[0/2] arm64: pair of minor hardening tweaks

Message ID	20220429131347.3621090-1-ardb@kernel.org (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> From: Ard Biesheuvel <ardb@kernel.org> To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org, mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org> Subject: [PATCH 0/2] arm64: pair of minor hardening tweaks Date: Fri, 29 Apr 2022 15:13:45 +0200 Message-Id: <20220429131347.3621090-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	arm64: pair of minor hardening tweaks \| expand [0/2] arm64: pair of minor hardening tweaks [1/2] arm64: lds: move special code sections out of kernel exec segment [2/2] arm64: mm: avoid writable executable mappings in kexec/hibernate code

Message ID

20220429131347.3621090-1-ardb@kernel.org (mailing list archive)

Headers

From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org,
 mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH 0/2] arm64: pair of minor hardening tweaks
Date: Fri, 29 Apr 2022 15:13:45 +0200
Message-Id: <20220429131347.3621090-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

arm64: pair of minor hardening tweaks | expand

Message

Ard Biesheuvel April 29, 2022, 1:13 p.m. UTC

A couple of tweaks to the way we handle the kexec and hibernate helper
code, so that it no longer gets mapped with attributes it doesn't need.

Ard Biesheuvel (2):
  arm64: lds: move special code sections out of kernel exec segment
  arm64: mm: avoid writable executable mappings in kexec/hibernate code

 arch/arm64/kernel/vmlinux.lds.S | 20 +++++++++++---------
 arch/arm64/mm/trans_pgd.c       |  2 +-
 2 files changed, 12 insertions(+), 10 deletions(-)

Comments

Mark Rutland May 4, 2022, 11:52 a.m. UTC | #1

On Fri, Apr 29, 2022 at 03:13:45PM +0200, Ard Biesheuvel wrote:
> A couple of tweaks to the way we handle the kexec and hibernate helper
> code, so that it no longer gets mapped with attributes it doesn't need.
> 
> Ard Biesheuvel (2):
>   arm64: lds: move special code sections out of kernel exec segment
>   arm64: mm: avoid writable executable mappings in kexec/hibernate code
> 
>  arch/arm64/kernel/vmlinux.lds.S | 20 +++++++++++---------
>  arch/arm64/mm/trans_pgd.c       |  2 +-
>  2 files changed, 12 insertions(+), 10 deletions(-)

These both look reasonable to me, so FWIW:

Acked-by: Mark Rutland <mark.rutland@arm.com>

Mark.

> 
> -- 
> 2.30.2
>

Catalin Marinas May 17, 2022, 8:38 a.m. UTC | #2

On Fri, 29 Apr 2022 15:13:45 +0200, Ard Biesheuvel wrote:
> A couple of tweaks to the way we handle the kexec and hibernate helper
> code, so that it no longer gets mapped with attributes it doesn't need.
> 
> Ard Biesheuvel (2):
>   arm64: lds: move special code sections out of kernel exec segment
>   arm64: mm: avoid writable executable mappings in kexec/hibernate code
> 
> [...]

Applied to arm64 (for-next/misc), thanks!

I modified the first patch for the rodata alignment, it now boots fine.

[1/2] arm64: lds: move special code sections out of kernel exec segment
      https://git.kernel.org/arm64/c/6ee3cf6a209f
[2/2] arm64: mm: avoid writable executable mappings in kexec/hibernate code
      https://git.kernel.org/arm64/c/01142791b0d1