From patchwork Tue Mar 14 10:13:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Evgeniy Baskov X-Patchwork-Id: 663800 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC025C7618A for ; Tue, 14 Mar 2023 10:22:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230125AbjCNKWs (ORCPT ); Tue, 14 Mar 2023 06:22:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230182AbjCNKW1 (ORCPT ); Tue, 14 Mar 2023 06:22:27 -0400 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 554719BA74; Tue, 14 Mar 2023 03:22:02 -0700 (PDT) Received: from localhost.localdomain (unknown [83.149.199.65]) by mail.ispras.ru (Postfix) with ESMTPSA id CDC7B40755D2; Tue, 14 Mar 2023 10:14:00 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru CDC7B40755D2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1678788840; bh=EFJb9tTw64ENt680pifdKRXpvL7PgePGOnq6mgMilbI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ggABUxDrzLvNuUbajlU0vfcHk6kjIt3AhOX8yP6tIfcNDRtbNZ0Monp4gLl4Q/x8P pRiB0dAKaypOKO/Ou7Ml1USRjoirdXCWolVA77DP3epJ+4NhlULw+xK0UIT6dbmYxV 8Fs5pW69Gi93ZNQSy0CtUwi7bSWHob8SqRPhH6N0= From: Evgeniy Baskov To: Ard Biesheuvel Cc: Evgeniy Baskov , Borislav Petkov , Andy Lutomirski , Dave Hansen , Ingo Molnar , Peter Zijlstra , Thomas Gleixner , Alexey Khoroshilov , Peter Jones , Gerd Hoffmann , "Limonciello, Mario" , joeyli , lvc-project@linuxtesting.org, x86@kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v5 02/27] x86/build: Remove RWX sections and align on 4KB Date: Tue, 14 Mar 2023 13:13:29 +0300 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org Avoid creating sections simultaneously writable and readable to prepare for W^X implementation for the kernel itself (not the decompressor). Align kernel sections on page size (4KB) to allow protecting them in the page tables. Split init code form ".init" segment into separate R_X ".inittext" segment and make ".init" segment non-executable. Also add these segments to x86_32 architecture for consistency. Currently paging is disabled in x86_32 in compressed kernel, so protection is not applied anyways, but .init code was incorrectly placed in non-executable ".data" segment. This should not change anything meaningful in memory layout now, but might be required in case memory protection will also be implemented in compressed kernel for x86_32. Tested-by: Mario Limonciello Signed-off-by: Evgeniy Baskov --- arch/x86/kernel/vmlinux.lds.S | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 25f155205770..81ea1236d293 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -102,12 +102,11 @@ jiffies = jiffies_64; PHDRS { text PT_LOAD FLAGS(5); /* R_E */ data PT_LOAD FLAGS(6); /* RW_ */ -#ifdef CONFIG_X86_64 -#ifdef CONFIG_SMP +#if defined(CONFIG_X86_64) && defined(CONFIG_SMP) percpu PT_LOAD FLAGS(6); /* RW_ */ #endif - init PT_LOAD FLAGS(7); /* RWE */ -#endif + inittext PT_LOAD FLAGS(5); /* R_E */ + init PT_LOAD FLAGS(6); /* RW_ */ note PT_NOTE FLAGS(0); /* ___ */ } @@ -226,9 +225,10 @@ SECTIONS #endif INIT_TEXT_SECTION(PAGE_SIZE) -#ifdef CONFIG_X86_64 - :init -#endif + :inittext + + . = ALIGN(PAGE_SIZE); + /* * Section for code used exclusively before alternatives are run. All @@ -240,6 +240,7 @@ SECTIONS .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { *(.altinstr_aux) } + :init INIT_DATA_SECTION(16)