Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp18319ima; Thu, 31 Jan 2019 11:39:51 -0800 (PST) X-Google-Smtp-Source: ALg8bN4Ux56T5J2El3Kb9s/8Dq5x4kb3rFJhnXdeyWcPV8tqIDqDrQhED17wF5BZVnZ1pxsrg2yU X-Received: by 2002:a17:902:a50a:: with SMTP id s10mr34398207plq.278.1548963591795; Thu, 31 Jan 2019 11:39:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548963591; cv=none; d=google.com; s=arc-20160816; b=0cGgFEWceSB213Sk/Mq8MCxbVQT3JUuaVmF58jxLqCLgP1+9EW2WtBPR0h7lOt6J87 HytssLycnSosmACKxjeb/9QElJ/ejrPGr7/eS7sMRLU4P9J/6eTdnSAWewK+D26CoUys SpBqE+oowcVFOWIyg6V9tls9+MwUrLY2J5ph40myFPwWVZszGAF4wNGlwmWFo0exMLGv ieVLrubrQy9uYLKqOArdbHv/uoNakKAl8xmg/NrzUp78NkDRNnbt5dCWd4YJ2YGPpW2W /6gCNEIasJ4gFwxHWFNBQZ3G3mjVuxVojSAkk21jiybtlymAgAW2M941/b3Omd7n10+s gDuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=03DhW08PwxDx+7CmSkXN5WrsmPi3V0p8jn7ZS9qbpus=; b=zI5798+EhivIjaauMvv8omFAAstJncqXPwKKuFJYJyKk/l3Yvahm3VKBLC86Z0K1TB LT/s+3nCaSAteTSRCbgoMxUdP4Ri1oybjMS2dSNem4kKfE8nLCPslnAmFXTzS1qmd1jX 7QcNOiYXRZTV0JmWcktIU0wmKbadwJu0DqsDi8iYiiD/nFrqTWq+9iX8x11CrZtXQw9N ZLKi43vJ9xtwv2GqMZUfZLM95M6V1XkHLFYQj2R4gOeZytmiTQBEmwRGrAdmfNoSLQX2 Kvtn+AVTyTd6CWaPe0AiDvE8oid0CSB2OyH/ChjS47hvTfjWRa7jk6WqvJ5k+T9U/4pZ uyzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=HQJftAgR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g8si1908840pli.50.2019.01.31.11.39.36; Thu, 31 Jan 2019 11:39:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=HQJftAgR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729471AbfAaT3a (ORCPT + 99 others); Thu, 31 Jan 2019 14:29:30 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:38601 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727866AbfAaT32 (ORCPT ); Thu, 31 Jan 2019 14:29:28 -0500 Received: by mail-pl1-f196.google.com with SMTP id e5so1925809plb.5 for ; Thu, 31 Jan 2019 11:29:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=03DhW08PwxDx+7CmSkXN5WrsmPi3V0p8jn7ZS9qbpus=; b=HQJftAgRaIad59USuyr99kBPfPoB5b/JxHSle6f3rJNLkUcnSjE/ZuAjyGJSaGcn3w V55k6m0AAvyzZIki/ywG+U5YQ5mJlGJGZK4gGuUKKsOVn8f+gwoBBNH7TC5lIJC7ENSQ ZNeBhS/Yc7ScR1O39zyJqIlRYi0HLUeToxxFY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=03DhW08PwxDx+7CmSkXN5WrsmPi3V0p8jn7ZS9qbpus=; b=cyPUaMcMimmneyLp/00kb+JiMTcV/vOuXHkEK/k4q546aGVDqZai/CA20L6VenSOla J7eYzXalyQyeF2M2wWej+kzbxiwPyt3ZiAGST8RnlwYwiLvrPkhy5XkXKi5ipYQYgu6g 28IP73CPtxn2ujkiLYdL+7sXlRvlXB7BlVdPgqJCg/giLXAlbb3cYzzZY4cHwIr4PCSN l87RWi7sYSFqe1c83adMZ28h/d3dGEYPtx3N0YMgVok+OylHAQJYhutjKvUcVP3AUlcs ZPyXnAdk7SQA5C56W5TjqIxVUAXowwntL/bvlYhAFZi9d9dY4kOyKOJLwIna1ROvXIEn XL8A== X-Gm-Message-State: AJcUukdgXF405i802yFgXRG+4KQhntTEapY1efO9Ao5SduNnQEoKmnUh cp6V2SyyJnNS8WIbRqXH9Lg4Yg== X-Received: by 2002:a17:902:8641:: with SMTP id y1mr36000898plt.159.1548962968064; Thu, 31 Jan 2019 11:29:28 -0800 (PST) Received: from skynet.sea.corp.google.com ([2620:15c:17:4:29de:3bb1:1270:e679]) by smtp.gmail.com with ESMTPSA id s130sm11164399pgc.60.2019.01.31.11.29.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Jan 2019 11:29:27 -0800 (PST) From: Thomas Garnier To: kernel-hardening@lists.openwall.com Cc: kristen@linux.intel.com, Thomas Garnier , Arnd Bergmann , linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 24/27] x86/mm: Make the x86 GOT read-only Date: Thu, 31 Jan 2019 11:24:31 -0800 Message-Id: <20190131192533.34130-25-thgarnie@chromium.org> X-Mailer: git-send-email 2.20.1.495.gaa96b0ce6b-goog In-Reply-To: <20190131192533.34130-1-thgarnie@chromium.org> References: <20190131192533.34130-1-thgarnie@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0xffffffff80000000. Signed-off-by: Thomas Garnier --- include/asm-generic/vmlinux.lds.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 3d7a6a9c2370..0a038594c878 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -323,6 +323,17 @@ __end_ro_after_init = .; #endif +#ifdef CONFIG_X86_PIE +#define RO_GOT_X86 \ + .got : AT(ADDR(.got) - LOAD_OFFSET) { \ + __start_got = .; \ + *(.got); \ + __end_got = .; \ + } +#else +#define RO_GOT_X86 +#endif + /* * Read only Data */ @@ -379,6 +390,7 @@ __end_builtin_fw = .; \ } \ \ + RO_GOT_X86 \ TRACEDATA \ \ /* Kernel symbol table: Normal symbols */ \ -- 2.20.1.495.gaa96b0ce6b-goog