bc93a22a19
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the
function content zeroes only:
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 00 00 00 00 .long 0x0
Add the contents flag in order to keep the content of the section
while renaming it.
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 4e 80 00 20 blr
Fixes: e9e08a0738 ("lkdtm: support llvm-objcopy")
Cc: stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/8900731fbc05fb8b0de18af7133a8fc07c3c53a1.1633712176.git.christophe.leroy@csgroup.eu
27 lines
838 B
Makefile
27 lines
838 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
obj-$(CONFIG_LKDTM) += lkdtm.o
|
|
|
|
lkdtm-$(CONFIG_LKDTM) += core.o
|
|
lkdtm-$(CONFIG_LKDTM) += bugs.o
|
|
lkdtm-$(CONFIG_LKDTM) += heap.o
|
|
lkdtm-$(CONFIG_LKDTM) += perms.o
|
|
lkdtm-$(CONFIG_LKDTM) += refcount.o
|
|
lkdtm-$(CONFIG_LKDTM) += rodata_objcopy.o
|
|
lkdtm-$(CONFIG_LKDTM) += usercopy.o
|
|
lkdtm-$(CONFIG_LKDTM) += stackleak.o
|
|
lkdtm-$(CONFIG_LKDTM) += cfi.o
|
|
lkdtm-$(CONFIG_LKDTM) += fortify.o
|
|
lkdtm-$(CONFIG_PPC_BOOK3S_64) += powerpc.o
|
|
|
|
KASAN_SANITIZE_rodata.o := n
|
|
KASAN_SANITIZE_stackleak.o := n
|
|
KCOV_INSTRUMENT_rodata.o := n
|
|
CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO)
|
|
|
|
OBJCOPYFLAGS :=
|
|
OBJCOPYFLAGS_rodata_objcopy.o := \
|
|
--rename-section .noinstr.text=.rodata,alloc,readonly,load,contents
|
|
targets += rodata.o rodata_objcopy.o
|
|
$(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE
|
|
$(call if_changed,objcopy)
|