From 7e98d3fd75cadcca38c25ae4984ead948514f524 Mon Sep 17 00:00:00 2001
From: visa <visa@openbsd.org>
Date: Mon, 5 Jun 2017 15:23:11 +0000
Subject: [PATCH] Randomize the link order of .o files in the kernel on octeon.
 Unlike on some other architectures, it is not possible to unmap the early
 boot code. Instead, the code is smashed during boot.

Input from deraadt@
---
 sys/arch/octeon/conf/Makefile.octeon | 26 +++++++++++++-----
 sys/arch/octeon/conf/files.octeon    |  3 +-
 sys/arch/octeon/octeon/locore.S      | 19 +++++++++----
 sys/arch/octeon/octeon/locore0.S     | 41 ++++++++++++++++++++++++++++
 4 files changed, 76 insertions(+), 13 deletions(-)
 create mode 100644 sys/arch/octeon/octeon/locore0.S

diff --git a/sys/arch/octeon/conf/Makefile.octeon b/sys/arch/octeon/conf/Makefile.octeon
index e291ac3f727..bb47dec5fe5 100644
--- a/sys/arch/octeon/conf/Makefile.octeon
+++ b/sys/arch/octeon/conf/Makefile.octeon
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.octeon,v 1.32 2017/06/05 12:43:59 deraadt Exp $
+#	$OpenBSD: Makefile.octeon,v 1.33 2017/06/05 15:23:11 visa Exp $
 
 # For instructions on building kernels consult the config(8) and options(4)
 # manual pages.
@@ -36,9 +36,13 @@ CWARNFLAGS=	-Werror -Wall -Wimplicit-function-declaration \
 
 CMACHFLAGS=	-mno-abicalls ${ABI} -msoft-float -G 0
 CMACHFLAGS+=	-ffreestanding ${NOPIE_FLAGS}
+SORTR=		sort -R
 .if ${IDENT:M-DNO_PROPOLICE}
 CMACHFLAGS+=	-fno-stack-protector
 .endif
+.if ${IDENT:M-DSMALL_KERNEL}
+SORTR=		cat
+.endif
 
 DEBUG?=		-g
 COPTS?=		-O2
@@ -73,13 +77,14 @@ NORMAL_S=	${CC} ${AFLAGS} ${CPPFLAGS} -c $<
 #	${SYSTEM_LD_HEAD}
 #	${SYSTEM_LD} swapxxx.o
 #	${SYSTEM_LD_TAIL}
-SYSTEM_HEAD=	locore.o param.o ioconf.o
-SYSTEM_OBJ=	${SYSTEM_HEAD} ${OBJS}
+SYSTEM_HEAD=	locore0.o gap.o
+SYSTEM_OBJ=	${SYSTEM_HEAD} ${OBJS} param.o ioconf.o
 SYSTEM_DEP=	Makefile ${SYSTEM_OBJ} ld.script
 SYSTEM_LD_HEAD=	@rm -f $@
 SYSTEM_LD=	@echo ${LD} ${LINKFLAGS} -o $@ '$${SYSTEM_HEAD} vers.o $${OBJS}'; \
 		umask 007; \
-		${LD} ${LINKFLAGS} -o $@ ${SYSTEM_HEAD} vers.o ${OBJS}
+		echo ${OBJS} param.o ioconf.o vers.o | tr " " "\n" | ${SORTR} > lorder; \
+		${LD} ${LINKFLAGS} -o $@ ${SYSTEM_HEAD} `cat lorder`
 SYSTEM_LD_TAIL=	@${SIZE} $@
 
 .if ${DEBUG} == "-g"
@@ -126,8 +131,15 @@ vers.o: ${SYSTEM_DEP} ${SYSTEM_SWAP_DEP}
 	sh $S/conf/newvers.sh
 	${CC} ${CFLAGS} ${CPPFLAGS} ${PROF} -c vers.c
 
+gap.S:	${SYSTEM_SWAP_DEP} Makefile $S/conf/makegap.sh
+	umask 007; sh $S/conf/makegap.sh 0xef > gap.S
+
+gap.o:	gap.S
+	umask 007; ${CC} ${AFLAGS} ${CPPFLAGS} ${PROF} -c gap.S
+
 clean:
-	rm -f *bsd *bsd.gdb *.[dio] [a-z]*.s assym.* ${DB_STRUCTINFO} param.c
+	rm -f *bsd *bsd.gdb *.[dio] [a-z]*.s assym.* ${DB_STRUCTINFO} \
+	    gap.S lorder param.c
 
 cleandir: clean
 	rm -f Makefile *.h ioconf.c options machine ${_mach} vers.c
@@ -143,8 +155,8 @@ db_structinfo.h: $S/ddb/db_structinfo.c $S/ddb/parse_structinfo.pl
 	objdump -g db_structinfo.o | perl $S/ddb/parse_structinfo.pl > $@
 	rm -f db_structinfo.o
 
