* [PATCH V5 0/2] arm64: refactor the rodata=xxx @ 2025-06-30 3:02 Huang Shijie 2025-06-30 3:02 ` [PATCH V5 1/2] " Huang Shijie 2025-06-30 3:02 ` [PATCH V5 2/2] arm64/Kconfig: Remove CONFIG_RODATA_FULL_DEFAULT_ENABLED Huang Shijie 0 siblings, 2 replies; 4+ messages in thread From: Huang Shijie @ 2025-06-30 3:02 UTC (permalink / raw) To: catalin.marinas, will, corbet Cc: patches, cl, yang, akpm, paulmck, rostedt, Neeraj.Upadhyay, bp, ardb, anshuman.khandual, suzuki.poulose, gshan, linux-doc, linux-kernel, linux-arm-kernel, Huang Shijie From Documentation/admin-guide/kernel-parameters.txt, we know that: rodata= [KNL,EARLY] on Mark read-only kernel memory as read-only (default). off Leave read-only kernel memory writable for debugging. full Mark read-only kernel memory and aliases as read-only [arm64] So the "rodata=on" is the default. But the current code does not follow the document, it makes "rodata=full" as the default. This patch set follows Anshuman Khandual's suggetions. It makes the "rodata=on" as the default, and removes the CONFIG_RODATA_FULL_DEFAULT_ENABLED. v5: Rebase this patch set with linux-next20250627 v4: Follows Anshuman Khandual/Ard Biesheuvel's suggetions: - Change commit message format. - Change the titile name. - others https://lists.infradead.org/pipermail/linux-arm-kernel/2024-December/985629.html v3: Follows Anshuman Khandual's suggetions: - Merge patch 1 and patch 3 into one patch. - Remove patch 4 - update comments and document. https://lists.infradead.org/pipermail/linux-arm-kernel/2024-December/984344.html v2: Follows Will's suggetions. Add a new file fine-tuning-tips.rst for the expert users. https://lists.infradead.org/pipermail/linux-arm-kernel/2024-November/981190.html v1: https://lists.infradead.org/pipermail/linux-arm-kernel/2024-October/971415.html Huang Shijie (2): arm64: refactor the rodata=xxx arm64/Kconfig: Remove CONFIG_RODATA_FULL_DEFAULT_ENABLED .../admin-guide/kernel-parameters.txt | 2 +- arch/arm64/Kconfig | 14 ---------- arch/arm64/include/asm/setup.h | 28 +++++++++++++++++-- arch/arm64/mm/pageattr.c | 2 +- 4 files changed, 28 insertions(+), 18 deletions(-) -- 2.40.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH V5 1/2] arm64: refactor the rodata=xxx 2025-06-30 3:02 [PATCH V5 0/2] arm64: refactor the rodata=xxx Huang Shijie @ 2025-06-30 3:02 ` Huang Shijie 2025-06-30 3:25 ` Randy Dunlap 2025-06-30 3:02 ` [PATCH V5 2/2] arm64/Kconfig: Remove CONFIG_RODATA_FULL_DEFAULT_ENABLED Huang Shijie 1 sibling, 1 reply; 4+ messages in thread From: Huang Shijie @ 2025-06-30 3:02 UTC (permalink / raw) To: catalin.marinas, will, corbet Cc: patches, cl, yang, akpm, paulmck, rostedt, Neeraj.Upadhyay, bp, ardb, anshuman.khandual, suzuki.poulose, gshan, linux-doc, linux-kernel, linux-arm-kernel, Huang Shijie As per admin guide documentation, "rodata=on" should be the default on platforms. Documentation/admin-guide/kernel-parameters.txt describes these options as rodata= [KNL,EARLY] on Mark read-only kernel memory as read-only (default). off Leave read-only kernel memory writable for debugging. full Mark read-only kernel memory and aliases as read-only [arm64] But on arm64 platform, "rodata=full" is the default instead. This patch implements the following changes. - Make "rodata=on" behaviour same as the original "rodata=full" - Make "rodata=noalias" (new) behaviour same as the original "rodata=on" - Drop the original "rodata=full" - Add comment for arch_parse_debug_rodata() - Update kernel-parameters.txt as required After this patch, the "rodata=on" will be the default on arm64 platform as well. Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com> --- .../admin-guide/kernel-parameters.txt | 2 +- arch/arm64/include/asm/setup.h | 28 +++++++++++++++++-- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index ee0735c6b8e2..e0cd6dac26d3 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -6354,7 +6354,7 @@ rodata= [KNL,EARLY] on Mark read-only kernel memory as read-only (default). off Leave read-only kernel memory writable for debugging. - full Mark read-only kernel memory and aliases as read-only + noalias Use more block mappings,may have better performance. [arm64] rockchip.usb_uart diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h index ba269a7a3201..6b994d0881d1 