x86/build: Enforce an empty .got.plt section

The .got.plt section should always be zero (or filled only with the linker-generated lazy dispatch entry). Enforce this with an assert and mark the section as INFO. This is more sensitive than just blindly discarding the section. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> Link: https://lore.kernel.org/r/20200821194310.3089815-24-keescook@chromium.org
2020-08-21 12:43:04 -07:00 · 2020-08-21 12:43:04 -07:00 · 815d680771
parent a850958c07
commit 815d680771
1 changed files with 13 additions and 1 deletions
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@ -414,8 +414,20 @@ SECTIONS
 	ELF_DETAILS

 	DISCARDS
-}

+	/*
+	 * Make sure that the .got.plt is either completely empty or it
+	 * contains only the lazy dispatch entries.
+	 */
+	.got.plt (INFO) : { *(.got.plt) }
+	ASSERT(SIZEOF(.got.plt) == 0 ||
+#ifdef CONFIG_X86_64
+	       SIZEOF(.got.plt) == 0x18,
+#else
+	       SIZEOF(.got.plt) == 0xc,
+#endif
+	       "Unexpected GOT/PLT entries detected!")
+}

 #ifdef CONFIG_X86_32
 /*