[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Xen-devel] [PATCH v3 24/27] x86/mm: Make the x86 GOT read-only
- To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, "David S . Miller" <davem@xxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Thomas Garnier <thgarnie@xxxxxxxxxx>, Philippe Ombredanne <pombredanne@xxxxxxxx>, Kate Stewart <kstewart@xxxxxxxxxxxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Yonghong Song <yhs@xxxxxx>, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, "Rafael J . Wysocki" <rjw@xxxxxxxxxxxxx>, Len Brown <len.brown@xxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Alok Kataria <akataria@xxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Jan Kiszka <jan.kiszka@xxxxxxxxxxx>, Tejun Heo <tj@xxxxxxxxxx>, Christoph Lameter <cl@xxxxxxxxx>, Dennis Zhou <dennisszhou@xxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Alexey Dobriyan <adobriyan@xxxxxxxxx>, Masami Hiramatsu <mhiramat@xxxxxxxxxx>, Cao jin <caoj.fnst@xxxxxxxxxxxxxx>, Francis Deslauriers <francis.deslauriers@xxxxxxxxxxxx>, "Paul E . McKenney" <paulmck@xxxxxxxxxxxxxxxxxx>, Nicolas Pitre <nicolas.pitre@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Luis R . Rodriguez" <mcgrof@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Christopher Li <sparse@xxxxxxxxxxx>, Jason Baron <jbaron@xxxxxxxxxx>, Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>, Lukas Wunner <lukas@xxxxxxxxx>, Dou Liyang <douly.fnst@xxxxxxxxxxxxxx>, Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx>, Petr Mladek <pmladek@xxxxxxxx>, Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Nicholas Piggin <npiggin@xxxxxxxxx>, "H . J . Lu" <hjl.tools@xxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Jia Zhang <qianyue.zj@xxxxxxxxxxxxxxx>, Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Matthias Kaehlcke <mka@xxxxxxxxxxxx>, Baoquan He <bhe@xxxxxxxxxx>, Jan H . Schönherr <jschoenh@xxxxxxxxx>, Daniel Micay <danielmicay@xxxxxxxxx>
- From: Thomas Garnier <thgarnie@xxxxxxxxxx>
- Date: Wed, 23 May 2018 12:54:18 -0700
- Cc: linux-arch@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-pm@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, linux-doc@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx, linux-sparse@xxxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, kernel-hardening@xxxxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Wed, 23 May 2018 19:56:07 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
The GOT is changed during early boot when relocations are applied. Make
it read-only directly. This table exists only for PIE binary.
Position Independent Executable (PIE) support will allow to extended the
KASLR randomization range below the -2G memory limit.
Signed-off-by: Thomas Garnier <thgarnie@xxxxxxxxxx>
---
include/asm-generic/vmlinux.lds.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/include/asm-generic/vmlinux.lds.h
b/include/asm-generic/vmlinux.lds.h
index e373e2e10f6a..e5b0710fe693 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -314,6 +314,17 @@
__end_ro_after_init = .;
#endif
+#ifdef CONFIG_X86_PIE
+#define RO_GOT_X86 \
+ .got : AT(ADDR(.got) - LOAD_OFFSET) { \
+ VMLINUX_SYMBOL(__start_got) = .; \
+ *(.got); \
+ VMLINUX_SYMBOL(__end_got) = .; \
+ }
+#else
+#define RO_GOT_X86
+#endif
+
/*
* Read only Data
*/
@@ -370,6 +381,7 @@
__end_builtin_fw = .; \
} \
\
+ RO_GOT_X86 \
TRACEDATA \
\
/* Kernel symbol table: Normal symbols */ \
--
2.17.0.441.gb46fe60e1d-goog
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|