100644 --- a/arch/arm64/include/asm/setup.h +++ b/arch/arm64/include/asm/setup.h @@ -13,6 +13,30 @@ extern phys_addr_t __fdt_pointer __initdata; extern u64 __cacheline_aligned boot_args[4]; +/* + * rodata=on (default) + * + * This applies read-only attributes to VM areas and to the linear + * alias of the backing pages as well. This prevents code or read- + * only data from being modified (inadvertently or intentionally), + * via another mapping for the same memory page. + * + * But this might cause linear map region to be mapped down to base + * pages, which may adversely affect performance in some cases. + * + * rodata=off + * + * This provides more block mappings and contiguous hints for linear + * map region which would minimize TLB footprint. This also leaves + * read-only kernel memory writable for debugging. + * + * rodata=noalias + * + * This provides more block mappings and contiguous hints for linear + * map region which would minimize TLB footprint. This leaves the linear + * alias of read-only mappings in the vmalloc space writeable, making + * them susceptible to inadvertent modification by software. + */ static inline bool arch_parse_debug_rodata(char *arg) { extern bool rodata_enabled; @@ -21,7 +45,7 @@ static inline bool arch_parse_debug_rodata(char *arg) if (!arg) return false; - if (!strcmp(arg, "full")) { + if (!strcmp(arg, "on")) { rodata_enabled = rodata_full = true; return true; } @@ -31,7 +55,7 @@ static inline bool arch_parse_debug_rodata(char *arg) return true; } - if (!strcmp(arg, "on")) { + if (!strcmp(arg, "noalias")) { rodata_enabled = true; rodata_full = false; return true; -- 2.40.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH V5 1/2] arm64: refactor the rodata=xxx 2025-06-30 3:02 ` [PATCH V5 1/2] " Huang Shijie @ 2025-06-30 3:25 ` Randy Dunlap 0 siblings, 0 replies; 4+ messages in thread From: Randy Dunlap @ 2025-06-30 3:25 UTC (permalink / raw) To: Huang Shijie, catalin.marinas, will, corbet Cc: patches, cl, yang, akpm, paulmck, rostedt, Neeraj.Upadhyay, bp, ardb, anshuman.khandual, suzuki.poulose, gshan, linux-doc, linux-kernel, linux-arm-kernel On 6/29/25 8:02 PM, Huang Shijie wrote: > As per admin guide documentation, "rodata=on" should be the default on > platforms. Documentation/admin-guide/kernel-parameters.txt describes > these options as > > rodata= [KNL,EARLY] > on Mark read-only kernel memory as read-only (default). > off Leave read-only kernel memory writable for debugging. > full Mark read-only kernel memory and aliases as read-only > [arm64] > > But on arm64 platform, "rodata=full" is the default instead. This patch > implements the following changes. > > - Make "rodata=on" behaviour same as the original "rodata=full" > - Make "rodata=noalias" (new) behaviour same as the original "rodata=on" > - Drop the original "rodata=full" > - Add comment for arch_parse_debug_rodata() > - Update kernel-parameters.txt as required > > After this patch, the "rodata=on" will be the default on arm64 platform > as well. > > Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com> > --- > .../admin-guide/kernel-parameters.txt | 2 +- > arch/arm64/include/asm/setup.h | 28 +++++++++++++++++-- > 2 files changed, 27 insertions(+), 3 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index ee0735c6b8e2..e0cd6dac26d3 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -6354,7 +6354,7 @@ > rodata= [KNL,EARLY] > on Mark read-only kernel memory as read-only (default). > off Leave read-only kernel memory writable for debugging. > - full Mark read-only kernel memory and aliases as read-only > + noalias Use more block mappings,may have better performance. Add space after comma, please. ^ > [arm64] > > rockchip.usb_uart > diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h > index ba269a7a3201..6b994d0881d1 100644 > --- a/arch/arm64/include/asm/setup.h > +++ b/arch/arm64/include/asm/setup.h > @@ -13,6 +13,30 @@ > extern phys_addr_t __fdt_pointer __initdata; > extern u64 __cacheline_aligned boot_args[4]; > > +/* > + * rodata=on (default) > + * > + * This applies read-only attributes to VM areas and to the linear > + * alias of the backing pages as well. This prevents code or read- > + * only data from being modified (inadvertently or intentionally), > + * via another