powerpc: Mark .opd section read-only

.opd section contains function descriptors used to locate
functions in the kernel. If someone is able to modify a
function descriptor he will be able to run arbitrary
kernel function instead of another.

To avoid that, move .opd section inside read-only memory.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/3cd40b682fb6f75bb40947b55ca0bac20cb3f995.1634136222.git.christophe.leroy@csgroup.eu

diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 40bdefe..18e42c7 100644 (file)
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -143,6 +143,12 @@ SECTIONS
        SOFT_MASK_TABLE(8)
        RESTART_TABLE(8)
 
+       .opd : AT(ADDR(.opd) - LOAD_OFFSET) {
+               __start_opd = .;
+               KEEP(*(.opd))
+               __end_opd = .;
+       }
+
        . = ALIGN(8);
        __stf_entry_barrier_fixup : AT(ADDR(__stf_entry_barrier_fixup) - LOAD_OFFSET) {
                __start___stf_entry_barrier_fixup = .;
@@ -339,12 +345,6 @@ SECTIONS
                *(.branch_lt)
        }
 
-       .opd : AT(ADDR(.opd) - LOAD_OFFSET) {
-               __start_opd = .;
-               KEEP(*(.opd))
-               __end_opd = .;
-       }
-
        . = ALIGN(256);
        .got : AT(ADDR(.got) - LOAD_OFFSET) {
                __toc_start = .;