From 8d3e0a5bbdbc87cd82d95f52e615634d6e18d073 Mon Sep 17 00:00:00 2001 From: sf Date: Sat, 1 Jul 2017 19:42:59 +0000 Subject: [PATCH] Use absolute pointers in codepatch entries Instead of offsets to KERNBASE, store absolute pointers in the codepatch entries. KERNBASE will go away when ASLR is introduced. Requested by deraadt@ --- sys/arch/i386/i386/codepatch.c | 25 +++++++++++-------------- sys/arch/i386/include/codepatch.h | 4 ++-- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/sys/arch/i386/i386/codepatch.c b/sys/arch/i386/i386/codepatch.c index 9b5b305bc2a..42c18892e9e 100644 --- a/sys/arch/i386/i386/codepatch.c +++ b/sys/arch/i386/i386/codepatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: codepatch.c,v 1.2 2017/03/26 23:27:44 jca Exp $ */ +/* $OpenBSD: codepatch.c,v 1.3 2017/07/01 19:42:59 sf Exp $ */ /* * Copyright (c) 2014-2015 Stefan Fritsch * @@ -27,7 +27,7 @@ #endif struct codepatch { - uint32_t offset; + vaddr_t addr; uint16_t len; uint16_t tag; }; @@ -132,7 +132,7 @@ codepatch_nop(uint16_t tag) { struct codepatch *patch; unsigned char *rwaddr; - vaddr_t addr, rwmap = 0; + vaddr_t rwmap = 0; int i = 0; DBGPRINT("patching tag %u", tag); @@ -140,8 +140,7 @@ codepatch_nop(uint16_t tag) for (patch = &codepatch_begin; patch < &codepatch_end; patch++) { if (patch->tag != tag) continue; - addr = KERNBASE + patch->offset; - rwaddr = codepatch_maprw(&rwmap, addr); + rwaddr = codepatch_maprw(&rwmap, patch->addr); codepatch_fill_nop(rwaddr, patch->len); i++; } @@ -155,7 +154,7 @@ codepatch_replace(uint16_t tag, void *code, size_t len) { struct codepatch *patch; unsigned char *rwaddr; - vaddr_t addr, rwmap = 0; + vaddr_t rwmap = 0; int i = 0; DBGPRINT("patching tag %u with %p", tag, code); @@ -163,13 +162,12 @@ codepatch_replace(uint16_t tag, void *code, size_t len) for (patch = &codepatch_begin; patch < &codepatch_end; patch++) { if (patch->tag != tag) continue; - addr = KERNBASE + patch->offset; if (len > patch->len) { panic("%s: can't replace len %u with %zu at %#lx", - __func__, patch->len, len, addr); + __func__, patch->len, len, patch->addr); } - rwaddr = codepatch_maprw(&rwmap, addr); + rwaddr = codepatch_maprw(&rwmap, patch->addr); memcpy(rwaddr, code, len); codepatch_fill_nop(rwaddr + len, patch->len - len); i++; @@ -186,20 +184,19 @@ codepatch_call(uint16_t tag, void *func) unsigned char *rwaddr; int32_t offset; int i = 0; - vaddr_t addr, rwmap = 0; + vaddr_t rwmap = 0; DBGPRINT("patching tag %u with call %p", tag, func); for (patch = &codepatch_begin; patch < &codepatch_end; patch++) { if (patch->tag != tag) continue; - addr = KERNBASE + patch->offset; if (patch->len < 5) panic("%s: can't replace len %u with call at %#lx", - __func__, patch->len, addr); + __func__, patch->len, patch->addr); - offset = (vaddr_t)func - (addr + 5); - rwaddr = codepatch_maprw(&rwmap, addr); + offset = (vaddr_t)func - (patch->addr + 5); + rwaddr = codepatch_maprw(&rwmap, patch->addr); rwaddr[0] = 0xe8; /* call near */ memcpy(rwaddr + 1, &offset, sizeof(offset)); codepatch_fill_nop(rwaddr + 5, patch->len - 5); diff --git a/sys/arch/i386/include/codepatch.h b/sys/arch/i386/include/codepatch.h index cf9ad7abaca..89791f46d8b 100644 --- a/sys/arch/i386/include/codepatch.h +++ b/sys/arch/i386/include/codepatch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: codepatch.h,v 1.1 2015/04/19 06:27:17 sf Exp $ */ +/* $OpenBSD: codepatch.h,v 1.2 2017/07/01 19:42:59 sf Exp $ */ /* * Copyright (c) 2014-2015 Stefan Fritsch * @@ -41,7 +41,7 @@ void codepatch_call(uint16_t tag, void *func); #define CODEPATCH_END(tag) \ 999: \ .section .codepatch, "a" ;\ - .int (998b - KERNBASE) ;\ + .int 998b ;\ .short (999b - 998b) ;\ .short tag ;\ .previous -- 2.20.1