mapping for the same memory page. > + * > + * But this might cause linear map region to be mapped down to base > + * pages, which may adversely affect performance in some cases. > + * > + * rodata=off > + * > + * This provides more block mappings and contiguous hints for linear > + * map region which would minimize TLB footprint. This also leaves > + * read-only kernel memory writable for debugging. > + * > + * rodata=noalias > + * > + * This provides more block mappings and contiguous hints for linear > + * map region which would minimize TLB footprint. This leaves the linear > + * alias of read-only mappings in the vmalloc space writeable, making > + * them susceptible to inadvertent modification by software. > + */ > static inline bool arch_parse_debug_rodata(char *arg) > { > extern bool rodata_enabled; > @@ -21,7 +45,7 @@ static inline bool arch_parse_debug_rodata(char *arg) > if (!arg) > return false; > > - if (!strcmp(arg, "full")) { > + if (!strcmp(arg, "on")) { > rodata_enabled = rodata_full = true; > return true; > } > @@ -31,7 +55,7 @@ static inline bool arch_parse_debug_rodata(char *arg) > return true; > } > > - if (!strcmp(arg, "on")) { > + if (!strcmp(arg, "noalias")) { > rodata_enabled = true; > rodata_full = false; > return true; -- ~Randy ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH V5 2/2] arm64/Kconfig: Remove CONFIG_RODATA_FULL_DEFAULT_ENABLED 2025-06-30 3:02 [PATCH V5 0/2] arm64: refactor the rodata=xxx Huang Shijie 2025-06-30 3:02 ` [PATCH V5 1/2] " Huang Shijie @ 2025-06-30 3:02 ` Huang Shijie 1 sibling, 0 replies; 4+ messages in thread From: Huang Shijie @ 2025-06-30 3:02 UTC (permalink / raw) To: catalin.marinas, will, corbet Cc: patches, cl, yang, akpm, paulmck, rostedt, Neeraj.Upadhyay, bp, ardb, anshuman.khandual, suzuki.poulose, gshan, linux-doc, linux-kernel, linux-arm-kernel, Huang Shijie After patch "arm64: refacotr the rodata=xxx", the "rodata=on" becomes the default. ...................................... if (!strcmp(arg, "on")) { rodata_enabled = rodata_full = true; return true; } ...................................... The rodata_full is always "true" via "rodata=on" and does not depend on the config RODATA_FULL_DEFAULT_ENABLED anymore, so it can be dropped. Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com> Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com> --- arch/arm64/Kconfig | 14 -------------- arch/arm64/mm/pageattr.c | 2 +- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index f9f988c2cab7..12a70f10f7bb 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1694,20 +1694,6 @@ config MITIGATE_SPECTRE_BRANCH_HISTORY When taking an exception from user-space, a sequence of branches or a firmware call overwrites the branch history. -config RODATA_FULL_DEFAULT_ENABLED - bool "Apply r/o permissions of VM areas also to their linear aliases" - default y - help - Apply read-only attributes of VM areas to the linear alias of - the backing pages as well. This prevents code or read-only data - from being modified (inadvertently or intentionally) via another - mapping of the same memory page. This additional enhancement can - be turned off at runtime by passing rodata=[off|on] (and turned on - with rodata=full if this option is set to 'n') - - This requires the linear region to be mapped down to pages, - which may adversely affect performance in some cases. - config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" depends on !KCSAN diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c index 04d4a8f676db..667aff1efe49 100644 --- a/arch/arm64/mm/pageattr.c +++ b/arch/arm64/mm/pageattr.c @@ -20,7 +20,7 @@ struct page_change_data { pgprot_t clear_mask; }; -bool rodata_full __ro_after_init = IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED); +bool rodata_full __ro_after_init = true; bool can_set_direct_map(void) { -- 2.40.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-06-30 3:26 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-06-30 3:02 [PATCH V5 0/2] arm64: refactor the rodata=xxx Huang Shijie 2025-06-30 3:02 ` [PATCH V5 1/2] " Huang Shijie 2025-06-30 3:25 ` Randy Dunlap 2025-06-30 3:02 ` [PATCH V5 2/2] arm64/Kconfig: Remove CONFIG_RODATA_FULL_DEFAULT_ENABLED Huang Shijie
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).