From patchwork Mon Dec 7 22:14:30 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 57817 Delivered-To: patch@linaro.org Received: by 10.112.147.194 with SMTP id tm2csp1432289lbb; Mon, 7 Dec 2015 14:14:34 -0800 (PST) X-Received: by 10.66.216.7 with SMTP id om7mr189943pac.90.1449526474044; Mon, 07 Dec 2015 14:14:34 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 70si202619pfq.154.2015.12.07.14.14.33; Mon, 07 Dec 2015 14:14:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dkim=neutral (body hash did not verify) header.i=@linaro-org.20150623.gappssmtp.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756273AbbLGWOc (ORCPT + 28 others); Mon, 7 Dec 2015 17:14:32 -0500 Received: from mail-io0-f170.google.com ([209.85.223.170]:35792 "EHLO mail-io0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756066AbbLGWOa (ORCPT ); Mon, 7 Dec 2015 17:14:30 -0500 Received: by ioc74 with SMTP id 74so5335396ioc.2 for ; Mon, 07 Dec 2015 14:14:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JHi/c1lhWaWbsBPEX+Vo2BvhZ463x0kBMIw/CBaxURI=; b=q38DVxIcR0OiXxcOI2AXoPSl3OKfEQsey1wud4FikJMl9Fmg76kIkIKUaWpRaMTWA3 dXsaDkrzdx6L80hn/5XQaTbj5q9OYAagSDMADwAoLtASECU9byn54bOd3RhF0KoMOdwp Vvf8Ht3EJ+ZzVNrSgHDu8oIsIKVHIqd2cbsXkADyX8VtQ8ODABU2+QSDu5aeTm8+yFEG KnwEI2FjoculBRfWZiU2B1K6IN17tzMf2Yl6VWVSDgA60e9pXvXxh7hITW3Hnl/uMXMu lxtOHQfMzNUsMjVrt1BwlWXLjs+mZqYgAUKQKVS3MjD+Bqggp13imW2QhzVPwA4SoZeX EKIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=JHi/c1lhWaWbsBPEX+Vo2BvhZ463x0kBMIw/CBaxURI=; b=AdLARzPfrlEoxIEG1lpqQkcvHjVwwIygAZPfaC+QFjP2Ma+2H9OF5tj/9u1m3lp8gc oyawDUEbPj3dlNBtS6A4j3VbY4UxvMV59E/IebWo1MEaSnH0ikW+wuh8ElhOChjse0Ma 2UT8fK5oJWz50TCNaC0I5laiZ61F3zhxxZGYBedYOKfUXNobI7uxFbiRaYNfTtCxVFdh 5xYbqR3cmQBnf9kEY4nidaHZrQeF8OKr0EUQnecho5ql7gbLJOW4l9x8EsJ/KSms9+rX fnsfZkqT+VviJe8d8wj+1dzfM4nljo0OJUw7PmGjTtw8YX33ATRFhqT3a613ea4T/0Wl O4Ig== X-Gm-Message-State: ALoCoQnIHzAYCfcKkNspmFOaimvJFSL4bhvzwh6qGzNLFVbpektzApkgWMN3FvajTLu+Hgik/IhPk2AKKgG+E2knDdkLjCDXZ4gSIllUwn+XLGutQroOcG4= MIME-Version: 1.0 X-Received: by 10.107.132.11 with SMTP id g11mr850551iod.56.1449526470220; Mon, 07 Dec 2015 14:14:30 -0800 (PST) Received: by 10.36.29.6 with HTTP; Mon, 7 Dec 2015 14:14:30 -0800 (PST) In-Reply-To: References: <20151207205432.GA5271@www.outflux.net> Date: Mon, 7 Dec 2015 23:14:30 +0100 Message-ID: Subject: Re: [PATCH] ARM: mm: mark section-aligned portion of rodata NX From: Ard Biesheuvel To: Kees Cook Cc: Laura Abbott , Russell King , Will Deacon , Catalin Marinas , Victor Kamensky , Vladimir Murzin , "linux-arm-kernel@lists.infradead.org" , "linux-kernel@vger.kernel.org" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7 December 2015 at 22:56, Kees Cook wrote: > On Mon, Dec 7, 2015 at 1:52 PM, Ard Biesheuvel > wrote: >> On 7 December 2015 at 21:54, Kees Cook wrote: >>> When rodata is large enough that it crosses a section boundary after the >>> kernel text, mark the rest NX. This is as close to full NX of rodata as >>> we can get without splitting page tables or doing section alignment via >>> CONFIG_DEBUG_ALIGN_RODATA. >>> >>> Signed-off-by: Kees Cook >>> --- >>> I am baffled why I can't put the ALIGN in the ".start = " initializer. >>> GCC seems to think it's non-static, but only because of the "&" operator. >>> Does anyone see a way to do this that doesn't require the runtime ALIGN? >> >> Yes, but you need to move the ALIGN() expression to the linker script >> as the value of a new symbol > > I didn't see a way to do this without actually bumping the alignment > (CONFIG_DEBUG_ALIGN_RODATA already does that, I want the other case). > Do you have an example anywhere I could look at? > Something like this (untested) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 8b60fde5ce48..9fb98c5dd35b 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -336,6 +336,8 @@ SECTIONS STABS_DEBUG } +__start_rodata_section_aligned = ALIGN(__start_rodata, 1 << SECTION_SHIFT); + /* * These must never be empty * If you have to comment these two assert statements out, your diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c index 8a63b4cdc0f2..ddacd3bd8f8b 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c @@ -592,15 +592,13 @@ static struct section_perm nx_perms[] = { .mask = ~PMD_SECT_XN, .prot = PMD_SECT_XN, }, -#ifdef CONFIG_DEBUG_RODATA /* Make rodata NX (set RO in ro_perms below). */ { - .start = (unsigned long)__start_rodata, + .start = (unsigned long)__start_rodata_section_aligned, .end = (unsigned long)__init_begin, .mask = ~PMD_SECT_XN, .prot = PMD_SECT_XN, }, -#endif }; #ifdef CONFIG_DEBUG_RODATA