Page MenuHomeFreeBSD

Tighten the default permissions on preloaded files.
ClosedPublic

Authored by markj on Oct 1 2019, 7:11 PM.

Details

Summary
  • We load the kernel at 0x200000. Memory below that address need not be executable.
  • Remove references to the .ldata section and related sections. They were just copied from the default GNU ld linker script, but we now use lld (which doesn't embed a default linker script(!)) and we are not going to use ldata anytime soon anyway.
  • Pad the .bss to a 2MB boundary, like we do between .text and .data. This forces the loader to load additional files starting at a different 2MB page. Doing so allows us to keep using superpage mappings for data.
  • Map memory above the kernel with NX. The kernel linker will be modified to use pmap_change_prot() to request execute access. Other preloaded data (/boot/entropy, CPU microcode, etc.) need not be mapped with execute permissions.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

markj created this revision.Oct 1 2019, 7:11 PM
markj edited the summary of this revision. (Show Details)Oct 1 2019, 7:35 PM
markj added reviewers: alc, kib.
kib added inline comments.Oct 2 2019, 7:12 PM
sys/conf/ldscript.amd64
178 ↗(On Diff #62801)

I disgree with this. .bss is the natural part of .data, I do not see why should they be teared apart. Esp. because we do not mmap the .data part for kernel.

markj added inline comments.Oct 2 2019, 7:15 PM
sys/conf/ldscript.amd64
178 ↗(On Diff #62801)

I am not tearing them apart - the padding is inserted after .bss, which follows .data.

kib accepted this revision.Oct 2 2019, 7:33 PM
kib added inline comments.
sys/conf/ldscript.amd64
178 ↗(On Diff #62801)

Yes, I misread the patch. Sorry.

This revision is now accepted and ready to land.Oct 2 2019, 7:33 PM
This revision was automatically updated to reflect the committed changes.