[PATCH v5 29/36] x86/build: Enforce an empty .got.plt section

From: Kees Cook
Date: Fri Jul 31 2020 - 19:18:41 EST

Next message: Kees Cook: "[PATCH v5 27/36] arm/boot: Warn on orphan section placement"
Previous message: Kees Cook: "[PATCH v5 26/36] arm/boot: Handle all sections explicitly"
In reply to: Kees Cook: "[PATCH v5 26/36] arm/boot: Handle all sections explicitly"
Next in thread: Arvind Sankar: "Re: [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The .got.plt section should always be zero (or filled only with the
linker-generated lazy dispatch entry). Enforce this with an assert and
mark the section as NOLOAD. This is more sensitive than just blindly
discarding the section.

Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0cc035cb15f1..7faffe7414d6 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -414,8 +414,20 @@ SECTIONS
ELF_DETAILS

DISCARDS
-}

+ /*
+ * Make sure that the .got.plt is either completely empty or it
+ * contains only the lazy dispatch entries.
+ */
+ .got.plt (NOLOAD) : { *(.got.plt) }
+ ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+ SIZEOF(.got.plt) == 0x18,
+#else
+ SIZEOF(.got.plt) == 0xc,
+#endif
+ "Unexpected GOT/PLT entries detected!")
+}

#ifdef CONFIG_X86_32
/*
--
2.25.1

Next message: Kees Cook: "[PATCH v5 27/36] arm/boot: Warn on orphan section placement"
Previous message: Kees Cook: "[PATCH v5 26/36] arm/boot: Handle all sections explicitly"
In reply to: Kees Cook: "[PATCH v5 26/36] arm/boot: Handle all sections explicitly"
Next in thread: Arvind Sankar: "Re: [PATCH v5 29/36] x86/build: Enforce an empty .got.plt section"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]