* [PATCH v2 0/2] arm64: mm: Mark .rodata as RO @ 2016-02-17 16:41 Jeremy Linton 2016-02-17 16:41 ` [PATCH v2 1/2] " Jeremy Linton 2016-02-17 16:41 ` [PATCH v2 2/2] arm64/mm: Add .rodata to kernel virtual memory boot notice Jeremy Linton 0 siblings, 2 replies; 8+ messages in thread From: Jeremy Linton @ 2016-02-17 16:41 UTC (permalink / raw) To: linux-arm-kernel Currently the .rodata section is actually still executable when DEBUG_RODATA is enabled. This changes that so the .rodata is actually read only, no execute. This patch is based on top of "PATCH v2 flag contiguous PTES in linear mapping" V1->V2 Added .rodata to kernel VM range notice in mem_init Split _stext->_etext into an additional chunk in map_kernel Jeremy Linton (2): arm64: mm: Mark .rodata as RO arm64/mm: Add .rodata to kernel virtual memory boot notice arch/arm64/kernel/vmlinux.lds.S | 5 +++-- arch/arm64/mm/init.c | 4 +++- arch/arm64/mm/mmu.c | 17 +++++++++++++---- 3 files changed, 19 insertions(+), 7 deletions(-) -- 2.4.3 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2 1/2] arm64: mm: Mark .rodata as RO 2016-02-17 16:41 [PATCH v2 0/2] arm64: mm: Mark .rodata as RO Jeremy Linton @ 2016-02-17 16:41 ` Jeremy Linton 2016-02-17 16:46 ` Ard Biesheuvel 2016-02-17 16:41 ` [PATCH v2 2/2] arm64/mm: Add .rodata to kernel virtual memory boot notice Jeremy Linton 1 sibling, 1 reply; 8+ messages in thread From: Jeremy Linton @ 2016-02-17 16:41 UTC (permalink / raw) To: linux-arm-kernel Currently the .rodata section is actually still executable when DEBUG_RODATA is enabled. This changes that so the .rodata is actually read only, no execute. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> --- arch/arm64/kernel/vmlinux.lds.S | 5 +++-- arch/arm64/mm/mmu.c | 17 +++++++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 8f4fc2c..9208f53 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -114,8 +114,9 @@ SECTIONS *(.got) /* Global offset table */ } - RO_DATA(PAGE_SIZE) - EXCEPTION_TABLE(8) + ALIGN_DEBUG_RO_MIN(0) + RO_DATA(PAGE_SIZE) /* everything from this point to */ + EXCEPTION_TABLE(8) /* _etext will be marked RO NX */ NOTES ALIGN_DEBUG_RO_MIN(PAGE_SIZE) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index ab69a99..9aa5201 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -453,10 +453,18 @@ static void __init map_mem(pgd_t *pgd) #ifdef CONFIG_DEBUG_RODATA void mark_rodata_ro(void) { - create_mapping_late(__pa(_stext), (unsigned long)_stext, - (unsigned long)_etext - (unsigned long)_stext, - PAGE_KERNEL_ROX); + unsigned long section_size; + section_size = (unsigned long)__start_rodata - (unsigned long)_stext; + create_mapping_late(__pa(_stext), (unsigned long)_stext, + section_size, PAGE_KERNEL_ROX); + /* + * mark .rodata as read only. Use _etext rather than __end_rodata to + * cover NOTES and EXCEPTION_TABLE. + */ + section_size = (unsigned long)_etext - (unsigned long)__start_rodata; + create_mapping_late(__pa(__start_rodata), (unsigned long)__start_rodata, + section_size, PAGE_KERNEL_RO); } #endif @@ -486,7 +494,8 @@ static void __init map_kernel_chunk(pgd_t *pgd, void *va_start, void *va_end, static void __init map_kernel(pgd_t *pgd) { - map_kernel_chunk(pgd, _stext, _etext, PAGE_KERNEL_EXEC); + map_kernel_chunk(pgd, _stext, __start_rodata, PAGE_KERNEL_EXEC); + map_kernel_chunk(pgd, __start_rodata, _etext, PAGE_KERNEL_EXEC); map_kernel_chunk(pgd, __init_begin, __init_end, PAGE_KERNEL_EXEC); map_kernel_chunk(pgd, _data, _end, PAGE_KERNEL); -- 2.4.