Re: [PATCH v2 3/3] module: Make .static_call_sites read-only after init

Linux Modules
 help / color / mirror / Atom feed

From: Petr Pavlu <petr.pavlu@suse.com>
To: Sami Tolvanen <samitolvanen@google.com>,
	Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Josh Poimboeuf <jpoimboe@kernel.org>,
	Jason Baron <jbaron@akamai.com>,
	Daniel Gomez <da.gomez@samsung.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Ard Biesheuvel <ardb@kernel.org>,
	linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 3/3] module: Make .static_call_sites read-only after init
Date: Wed, 12 Mar 2025 13:05:22 +0100	[thread overview]
Message-ID: <3ad23825-d249-4108-b5c3-693e359fd12e@suse.com> (raw)
In-Reply-To: <20250307001256.GA2276503@google.com>

On 3/7/25 01:12, Sami Tolvanen wrote:
> On Thu, Mar 06, 2025 at 06:28:58PM +0100, Christophe Leroy wrote:
>> Le 06/03/2025 à 14:13, Petr Pavlu a écrit :
>>> Section .static_call_sites holds data structures that need to be sorted and
>>> processed only at module load time. This initial processing happens in
>>> static_call_add_module(), which is invoked as a callback to the
>>> MODULE_STATE_COMING notification from prepare_coming_module().
>>>
>>> The section is never modified afterwards. Make it therefore read-only after
>>> module initialization to avoid any (non-)accidental modifications.
>>
>> Maybe this suggestion is stupid, I didn't investigate the feasability but:
>> why don't we group everything that is ro_after_init in a single section just
>> like we do in vmlinux ? That would avoid having to add every new possible
>> section in the C code.
>>
>> Like we have in asm-generic/vmlinux.lds.h:
>>
>> #define RO_AFTER_INIT_DATA						\
>> 	. = ALIGN(8);							\
>> 	__start_ro_after_init = .;					\
>> 	*(.data..ro_after_init)						\
>> 	JUMP_TABLE_DATA							\
>> 	STATIC_CALL_DATA						\
>> 	__end_ro_after_init = .;
> 
> I like this idea. Grouping the sections in the module linker script
> feels cleaner than having an array of section names in the code. To be
> fair, I think this code predates v5.10, where scripts/module.lds.S was
> first added.

I agree in principle. I like that the information about ro_after_init
sections for vmlinux and modules would be in the same source form, in
linker scripts. This could eventually allow us to share the definition
of ro_after_init sections between vmlinux and modules.

The problem is however how to find the location of the __jump_table and
static_call_sites data. In vmlinux, as a final binary, they are
annotated with start and end symbols. In modules, as relocatable files,
the approach is to rely on them being separate sections, see function
find_module_sections().

I could add start+end symbols for __jump_table and static_call_sites
data in scripts/module.lds.S and use them by the module loader, but this
would create an inconsistency in how various data is looked up. Another
problem is that I can't find a way to tell the linker to add these
symbols only if the specific data is actually present.

-- 
Cheers,
Petr

next prev parent reply	other threads:[~2025-03-12 12:05 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-06 13:13 [PATCH v2 0/3] module: Make .static_call_sites read-only after init Petr Pavlu
2025-03-06 13:13 ` [PATCH v2 1/3] module: Constify parameters of module_enforce_rwx_sections() Petr Pavlu
2025-03-06 13:13 ` [PATCH v2 2/3] module: Add a separate function to mark sections as read-only after init Petr Pavlu
2025-03-06 13:13 ` [PATCH v2 3/3] module: Make .static_call_sites " Petr Pavlu
2025-03-06 17:28   ` Christophe Leroy
2025-03-07  0:12     ` Sami Tolvanen
2025-03-12 12:05       ` Petr Pavlu [this message]
2025-03-12 23:21         ` Sami Tolvanen
2025-03-13  8:17           ` Petr Pavlu
2025-03-06 17:16 ` [PATCH v2 0/3] " Luis Chamberlain
2025-04-07 14:14 ` Petr Pavlu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3ad23825-d249-4108-b5c3-693e359fd12e@suse.com \
    --to=petr.pavlu@suse.com \
    --cc=ardb@kernel.org \
    --cc=christophe.leroy@csgroup.eu \
    --cc=da.gomez@samsung.com \
    --cc=jbaron@akamai.com \
    --cc=jpoimboe@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-modules@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=peterz@infradead.org \
    --cc=rostedt@goodmis.org \
    --cc=samitolvanen@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox