From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 311C8C433EF for ; Wed, 5 Jan 2022 09:22:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date: Message-ID:From:References:Cc:To:Subject:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=1VShgrfEuREdoGs+3M1QconXfNtsL6lVevsQr+354h4=; b=hG9TWwVtqD7twLdrzgbRZXnhuP ys4OFXsjakZNo62ZoWO5jEUAGEdz5gToq8e4iVrzwvc9g5i/lXnFicwrslw6a05HsoCTofwhzdaXG vj43mZj52jmX+Lhz693A8g72QmzzVzC49gJ85Cw4qtd++YKISXSYJlDI+fY48BKsqZlhYpEG+Pkiz HTuYHvYc9K/i8L2ytCSO47CQMMYdecKy75h61GmRJtodJuB9BOKS4bmpjspLqXXI+yvZp48J35GXV dURaPPbdgzyLCQPKN0+gpLzW/i+4TA66TkafS+G/4dt64RFYDOx72D/luSIbB+C6S77RHWd6sHZaR 953N5a1g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1n52Tm-00EKCJ-9H; Wed, 05 Jan 2022 09:21:10 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1n52Ti-00EKB5-HA for linux-arm-kernel@lists.infradead.org; Wed, 05 Jan 2022 09:21:08 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 75C621042; Wed, 5 Jan 2022 01:21:04 -0800 (PST) Received: from [10.163.72.138] (unknown [10.163.72.138]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 964D13F774; Wed, 5 Jan 2022 01:21:02 -0800 (PST) Subject: Re: [PATCH] arm64: fix build error when use rodata_enabled To: AliOS system security , catalin.marinas@arm.com, will@kernel.org Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org References: <1641352075-25200-1-git-send-email-alios_sys_security@linux.alibaba.com> From: Anshuman Khandual Message-ID: <0432f592-789b-7c92-8d7a-99191d7bc669@arm.com> Date: Wed, 5 Jan 2022 14:51:05 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <1641352075-25200-1-git-send-email-alios_sys_security@linux.alibaba.com> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220105_012106_700595_793ADA5D X-CRM114-Status: GOOD ( 23.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hello, On 1/5/22 8:37 AM, AliOS system security wrote: > rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX > or CONFIG_STRICT_MODULE_RWX is selected Both these configs get selected invariably with CONFIG_ARM64 in the platform config file (arch/arm64/Kconfig). I guess there can not be any such situation, where both configs will be missing/not selected given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64. config ARM64 def_bool y select ACPI_CCA_REQUIRED if ACPI ..... select ARCH_HAS_STRICT_KERNEL_RWX select ARCH_HAS_STRICT_MODULE_RWX ..... Hence for all practical purpose, rodata_enabled could be considered always available. I am sure there other similar situations as well, where code elements are not wrapped around if the config option is always present. > > Signed-off-by: AliOS system security Also please refer Documentation/process/submitting-patches.rst for the rules regarding names, that can be used for a commit sign off. ------------------------------------------------------------------------ then you just add a line saying:: Signed-off-by: Random J Developer using your real name (sorry, no pseudonyms or anonymous contributions.) ------------------------------------------------------------------------ - Anshuman > --- > arch/arm64/mm/mmu.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c > index acfae9b..47f8754 100644 > --- a/arch/arm64/mm/mmu.c > +++ b/arch/arm64/mm/mmu.c > @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end, > vm_area_add_early(vma); > } > > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX) > static int __init parse_rodata(char *arg) > { > int ret = strtobool(arg, &rodata_enabled); > @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg) > return 0; > } > early_param("rodata", parse_rodata); > +#endif > > #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 > static int __init map_entry_trampoline(void) > { > - pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC; > + pgprot_t prot = PAGE_KERNEL_EXEC; > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX) > + if (rodata_enabled) > + prot = PAGE_KERNEL_ROX; > +#endif > phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start); > > /* The trampoline is always mapped and can therefore be global */ > @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp) > * mapping to install SW breakpoints. Allow this (only) when > * explicitly requested with rodata=off. > */ > - pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC; > + pgprot_t text_prot = PAGE_KERNEL_EXEC; > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX) > + if (rodata_enabled) > + text_prot = PAGE_KERNEL_ROX; > +#endif > > /* > * If we have a CPU that supports BTI and a kernel built for > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel