Patch "powerpc: Mark .opd section read-only" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 20 Jan 2024 20:24:48 -0500

This is a note to let you know that I've just added the patch titled

    powerpc: Mark .opd section read-only

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-mark-.opd-section-read-only.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 730a5fb7b64b79d1746249de1a2cf8c9b24fac54
Author: Christophe Leroy <christophe.leroy@xxxxxxxxxx>
Date:   Wed Oct 13 16:43:54 2021 +0200

    powerpc: Mark .opd section read-only
    
    [ Upstream commit 3091f5fc5f1df7741ddf326561384e0997eca2a1 ]
    
    .opd section contains function descriptors used to locate
    functions in the kernel. If someone is able to modify a
    function descriptor he will be able to run arbitrary
    kernel function instead of another.
    
    To avoid that, move .opd section inside read-only memory.
    
    Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx>
    Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/3cd40b682fb6f75bb40947b55ca0bac20cb3f995.1634136222.git.christophe.leroy@xxxxxxxxxx
    Stable-dep-of: 1b1e38002648 ("powerpc: add crtsavres.o to always-y instead of extra-y")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index d4531902d8c6..d8301ce7c675 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -148,6 +148,12 @@ SECTIONS
 	SOFT_MASK_TABLE(8)
 	RESTART_TABLE(8)
 
+	.opd : AT(ADDR(.opd) - LOAD_OFFSET) {
+		__start_opd = .;
+		KEEP(*(.opd))
+		__end_opd = .;
+	}
+
 	. = ALIGN(8);
 	__stf_entry_barrier_fixup : AT(ADDR(__stf_entry_barrier_fixup) - LOAD_OFFSET) {
 		__start___stf_entry_barrier_fixup = .;
@@ -346,12 +352,6 @@ SECTIONS
 		*(.branch_lt)
 	}
 
-	.opd : AT(ADDR(.opd) - LOAD_OFFSET) {
-		__start_opd = .;
-		KEEP(*(.opd))
-		__end_opd = .;
-	}
-
 	. = ALIGN(256);
 	.got : AT(ADDR(.got) - LOAD_OFFSET) {
 		__toc_start = .;







