[tip: x86/build] x86/vmlinux: Use INT3 instead of NOP for linker fill bytes

tip-bot2 for Kees Cook tip-bot2 at linutronix.de
Tue Nov 5 20:27:25 AEDT 2019 

The following commit has been merged into the x86/build branch of tip:

Commit-ID:     7705dc8557973d8ad8f10840f61d8ec805695e9e
Gitweb:        https://git.kernel.org/tip/7705dc8557973d8ad8f10840f61d8ec805695e9e
Author:        Kees Cook <keescook at chromium.org>
AuthorDate:    Tue, 29 Oct 2019 14:13:51 -07:00
Committer:     Borislav Petkov <bp at suse.de>
CommitterDate: Mon, 04 Nov 2019 19:10:08 +01:00

x86/vmlinux: Use INT3 instead of NOP for linker fill bytes

Instead of using 0x90 (NOP) to fill bytes between functions, which makes
it easier to sloppily target functions in function pointer overwrite
attacks, fill with 0xCC (INT3) to force a trap. Also drop the space
between "=" and the value to better match the binutils documentation

  https://sourceware.org/binutils/docs/ld/Output-Section-Fill.html#Output-Section-Fill

Example "objdump -d" before:

  ...
  ffffffff810001e0 <start_cpu0>:
  ffffffff810001e0:       48 8b 25 e1 b1 51 01    mov 0x151b1e1(%rip),%rsp        # ffffffff8251b3c8 <initial_stack>
  ffffffff810001e7:       e9 d5 fe ff ff          jmpq   ffffffff810000c1 <secondary_startup_64+0x91>
  ffffffff810001ec:       90                      nop
  ffffffff810001ed:       90                      nop
  ffffffff810001ee:       90                      nop
  ffffffff810001ef:       90                      nop

  ffffffff810001f0 <__startup_64>:
  ...

After:

  ...
  ffffffff810001e0 <start_cpu0>:
  ffffffff810001e0:       48 8b 25 41 79 53 01    mov 0x1537941(%rip),%rsp        # ffffffff82537b28 <initial_stack>
  ffffffff810001e7:       e9 d5 fe ff ff          jmpq   ffffffff810000c1 <secondary_startup_64+0x91>
  ffffffff810001ec:       cc                      int3
  ffffffff810001ed:       cc                      int3
  ffffffff810001ee:       cc                      int3
  ffffffff810001ef:       cc                      int3

  ffffffff810001f0 <__startup_64>:
  ...

Signed-off-by: Kees Cook <keescook at chromium.org>
Signed-off-by: Borislav Petkov <bp at suse.de>
Cc: Andy Lutomirski <luto at kernel.org>
Cc: Arnd Bergmann <arnd at arndb.de>
Cc: Dave Hansen <dave.hansen at linux.intel.com>
Cc: Heiko Carstens <heiko.carstens at de.ibm.com>
Cc: "H. Peter Anvin" <hpa at zytor.com>
Cc: Ingo Molnar <mingo at redhat.com>
Cc: linux-alpha at vger.kernel.org
Cc: linux-arch at vger.kernel.org
Cc: linux-arm-kernel at lists.infradead.org
Cc: linux-c6x-dev at linux-c6x.org
Cc: linux-ia64 at vger.kernel.org
Cc: linuxppc-dev at lists.ozlabs.org
Cc: linux-s390 at vger.kernel.org
Cc: Michael Ellerman <mpe at ellerman.id.au>
Cc: Michal Simek <monstr at monstr.eu>
Cc: Rick Edgecombe <rick.p.edgecombe at intel.com>
Cc: Ross Zwisler <zwisler at chromium.org>
Cc: Segher Boessenkool <segher at kernel.crashing.org>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: Thomas Lendacky <Thomas.Lendacky at amd.com>
Cc: Will Deacon <will at kernel.org>
Cc: x86-ml <x86 at kernel.org>
Cc: Yoshinori Sato <ysato at users.sourceforge.jp>
Link: https://lkml.kernel.org/r/20191029211351.13243-30-keescook@chromium.org
---
 arch/x86/kernel/vmlinux.lds.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index b06d6e1..3a1a819 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -144,7 +144,7 @@ SECTIONS
 		*(.text.__x86.indirect_thunk)
 		__indirect_thunk_end = .;
 #endif
-	} :text = 0x9090
+	} :text =0xcccc
 
 	/* End of text section, which should occupy whole number of pages */
 	_etext = .;

More information about the Linuxppc-dev mailing list