iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

powerpc: Mark .opd section read-only

Browse Source 
.opd section contains function descriptors used to locate
functions in the kernel. If someone is able to modify a
function descriptor he will be able to run arbitrary
kernel function instead of another.

To avoid that, move .opd section inside read-only memory.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/3cd40b682fb6f75bb40947b55ca0bac20cb3f995.1634136222.git.christophe.leroy@csgroup.eu
This commit is contained in:
Christophe Leroy 2021-10-13 16:43:54 +02:00 committed by Michael Ellerman
parent 8f6aca0e0f
commit 3091f5fc5f
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
arch/powerpc/kernel/vmlinux.lds.S
View File

@ -143,6 +143,12 @@ SECTIONS
SOFT_MASK_TABLE(8) SOFT_MASK_TABLE(8)
RESTART_TABLE(8) RESTART_TABLE(8)
.opd : AT(ADDR(.opd) - LOAD_OFFSET) {
__start_opd = .;
KEEP(*(.opd))
__end_opd = .;
}
. = ALIGN(8); . = ALIGN(8);
__stf_entry_barrier_fixup : AT(ADDR(__stf_entry_barrier_fixup) - LOAD_OFFSET) { __stf_entry_barrier_fixup : AT(ADDR(__stf_entry_barrier_fixup) - LOAD_OFFSET) {
__start___stf_entry_barrier_fixup = .; __start___stf_entry_barrier_fixup = .;
@ -339,12 +345,6 @@ SECTIONS
*(.branch_lt) *(.branch_lt)
} }
.opd : AT(ADDR(.opd) - LOAD_OFFSET) {
__start_opd = .;
KEEP(*(.opd))
__end_opd = .;
}
. = ALIGN(256); . = ALIGN(256);
.got : AT(ADDR(.got) - LOAD_OFFSET) { .got : AT(ADDR(.got) - LOAD_OFFSET) {
__toc_start = .; __toc_start = .;