[tip: core/build] x86/build: Enforce an empty .got.plt section
From: tip-bot2 for Kees Cook
Date: Tue Sep 01 2020 - 10:55:32 EST
The following commit has been merged into the core/build branch of tip:
Commit-ID: 815d680771ae09080d2da83dac2647c08cdf99ce
Gitweb: https://git.kernel.org/tip/815d680771ae09080d2da83dac2647c08cdf99ce
Author: Kees Cook <keescook@xxxxxxxxxxxx>
AuthorDate: Fri, 21 Aug 2020 12:43:04 -07:00
Committer: Ingo Molnar <mingo@xxxxxxxxxx>
CommitterDate: Tue, 01 Sep 2020 10:03:18 +02:00
x86/build: Enforce an empty .got.plt section
The .got.plt section should always be zero (or filled only with the
linker-generated lazy dispatch entry). Enforce this with an assert and
mark the section as INFO. This is more sensitive than just blindly
discarding the section.
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20200821194310.3089815-24-keescook@xxxxxxxxxxxx
---
arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 0cc035c..4b1b936 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -414,8 +414,20 @@ SECTIONS
ELF_DETAILS
DISCARDS
-}
+ /*
+ * Make sure that the .got.plt is either completely empty or it
+ * contains only the lazy dispatch entries.
+ */
+ .got.plt (INFO) : { *(.got.plt) }
+ ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+ SIZEOF(.got.plt) == 0x18,
+#else
+ SIZEOF(.got.plt) == 0xc,
+#endif
+ "Unexpected GOT/PLT entries detected!")
+}
#ifdef CONFIG_X86_32
/*