[PATCH v2 1/2] arm64: mm: Mark .rodata as RO
Mark Rutland
mark.rutland at arm.com
Wed Feb 17 09:02:47 PST 2016
On Wed, Feb 17, 2016 at 05:55:57PM +0100, Ard Biesheuvel wrote:
> On 17 February 2016 at 17:54, Jeremy Linton <jeremy.linton at arm.com> wrote:
> > On 02/17/2016 10:46 AM, Ard Biesheuvel wrote:
> >>
> >> On 17 February 2016 at 17:41, Jeremy Linton <jeremy.linton at arm.com> wrote:
> >>>
> >>> Currently the .rodata section is actually still executable when
> >>> DEBUG_RODATA
> >>> is enabled. This changes that so the .rodata is actually read only, no
> >>> execute.
> >>>
> > (trimming)
> >>>
> >>>
> >>> - map_kernel_chunk(pgd, _stext, _etext, PAGE_KERNEL_EXEC);
> >>> + map_kernel_chunk(pgd, _stext, __start_rodata, PAGE_KERNEL_EXEC);
> >>> + map_kernel_chunk(pgd, __start_rodata, _etext, PAGE_KERNEL_EXEC);
> >>
> >>
> >> Couldn't we map this non-exec from the start?
> >
> >
> > Probably, Mark suggested that, but Kees seemed to have reasons not to.
> > Either way, my opinion is that for that change to make sense we also need to
> > always enable the functionality turned on by DEBUG_RODATA.
> >
>
> Actually, I think that was about mapping read-only, not non-exec. For
> text patching and Kees's __ro_after_init stuff, the region would need
> to be writable early on. But I don't think there is a reason to make
> it executable.
Yup, we should be able to make it PAGE_KERNEL here, even if we can't
make it PAGE_KERNEL_RO.
Mark.
More information about the linux-arm-kernel
mailing list