From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S941361AbcHJTbz (ORCPT ); Wed, 10 Aug 2016 15:31:55 -0400 Received: from mout.kundenserver.de ([212.227.126.130]:53928 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S941069AbcHJTbv (ORCPT ); Wed, 10 Aug 2016 15:31:51 -0400 From: Arnd Bergmann To: linux-arm-kernel@lists.infradead.org Cc: Russell King - ARM Linux , linux-arch@vger.kernel.org, Kees Cook , Ard Biesheuvel , x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Andrew Morton , Mathias Krause Subject: Re: [PATCH 2/2] arm: apply more __ro_after_init Date: Wed, 10 Aug 2016 21:31:05 +0200 Message-ID: <2096112.OBiRuggdEi@wuerfel> User-Agent: KMail/5.1.3 (Linux/4.4.0-31-generic; KDE/5.18.0; x86_64; ; ) In-Reply-To: <20160810101253.GL1041@n2100.armlinux.org.uk> References: <1464979224-2085-1-git-send-email-keescook@chromium.org> <2342289.4RWg0SWI3A@wuerfel> <20160810101253.GL1041@n2100.armlinux.org.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Provags-ID: V03:K0:dGNrmp6SBskktxKmeI0/6py++Gr9JO201jnlCc4PojuGQso1pOC qSdRgaSVqCG5DiNm5mjbPEfbVgbsIUIWVe5bh2b2tNgHgqx0nLiabheoZZA8C0ulmVZa7iF DIFVrofJis5sZb7ZsCmCcASgxp6dc8jHi63rqwJGgPWaRStH8yk7ar+Rgu7IS3rCOciDtQB tjx3mc6u7CsKa8zq4YUYQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:i23ZqRasQ1A=:cpffvxLJd7lCngjqB2pNJ/ rRYIVKKwuXIrwrITTkEYueuGOV3NVjzfJlM2pVMs+XyR4/ws/dSekcqGiryGQ6+RDn7JOtTs9 F3xqVR0TZkKa8UR++jstM4BluaI/Ji5LTFPapM+W74F/OXeCzMoIFDka1W/FxXGgfR2dAAH/2 opHHHI9M7Fvl4nkOcPt/VLqnhqu3XhlJe9YBK/ZTxO5C3BXsBr7JZVXg0+0aDYWbRCBCn8Zuv 9zuouvog/q9xnudTVRf4qFGcXvY8XpPcgsqfBkLwjkvjCRVEV2fjOZvY2vXB7i/pfnnDPesuQ DcZMP0WvWJtE5hvsYCs0cTDSM01OVSDMGes4MPZN/OS93UJGba+upwYycTa5S/hb+2pndTKlA orjI5elA4uVrHY3Jxcqbdig9xCM8qXyvUa4EGJ65EC/HCTk6UAq6WnZosMFGK4vFzHF7RxCYZ rhgq7jwSrIUj8djJmZXDk6fM4EeB7GKUthS0sb7UCTPB6ZxRLBMpDAkoU3ujXsxbB/PQThzr8 gHZE/8g5yCh9dNIOZ4x+1tqlFdCD4CuIWmrffWiBoNVuvmfNtLqGerR79qk4BazQTogyNQnsp Zh1Faxd1fFSKrv+x2+PMhYJi6Q1W6iX1NHfc5K2faCBlLbBiPpibRhRHGnrXVZReVqO/cXSPR qkMjOxnKQ137wo2eVCMJFiOgnGw5nm3hvZphPi0zej4AAiPZZ7LzGNGURmMf7iEG2l64JCj97 YuWYqPm/HtSewqfg Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wednesday, August 10, 2016 11:12:53 AM CEST Russell King - ARM Linux wrote: > On Wed, Aug 10, 2016 at 12:00:53PM +0200, Arnd Bergmann wrote: > > On Wednesday, August 10, 2016 10:43:39 AM CEST Russell King - ARM Linux wrote: > > > On Fri, Jun 03, 2016 at 11:40:24AM -0700, Kees Cook wrote: > > > > @@ -1309,16 +1309,11 @@ void __init arm_mm_memblock_reserve(void) > > > > * Any other function or debugging method which may touch any device _will_ > > > > * crash the kernel. > > > > */ > > > > +static char vectors[PAGE_SIZE * 2] __ro_after_init __aligned(PAGE_SIZE); > > > > static void __init devicemaps_init(const struct machine_desc *mdesc) > > > > { > > > > struct map_desc map; > > > > unsigned long addr; > > > > - void *vectors; > > > > - > > > > - /* > > > > - * Allocate the vector page early. > > > > - */ > > > > - vectors = early_alloc(PAGE_SIZE * 2); > > > > > > This one is not appropriate. We _do_ write to these pages after init > > > for FIQ handler updates. See set_fiq_handler(). > > > > Is that the only thing that modifies the page? If we think this is a > > valuable change, we could make it depend on the absence of FIQ > > support, as very few platforms (rpc, omap1, s3c24xx and possibly > > imx) seem to even use it. > > There's the TLS emulation too, but that writes via the vectors mapping > at 0xffff0ff0. Ok, so that should be safe. Can we change the fiq code to also use the high mapping and then take the __ro_after_init patch on top? Arnd