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v2 1/2] arm64: mm: Mark .rodata as RO 2016-02-17 16:41 ` [PATCH v2 1/2] " Jeremy Linton @ 2016-02-17 16:46 ` Ard Biesheuvel 2016-02-17 16:54 ` Jeremy Linton 0 siblings, 1 reply; 8+ messages in thread From: Ard Biesheuvel @ 2016-02-17 16:46 UTC (permalink / raw) To: linux-arm-kernel On 17 February 2016 at 17:41, Jeremy Linton <jeremy.linton@arm.com> wrote: > Currently the .rodata section is actually still executable when DEBUG_RODATA > is enabled. This changes that so the .rodata is actually read only, no execute. > > Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> > --- > arch/arm64/kernel/vmlinux.lds.S | 5 +++-- > arch/arm64/mm/mmu.c | 17 +++++++++++++---- > 2 files changed, 16 insertions(+), 6 deletions(-) > > diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S > index 8f4fc2c..9208f53 100644 > --- a/arch/arm64/kernel/vmlinux.lds.S > +++ b/arch/arm64/kernel/vmlinux.lds.S > @@ -114,8 +114,9 @@ SECTIONS > *(.got) /* Global offset table */ > } > > - RO_DATA(PAGE_SIZE) > - EXCEPTION_TABLE(8) > + ALIGN_DEBUG_RO_MIN(0) > + RO_DATA(PAGE_SIZE) /* everything from this point to */ > + EXCEPTION_TABLE(8) /* _etext will be marked RO NX */ > NOTES > > ALIGN_DEBUG_RO_MIN(PAGE_SIZE) > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c > index ab69a99..9aa5201 100644 > --- a/arch/arm64/mm/mmu.c > +++ b/arch/arm64/mm/mmu.c > @@ -453,10 +453,18 @@ static void __init map_mem(pgd_t *pgd) > #ifdef CONFIG_DEBUG_RODATA > void mark_rodata_ro(void) > { > - create_mapping_late(__pa(_stext), (unsigned long)_stext, > - (unsigned long)_etext - (unsigned long)_stext, > - PAGE_KERNEL_ROX); > + unsigned long section_size; > > + section_size = (unsigned long)__start_rodata - (unsigned long)_stext; > + create_mapping_late(__pa(_stext), (unsigned long)_stext, > + section_size, PAGE_KERNEL_ROX); > + /* > + * mark .rodata as read only. Use _etext rather than __end_rodata to > + * cover NOTES and EXCEPTION_TABLE. > + */ > + section_size = (unsigned long)_etext - (unsigned long)__start_rodata; > + create_mapping_late(__pa(__start_rodata), (unsigned long)__start_rodata, > + section_size, PAGE_KERNEL_RO); > } > #endif > > @@ -486,7 +494,8 @@ static void __init map_kernel_chunk(pgd_t *pgd, void *va_start, void *va_end, > static void __init map_kernel(pgd_t *pgd) > { > > - map_kernel_chunk(pgd, _stext, _etext, PAGE_KERNEL_EXEC); > + map_kernel_chunk(pgd, _stext, __start_rodata, PAGE_KERNEL_EXEC); > + map_kernel_chunk(pgd, __start_rodata, _etext, PAGE_KERNEL_EXEC); Couldn't we map this non-exec from the start? > map_kernel_chunk(pgd, __init_begin, __init_end, PAGE_KERNEL_EXEC); > map_kernel_chunk(pgd, _data, _end, PAGE_KERNEL); > > -- > 2.4.3 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2 1/2] arm64: mm: Mark .rodata as RO 2016-02-17 16:46 ` Ard Biesheuvel @ 2016-02-17 16:54 ` Jeremy Linton 2016-02-17 16:55 ` Ard Biesheuvel 0 siblings, 1 reply; 8+ messages in thread From: Jeremy Linton @ 2016-02-17 16:54 UTC (permalink / raw) To: linux-arm-kernel On 02/17/2016 10:46 AM, Ard Biesheuvel wrote: > On 17 February 2016 at 17:41, Jeremy Linton <jeremy.linton@arm.com> wrote: >> Currently the .rodata section is actually still executable when DEBUG_RODATA >> is enabled. This changes that so the .rodata is actually read only, no execute. >> (trimming) >> >> - map_kernel_chunk(pgd, _stext, _etext, PAGE_KERNEL_EXEC); >> + map_kernel_chunk(pgd, _stext, __start_rodata, PAGE_KERNEL_EXEC); >> + map_kernel_chunk(pgd, __start_rodata, _etext, PAGE_KERNEL_EXEC); > > Couldn't