[PATCH v5 29/36] x86/build: Enforce an empty .got.plt section

Arvind Sankar nivedita at alum.mit.edu
Fri Jul 31 22:12:48 EDT 2020


On Fri, Jul 31, 2020 at 04:08:13PM -0700, Kees Cook wrote:
> The .got.plt section should always be zero (or filled only with the
> linker-generated lazy dispatch entry). Enforce this with an assert and
> mark the section as NOLOAD. This is more sensitive than just blindly
> discarding the section.
> 
> Signed-off-by: Kees Cook <keescook at chromium.org>
> ---
>  arch/x86/kernel/vmlinux.lds.S | 14 +++++++++++++-
>  1 file changed, 13 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
> index 0cc035cb15f1..7faffe7414d6 100644
> --- a/arch/x86/kernel/vmlinux.lds.S
> +++ b/arch/x86/kernel/vmlinux.lds.S
> @@ -414,8 +414,20 @@ SECTIONS
>  	ELF_DETAILS
>  
>  	DISCARDS
> -}
>  
> +	/*
> +	 * Make sure that the .got.plt is either completely empty or it
> +	 * contains only the lazy dispatch entries.
> +	 */
> +	.got.plt (NOLOAD) : { *(.got.plt) }
> +	ASSERT(SIZEOF(.got.plt) == 0 ||
> +#ifdef CONFIG_X86_64
> +	       SIZEOF(.got.plt) == 0x18,
> +#else
> +	       SIZEOF(.got.plt) == 0xc,
> +#endif
> +	       "Unexpected GOT/PLT entries detected!")
> +}
>  
>  #ifdef CONFIG_X86_32
>  /*
> -- 
> 2.25.1
> 

Is this actually needed? vmlinux is a position-dependent executable, and
it doesn't get linked with any shared libraries, so it should never have
a .got or .got.plt at all I think? Does it show up as an orphan without
this?



More information about the linux-arm-kernel mailing list