From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: mm: Mark .rodata as RO
Date: Fri, 12 Feb 2016 18:25:27 +0000 [thread overview]
Message-ID: <20160212182527.GG20262@leverpostej> (raw)
In-Reply-To: <1455293599-6974-1-git-send-email-jeremy.linton@arm.com>
On Fri, Feb 12, 2016 at 10:13:19AM -0600, Jeremy Linton wrote:
> Currently the .rodata section is actually still executable when DEBUG_RODATA
> is enabled. This changes that so the .rodata is actually read only, no execute.
>
> Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
> ---
> arch/arm64/kernel/vmlinux.lds.S | 5 +++--
> arch/arm64/mm/mmu.c | 14 +++++++++++---
> 2 files changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index ab4e436..2e2c053 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -114,8 +114,9 @@ SECTIONS
> *(.got) /* Global offset table */
> }
>
> - RO_DATA(PAGE_SIZE)
> - EXCEPTION_TABLE(8)
> + ALIGN_DEBUG_RO_MIN(0)
> + RO_DATA(PAGE_SIZE) /* everything from this point to */
> + EXCEPTION_TABLE(8) /* _etext will be marked RO NX */
> NOTES
>
> ALIGN_DEBUG_RO_MIN(PAGE_SIZE)
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index ab69a99..a3f4112 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -453,10 +453,18 @@ static void __init map_mem(pgd_t *pgd)
> #ifdef CONFIG_DEBUG_RODATA
> void mark_rodata_ro(void)
> {
> - create_mapping_late(__pa(_stext), (unsigned long)_stext,
> - (unsigned long)_etext - (unsigned long)_stext,
> - PAGE_KERNEL_ROX);
> + unsigned long section_size;
>
> + section_size = (unsigned long)__start_rodata - (unsigned long)_stext;
> + create_mapping_late(__pa(_stext), (unsigned long)_stext,
> + section_size, PAGE_KERNEL_ROX);
> + /*
> + * mark .rodata as read only. Use _etext rather than __end_rodata to
> + * cover NOTES and EXCEPTION_TABLE.
> + */
> + section_size = (unsigned long)_etext - (unsigned long)__start_rodata;
> + create_mapping_late(__pa(__start_rodata), (unsigned long)__start_rodata,
> + section_size, PAGE_KERNEL_RO);
> }
As you pointed out in the other thread, we'll also need to update
map_kernel to use equivalent chunks for .text and .rodata.
I think we can probably make .rodata RO from the outset in map_kernel,
too.
Could you please update mem_init to log .text and .rodata separately?
It looks like some core code makes assumptions about _etext, so I guess
that has to cover .rodata regardless.
Otherwise, looks good!
Thanks,
Mark.
next prev parent reply other threads:[~2016-02-12 18:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-12 16:13 [PATCH] arm64: mm: Mark .rodata as RO Jeremy Linton
2016-02-12 18:25 ` Mark Rutland [this message]
2016-02-16 18:10 ` [kernel-hardening] " Kees Cook
2016-02-16 18:10 ` Kees Cook
2016-02-16 18:48 ` [kernel-hardening] " Laura Abbott
2016-02-16 18:48 ` Laura Abbott
2016-02-16 20:35 ` [kernel-hardening] " Kees Cook
2016-02-16 20:35 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160212182527.GG20262@leverpostej \
--to=mark.rutland@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.