Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment
From: Kees Cook
Date: Tue Oct 01 2019 - 11:48:17 EST
On Tue, Oct 01, 2019 at 10:03:56AM +0100, Will Deacon wrote:
> Hi Kees,
>
> On Thu, Sep 26, 2019 at 10:55:51AM -0700, Kees Cook wrote:
> > The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA.
> >
> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> > ---
> > arch/arm64/kernel/vmlinux.lds.S | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> > index 81d94e371c95..c6ba2eee0ee8 100644
> > --- a/arch/arm64/kernel/vmlinux.lds.S
> > +++ b/arch/arm64/kernel/vmlinux.lds.S
> > @@ -5,6 +5,8 @@
> > * Written by Martin Mares <mj@xxxxxxxxxxxxxxxxxxxxxxxx>
> > */
> >
> > +#define RO_DATA_EXCEPTION_TABLE_ALIGN 8
> > +
> > #include <asm-generic/vmlinux.lds.h>
> > #include <asm/cache.h>
> > #include <asm/kernel-pgtable.h>
> > @@ -135,8 +137,8 @@ SECTIONS
> > . = ALIGN(SEGMENT_ALIGN);
> > _etext = .; /* End of text section */
> >
> > - RO_DATA(PAGE_SIZE) /* everything from this point to */
> > - EXCEPTION_TABLE(8) /* __init_begin will be marked RO NX */
> > + /* everything from this point to __init_begin will be marked RO NX */
> > + RO_DATA(PAGE_SIZE)
> >
> > . = ALIGN(PAGE_SIZE);
>
> Do you reckon it would be worth merging this last ALIGN directive into the
> RO_DATA definition too? Given that we want to map the thing read-only, it
> really has to be aligned either side.
Actually, taking a closer look, this appears to be redundant: RO_DATA()
ends with:
. = ALIGN(align)
(where "align" is the "PAGE_SIZE" argument to RO_DATA())
> Anyway, that's only a nit, so:
>
> Acked-by: Will Deacon <will@xxxxxxxxxx>
Thanks!
> P.S. Please CC the arm64 maintainers on arm64 patches -- I nearly missed
> this one!
Okay, I can re-expand my list. I originally had done this but it was
getting to be a rather large set of people. :)
--
Kees Cook