu \
--to=christophe.leroy@csgroup.eu \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.