-locore.o: ${_machdir}/${_mach}/locore.S assym.h
-context.o cp0access.o exception.o: assym.h
+locore0.o: ${_machdir}/${_mach}/locore0.S assym.h
+context.o cp0access.o exception.o locore.o: assym.h
 lcore_access.o lcore_ddb.o lcore_float.o tlbhandler.o: assym.h
 mips64r2.o: assym.h
 
diff --git a/sys/arch/octeon/conf/files.octeon b/sys/arch/octeon/conf/files.octeon
index 813cab1e7b0..800ff0f648c 100644
--- a/sys/arch/octeon/conf/files.octeon
+++ b/sys/arch/octeon/conf/files.octeon
@@ -1,4 +1,4 @@
-#	$OpenBSD: files.octeon,v 1.35 2017/05/02 13:26:49 visa Exp $
+#	$OpenBSD: files.octeon,v 1.36 2017/06/05 15:23:11 visa Exp $
 
 # Standard stanzas config(8) can't run without
 maxpartitions 16
@@ -20,6 +20,7 @@ file	arch/octeon/octeon/conf.c
 file	arch/octeon/octeon/disksubr.c		disk
 file	arch/octeon/octeon/machdep.c
 file	arch/octeon/octeon/cn3xxx_dts.S
+file	arch/octeon/octeon/locore.S
 
 include "dev/ata/files.ata"
 include "dev/atapiscsi/files.atapiscsi"
diff --git a/sys/arch/octeon/octeon/locore.S b/sys/arch/octeon/octeon/locore.S
index 3ef892a83a3..579a2ebce26 100644
--- a/sys/arch/octeon/octeon/locore.S
+++ b/sys/arch/octeon/octeon/locore.S
@@ -1,4 +1,4 @@
-/*	$OpenBSD: locore.S,v 1.12 2017/05/09 15:11:33 visa Exp $ */
+/*	$OpenBSD: locore.S,v 1.13 2017/06/05 15:23:11 visa Exp $ */
 
 /*
  * Copyright (c) 2001-2004 Opsycon AB  (www.opsycon.se / www.opsycon.com)
@@ -44,10 +44,8 @@
 
 	.set	noreorder		# Noreorder is default style!
 	.set	mips64r2
-	.globl	start
-	.globl	kernel_text
-kernel_text = start
-start:
+	.globl	locore_start
+locore_start:
 /* initialize ebase */
 	dla	t0, 0xffffffff80000000
 	mtc0	t0, COP_0_EBASE
@@ -123,6 +121,17 @@ start:
 	blt	t0, t1, 1b
 	sd	v0, -8(t0)			# store to randomdata
 
+	/*
+	 * Smash the very early boot code by overwriting it.
+	 */
+	li	v0, 0x00000034			# TEQ zero, zero
+	LA	t0, start
+	LA	t1, endboot
+1:
+	daddu	t0, t0, 4
+	blt	t0, t1, 1b
+	sw	v0, -4(t0)
+
 	/*
 	 * Initialize stack and call machine startup.
 	 */
diff --git a/sys/arch/octeon/octeon/locore0.S b/sys/arch/octeon/octeon/locore0.S
new file mode 100644
index 00000000000..b57089fabb7
--- /dev/null
+++ b/sys/arch/octeon/octeon/locore0.S
@@ -0,0 +1,41 @@
+/*	$OpenBSD: locore0.S,v 1.1 2017/06/05 15:23:11 visa Exp $	*/
+
+/*
+ * Copyright (c) 2001-2004 Opsycon AB  (www.opsycon.se / www.opsycon.com)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#include <machine/param.h>
+#include <machine/asm.h>
+
+#include "assym.h"
+
+	.set	noreorder		# Noreorder is default style!
+	.set	mips64r2
+	.globl	start
+	.globl	kernel_text
+kernel_text = start
+start:
+	j	locore_start
+	nop
-- 
2.20.1