From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751607AbcFEFJv (ORCPT <rfc822;w@1wt.eu>);
	Sun, 5 Jun 2016 01:09:51 -0400
Received: from ozlabs.org ([103.22.144.67]:38721 "EHLO ozlabs.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751120AbcFEFJs (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Sun, 5 Jun 2016 01:09:48 -0400
From: Rusty Russell <rusty@rustcorp.com.au>
To: Kees Cook <keescook@google.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
        Laura Abbott <labbott@fedoraproject.org>, Jessica Yu <jeyu@redhat.com>
Subject: Re: Adding module support for __ro_after_init
In-Reply-To: <CAGXu5jLGX5zp3KbynNsr=HvnUiG9r-U1tDMzyyRiXp1vsQw11A@mail.gmail.com>
References: <CAGXu5jLGX5zp3KbynNsr=HvnUiG9r-U1tDMzyyRiXp1vsQw11A@mail.gmail.com>
User-Agent: Notmuch/0.21 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Sun, 05 Jun 2016 14:39:08 +0930
Message-ID: <87fuss6x3f.fsf@rustcorp.com.au>
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Kees Cook <keescook@google.com> writes:
> Hi Rusty,
>
> I'd love to get your thoughts on the best way to support
> __ro_after_init markings for modules. Are the r/o markings done after
> module __init runs? If so, this should make things easy, and then we
> just need to move .data..ro_after_init into .rodata at link time. If
> not, then we'd need to explicitly make this section read-only after
> _init.

As you might expect, the sections are made read-only before anything
runs.  We'll need to do the latter, which means it needs to be
page-aligned.  (Well we could put it in the same page as .rodata, and
just not protect that fully until after init).

Jessica might have more thoughts...
Rusty.