Talos™ II Linux sources for OpenPOWER https://git.raptorcs.com/git/talos-op-linux/atom?h=master 2019-08-12T22:28:51+00:00 2019-08-12T22:28:51+00:00 Kees Cook keescook@chromium.org 2019-08-08T18:37:45+00:00 urn:sha1:b0eb93cfd516201ccf0e4d36e226cfe1b16cc1fe This adds a simple test for forward CFI (indirect function calls) with function prototype granularity (as implemented by Clang's CFI). Signed-off-by: Kees Cook <keescook@chromium.org> 2019-05-24T18:42:50+00:00 Nick Desaulniers ndesaulniers@google.com 2019-05-15T18:24:41+00:00 urn:sha1:e9e08a07385e08f1a7f85c5d1e345c21c9564963 With CONFIG_LKDTM=y and make OBJCOPY=llvm-objcopy, llvm-objcopy errors: llvm-objcopy: error: --set-section-flags=.text conflicts with --rename-section=.text=.rodata Rather than support setting flags then renaming sections vs renaming then setting flags, it's simpler to just change both at the same time via --rename-section. Adding the load flag is required for GNU objcopy to mark .rodata Type as PROGBITS after the rename. This can be verified with: $ readelf -S drivers/misc/lkdtm/rodata_objcopy.o ... Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align ... [ 1] .rodata PROGBITS 0000000000000000 00000040 0000000000000004 0000000000000000 A 0 0 4 ... Which shows that .text is now renamed .rodata, the alloc flag A is set, the type is PROGBITS, and the section is not flagged as writeable W. Cc: stable@vger.kernel.org Link: https://sourceware.org/bugzilla/show_bug.cgi?id=24554 Link: https://github.com/ClangBuiltLinux/linux/issues/448 Reported-by: Nathan Chancellor <natechancellor@gmail.com> Suggested-by: Alan Modra <amodra@gmail.com> Suggested-by: Jordan Rupprect <rupprecht@google.com> Suggested-by: Kees Cook <keescook@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Reviewed-by: Nathan Chancellor <natechancellor@gmail.com> Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-04T17:35:47+00:00 Alexander Popov alex.popov@linux.com 2018-08-16T22:17:00+00:00 urn:sha1:f90d1e0c7804b52e12fea501aa46a12c1ff6a567 Introduce an lkdtm test for the STACKLEAK feature: check that the current task stack is properly erased (filled with STACKLEAK_POISON). Signed-off-by: Alexander Popov <alex.popov@linux.com> Signed-off-by: Tycho Andersen <tycho@tycho.ws> Tested-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> 2018-03-07T03:18:55+00:00 Kees Cook keescook@chromium.org 2018-03-06T22:58:09+00:00 urn:sha1:039a1c42058db54692a6d4497508bd48555f29fb The LKDTM modules keep expanding, and it's getting weird to have each file get a prefix. Instead, move to a subdirectory for cleaner handling. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>