we map this non-exec from the start? Probably, Mark suggested that, but Kees seemed to have reasons not to. Either way, my opinion is that for that change to make sense we also need to always enable the functionality turned on by DEBUG_RODATA. > >> map_kernel_chunk(pgd, __init_begin, __init_end, PAGE_KERNEL_EXEC); >> map_kernel_chunk(pgd, _data, _end, PAGE_KERNEL); >> >> -- >> 2.4.3 >> > ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2 1/2] arm64: mm: Mark .rodata as RO 2016-02-17 16:54 ` Jeremy Linton @ 2016-02-17 16:55 ` Ard Biesheuvel 2016-02-17 17:02 ` Mark Rutland 0 siblings, 1 reply; 8+ messages in thread From: Ard Biesheuvel @ 2016-02-17 16:55 UTC (permalink / raw) To: linux-arm-kernel On 17 February 2016 at 17:54, Jeremy Linton <jeremy.linton@arm.com> wrote: > On 02/17/2016 10:46 AM, Ard Biesheuvel wrote: >> >> On 17 February 2016 at 17:41, Jeremy Linton <jeremy.linton@arm.com> wrote: >>> >>> Currently the .rodata section is actually still executable when >>> DEBUG_RODATA >>> is enabled. This changes that so the .rodata is actually read only, no >>> execute. >>> > (trimming) >>> >>> >>> - map_kernel_chunk(pgd, _stext, _etext, PAGE_KERNEL_EXEC); >>> + map_kernel_chunk(pgd, _stext, __start_rodata, PAGE_KERNEL_EXEC); >>> + map_kernel_chunk(pgd, __start_rodata, _etext, PAGE_KERNEL_EXEC); >> >> >> Couldn't we map this non-exec from the start? > > > Probably, Mark suggested that, but Kees seemed to have reasons not to. > Either way, my opinion is that for that change to make sense we also need to > always enable the functionality turned on by DEBUG_RODATA. > Actually, I think that was about mapping read-only, not non-exec. For text patching and Kees's __ro_after_init stuff, the region would need to be writable early on. But I don't think there is a reason to make it executable. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2 1/2] arm64: mm: Mark .rodata as RO 2016-02-17 16:55 ` Ard Biesheuvel @ 2016-02-17 17:02 ` Mark Rutland 0 siblings, 0 replies; 8+ messages in thread From: Mark Rutland @ 2016-02-17 17:02 UTC (permalink / raw) To: linux-arm-kernel On Wed, Feb 17, 2016 at 05:55:57PM +0100, Ard Biesheuvel wrote: > On 17 February 2016 at 17:54, Jeremy Linton <jeremy.linton@arm.com> wrote: > > On 02/17/2016 10:46 AM, Ard Biesheuvel wrote: > >> > >> On 17 February 2016 at 17:41, Jeremy Linton <jeremy.linton@arm.com> wrote: > >>> > >>> Currently the .rodata section is actually still executable when > >>> DEBUG_RODATA > >>> is enabled. This changes that so the .rodata is actually read only, no > >>> execute. > >>> > > (trimming) > >>> > >>> > >>> - map_kernel_chunk(pgd, _stext, _etext, PAGE_KERNEL_EXEC); > >>> + map_kernel_chunk(pgd, _stext, __start_rodata, PAGE_KERNEL_EXEC); > >>> + map_kernel_chunk(pgd, __start_rodata, _etext, PAGE_KERNEL_EXEC); > >> > >> > >> Couldn't we map this non-exec from the start? > > > > > > Probably, Mark suggested that, but Kees seemed to have reasons not to. > > Either way, my opinion is that for that change to make sense we also need to > > always enable the functionality turned on by DEBUG_RODATA. > > > > Actually, I think that was about mapping read-only, not non-exec. For > text patching and Kees's __ro_after_init stuff, the region would need > to be writable early on. But I don't think there is a reason to make > it executable. Yup, we should be able to make it PAGE_KERNEL here, even if we can't make it PAGE_KERNEL_RO. Mark. