[PATCH 2/2] ARM: mm: keep rodata non-executable
Dave Martin
Dave.Martin at arm.com
Fri Feb 14 11:22:57 EST 2014
On Thu, Feb 13, 2014 at 05:04:10PM -0800, Kees Cook wrote:
> Introduce "CONFIG_DEBUG_RODATA" to mostly match the x86 config, though
> the behavior is different: it depends on STRICT_KERNMEM_PERMS, which
> sets rodata read-only (but executable), where as this option additionally
> splits rodata from the kernel text (resulting in potentially more memory
> lost to padding) and sets it non-executable as well. The end result is
> that on builds with CONFIG_DEBUG_RODATA=y (like x86) the rodata with be
> marked purely read-only.
This triggers an Oops in kexec, because we have a block of code in .text
which is a template for generating baremetal code to relocate the new
kernel, and some literal words are written into it before copying.
Possibly this should be in .rodata, not .text.
There may be a few other instances of this kind of thing.
Are you aware of similar situations on other arches?
Cheers
---Dave
More information about the linux-arm-kernel
mailing list