Re: [PATCH] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
On Fri, Oct 8, 2021 at 9:59 AM Christophe Leroy
wrote:
>
> On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
> test leads to "Illegal instruction" failure.
>
> Looking at the content of rodata_objcopy.o, we see that the
> function content zeroes only:
>
> Disassembly of section .rodata:
>
> <.lkdtm_rodata_do_nothing>:
>0: 00 00 00 00 .long 0x0
>
> Add the contents flag in order to keep the content of the section
> while renaming it.
>
> Disassembly of section .rodata:
>
> <.lkdtm_rodata_do_nothing>:
>0: 4e 80 00 20 blr
>
> Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Thanks for the patch; sorry I broke this.
Reviewed-by: Nick Desaulniers
> Cc: sta...@vger.kernel.org
> Cc: Kees Cook
> Cc: Arnd Bergmann
> Cc: Greg Kroah-Hartman
> Cc: Nick Desaulniers
> Cc: Nathan Chancellor
> Signed-off-by: Christophe Leroy
> ---
> drivers/misc/lkdtm/Makefile | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile
> index aa12097668d3..e2984ce51fe4 100644
> --- a/drivers/misc/lkdtm/Makefile
> +++ b/drivers/misc/lkdtm/Makefile
> @@ -20,7 +20,7 @@ CFLAGS_REMOVE_rodata.o+= $(CC_FLAGS_LTO)
>
> OBJCOPYFLAGS :=
> OBJCOPYFLAGS_rodata_objcopy.o := \
> - --rename-section
> .noinstr.text=.rodata,alloc,readonly,load
> + --rename-section
> .noinstr.text=.rodata,alloc,readonly,load,contents
> targets += rodata.o rodata_objcopy.o
> $(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE
> $(call if_changed,objcopy)
> --
> 2.31.1
>
--
Thanks,
~Nick Desaulniers
Re: [PATCH] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
On Fri, 8 Oct 2021 18:58:40 +0200, Christophe Leroy wrote: > On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA > test leads to "Illegal instruction" failure. > > Looking at the content of rodata_objcopy.o, we see that the > function content zeroes only: > > Disassembly of section .rodata: > > [...] Applied to for-next/lkdtm, thanks! [1/1] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() https://git.kernel.org/kees/c/19c3069c5f5f Also, can you take a moment and get "patatt" set up[1] for signing your patches? I would appreciate that since b4 yells at me when patches aren't signed. :) -Kees [1] https://github.com/mricon/patatt -- Kees Cook
Re: [PATCH] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
On Fri, Oct 08, 2021 at 11:09:47AM -0700, Nick Desaulniers wrote:
> On Fri, Oct 8, 2021 at 9:59 AM Christophe Leroy
> wrote:
> >
> > On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
> > test leads to "Illegal instruction" failure.
> >
> > Looking at the content of rodata_objcopy.o, we see that the
> > function content zeroes only:
> >
> > Disassembly of section .rodata:
> >
> > <.lkdtm_rodata_do_nothing>:
> >0: 00 00 00 00 .long 0x0
> >
> > Add the contents flag in order to keep the content of the section
> > while renaming it.
> >
> > Disassembly of section .rodata:
> >
> > <.lkdtm_rodata_do_nothing>:
> >0: 4e 80 00 20 blr
> >
> > Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
>
> Thanks for the patch; sorry I broke this.
> Reviewed-by: Nick Desaulniers
Hah! Whoops; sorry I don't have an inverted version of this test! I
should have caught this when it broke. :|
-Kees
--
Kees Cook