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2 2/2] arm64/mm: Add .rodata to kernel virtual memory boot notice 2016-02-17 16:41 [PATCH v2 0/2] arm64: mm: Mark .rodata as RO Jeremy Linton 2016-02-17 16:41 ` [PATCH v2 1/2] " Jeremy Linton @ 2016-02-17 16:41 ` Jeremy Linton 2016-02-17 17:04 ` Mark Rutland 1 sibling, 1 reply; 8+ messages in thread From: Jeremy Linton @ 2016-02-17 16:41 UTC (permalink / raw) To: linux-arm-kernel Now that .rodata has differing permissions from .text display it in the mem_init banner as a seperate memory range. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> --- arch/arm64/mm/init.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 5dd0831..41be7db 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -325,6 +325,7 @@ void __init mem_init(void) " memory : 0x%16lx - 0x%16lx (%6ld MB)\n" " .init : 0x%p" " - 0x%p" " (%6ld KB)\n" " .text : 0x%p" " - 0x%p" " (%6ld KB)\n" + " .rodata : 0x%p" " - 0x%p" " (%6ld KB)\n" " .data : 0x%p" " - 0x%p" " (%6ld KB)\n", #ifdef CONFIG_KASAN MLG(KASAN_SHADOW_START, KASAN_SHADOW_END), @@ -341,7 +342,8 @@ void __init mem_init(void) MLM(MODULES_VADDR, MODULES_END), MLM(PAGE_OFFSET, (unsigned long)high_memory), MLK_ROUNDUP(__init_begin, __init_end), - MLK_ROUNDUP(_text, _etext), + MLK_ROUNDUP(_text, __start_rodata), + MLK_ROUNDUP(__start_rodata, _etext), MLK_ROUNDUP(_sdata, _edata)); #undef MLK -- 2.4.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v2 2/2] arm64/mm: Add .rodata to kernel virtual memory boot notice 2016-02-17 16:41 ` [PATCH v2 2/2] arm64/mm: Add .rodata to kernel virtual memory boot notice Jeremy Linton @ 2016-02-17 17:04 ` Mark Rutland 0 siblings, 0 replies; 8+ messages in thread From: Mark Rutland @ 2016-02-17 17:04 UTC (permalink / raw) To: linux-arm-kernel On Wed, Feb 17, 2016 at 10:41:14AM -0600, Jeremy Linton wrote: > Now that .rodata has differing permissions from .text > display it in the mem_init banner as a seperate memory range. > > Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> > --- > arch/arm64/mm/init.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) This looks fine, but I think it would be better to have this folded into the prior patch. Mark. > > diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c > index 5dd0831..41be7db 100644 > --- a/arch/arm64/mm/init.c > +++ b/arch/arm64/mm/init.c > @@ -325,6 +325,7 @@ void __init mem_init(void) > " memory : 0x%16lx - 0x%16lx (%6ld MB)\n" > " .init : 0x%p" " - 0x%p" " (%6ld KB)\n" > " .text : 0x%p" " - 0x%p" " (%6ld KB)\n" > + " .rodata : 0x%p" " - 0x%p" " (%6ld KB)\n" > " .data : 0x%p" " - 0x%p" " (%6ld KB)\n", > #ifdef CONFIG_KASAN > MLG(KASAN_SHADOW_START, KASAN_SHADOW_END), > @@ -341,7 +342,8 @@ void __init mem_init(void) > MLM(MODULES_VADDR, MODULES_END), > MLM(PAGE_OFFSET, (unsigned long)high_memory), > MLK_ROUNDUP(__init_begin, __init_end), > - MLK_ROUNDUP(_text, _etext), > + MLK_ROUNDUP(_text, __start_rodata), > + MLK_ROUNDUP(__start_rodata, _etext), > MLK_ROUNDUP(_sdata, _edata)); > > #undef MLK > -- > 2.4.3 > ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-02-17 17:04 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-02-17 16:41 [PATCH v2 0/2] arm64: mm: Mark .rodata as RO Jeremy Linton 2016-02-17 16:41 ` [PATCH v2 1/2] " Jeremy Linton 2016-02-17 16:46 ` Ard Biesheuvel 2016-02-17 16:54 ` Jeremy Linton 2016-02-17 16:55 ` Ard Biesheuvel 2016-02-17 17:02 ` Mark Rutland 2016-02-17 16:41 ` [PATCH v2 2/2] arm64/mm: Add .rodata to kernel virtual memory boot notice Jeremy Linton 2016-02-17 17:04 ` Mark Rutland
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).