[PATCH 4.4 20/41] arm64: Mark __stack_chk_guard as __ro_after_init

From: Greg Kroah-Hartman
Date: Mon Oct 04 2021 - 08:54:45 EST


From: Dan Li <ashimida@xxxxxxxxxxxxxxxxx>

[ Upstream commit 9fcb2e93f41c07a400885325e7dbdfceba6efaec ]

__stack_chk_guard is setup once while init stage and never changed
after that.

Although the modification of this variable at runtime will usually
cause the kernel to crash (so does the attacker), it should be marked
as __ro_after_init, and it should not affect performance if it is
placed in the ro_after_init section.

Signed-off-by: Dan Li <ashimida@xxxxxxxxxxxxxxxxx>
Acked-by: Mark Rutland <mark.rutland@xxxxxxx>
Link: https://lore.kernel.org/r/1631612642-102881-1-git-send-email-ashimida@xxxxxxxxxxxxxxxxx
Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
arch/arm64/kernel/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 10d6627673cb..6cd79888944e 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -55,7 +55,7 @@

#ifdef CONFIG_CC_STACKPROTECTOR
#include <linux/stackprotector.h>
-unsigned long __stack_chk_guard __read_mostly;
+unsigned long __stack_chk_guard __ro_after_init;
EXPORT_SYMBOL(__stack_chk_guard);
#endif

--
2.33.0