On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the function content zeroes only:
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>: 0: 00 00 00 00 .long 0x0
Add the contents flag in order to keep the content of the section while renaming it.
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>: 0: 4e 80 00 20 blr
Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy") Cc: stable@vger.kernel.org Cc: Kees Cook keescook@chromium.org Cc: Arnd Bergmann arnd@arndb.de Cc: Greg Kroah-Hartman gregkh@linuxfoundation.org Cc: Nick Desaulniers ndesaulniers@google.com Cc: Nathan Chancellor nathan@kernel.org Signed-off-by: Christophe Leroy christophe.leroy@csgroup.eu --- drivers/misc/lkdtm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile index aa12097668d3..e2984ce51fe4 100644 --- a/drivers/misc/lkdtm/Makefile +++ b/drivers/misc/lkdtm/Makefile @@ -20,7 +20,7 @@ CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO)
OBJCOPYFLAGS := OBJCOPYFLAGS_rodata_objcopy.o := \ - --rename-section .noinstr.text=.rodata,alloc,readonly,load + --rename-section .noinstr.text=.rodata,alloc,readonly,load,contents targets += rodata.o rodata_objcopy.o $(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE $(call if_changed,objcopy)
On Fri, Oct 8, 2021 at 9:59 AM Christophe Leroy christophe.leroy@csgroup.eu wrote:
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the function content zeroes only:
Disassembly of section .rodata: 0000000000000000 <.lkdtm_rodata_do_nothing>: 0: 00 00 00 00 .long 0x0Add the contents flag in order to keep the content of the section while renaming it.
Disassembly of section .rodata: 0000000000000000 <.lkdtm_rodata_do_nothing>: 0: 4e 80 00 20 blrFixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Thanks for the patch; sorry I broke this. Reviewed-by: Nick Desaulniers ndesaulniers@google.com
Cc: stable@vger.kernel.org Cc: Kees Cook keescook@chromium.org Cc: Arnd Bergmann arnd@arndb.de Cc: Greg Kroah-Hartman gregkh@linuxfoundation.org Cc: Nick Desaulniers ndesaulniers@google.com Cc: Nathan Chancellor nathan@kernel.org Signed-off-by: Christophe Leroy christophe.leroy@csgroup.eu
drivers/misc/lkdtm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile index aa12097668d3..e2984ce51fe4 100644 --- a/drivers/misc/lkdtm/Makefile +++ b/drivers/misc/lkdtm/Makefile @@ -20,7 +20,7 @@ CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO)
OBJCOPYFLAGS := OBJCOPYFLAGS_rodata_objcopy.o := \
--rename-section .noinstr.text=.rodata,alloc,readonly,load
--rename-section .noinstr.text=.rodata,alloc,readonly,load,contentstargets += rodata.o rodata_objcopy.o $(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE $(call if_changed,objcopy) -- 2.31.1
On Fri, Oct 08, 2021 at 11:09:47AM -0700, Nick Desaulniers wrote:
On Fri, Oct 8, 2021 at 9:59 AM Christophe Leroy christophe.leroy@csgroup.eu wrote:
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the function content zeroes only:
Disassembly of section .rodata: 0000000000000000 <.lkdtm_rodata_do_nothing>: 0: 00 00 00 00 .long 0x0Add the contents flag in order to keep the content of the section while renaming it.
Disassembly of section .rodata: 0000000000000000 <.lkdtm_rodata_do_nothing>: 0: 4e 80 00 20 blrFixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Thanks for the patch; sorry I broke this. Reviewed-by: Nick Desaulniers ndesaulniers@google.com
Hah! Whoops; sorry I don't have an inverted version of this test! I should have caught this when it broke. :|
-Kees
On Fri, 8 Oct 2021 18:58:40 +0200, Christophe Leroy wrote:
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the function content zeroes only:
Disassembly of section .rodata:
[...]
Applied to for-next/lkdtm, thanks!
[1/1] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() https://git.kernel.org/kees/c/19c3069c5f5f
Also, can you take a moment and get "patatt" set up[1] for signing your patches? I would appreciate that since b4 yells at me when patches aren't signed. :)
-Kees
[1] https://github.com/mricon/patatt
linux-stable-mirror@lists.linaro.org
-
Christophe Leroy -
Kees Cook -
Nick Desaulniers