From patchwork Wed May 10 17:36:37 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Micay <danielmicay@gmail.com>
X-Patchwork-Id: 9720277
Return-Path: 
 <kernel-hardening-return-7838-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	E362160236 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 10 May 2017 17:37:18 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D772D2074F
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 10 May 2017 17:37:18 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C9E9828623; Wed, 10 May 2017 17:37:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 06C452074F
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 10 May 2017 17:37:17 +0000 (UTC)
Received: (qmail 11848 invoked by uid 550); 10 May 2017 17:37:15 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 11822 invoked from network); 10 May 2017 17:37:13 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=HosBhJvzmbhXZY4zyWGlEVlo03w18zkYLpBXZOH43Y4=;
	b=r2FHu0ynxDSImDXFMgmeVJGS7EayaVybYiW3Eb1VR2ycB9roZSc2+uMrP/hS6+RJg4
	z0EWcljfK5xf99n7rzxBOVNAoc7Tscg/XR6w/WnWBc7MkYkOZdIujggPwTuxgWnLVc37
	mPeFsE3iZ4FeE1SDBTQSm+iWS9faOY1WeIwH/BNuPxZJylXYKjiyRC3RSR7x/I5NBiWM
	4moarPG5OBRFr9ppH9uEeqaF+C6wJm4GnK95hfzl1xro203xDkhYGkXPLIh/K2jiRJeh
	Kg9Zy9s/2ZrPtLbILbtaWhotuOyxO+lEG+QkPYuhONfAYo4pEyvVNYWrJMo20t3A8TmC
	+jtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=HosBhJvzmbhXZY4zyWGlEVlo03w18zkYLpBXZOH43Y4=;
	b=kBUnibI0/+6q1f5qL10IE2YFlmdwo3PB+6tlHHDQSYX+TvxuYgRU3fzpVZ8tGV2c+P
	xvWbm6TNL3ZhOSfr4QdIjsP+Nr3zZ1bv6Fl+jVBBfeBH6tgFH7ETxZ2KPFDDcG+Wm4eX
	inVECXxmc+6KxlweglXRKAEKWlziPt/rj3ripN3T1yjC29SEmJC+audoSjSy0jWV36h0
	emLz2TDy4Cw6b/a/HGqMCDcIHU9v1D9spJapHEO+Y6l6AjihdBgPO7wz82zoq4w7Z0OS
	tWbKdxYw3ZbFvZPLXBIb6PDvDPS7mrBFSkRrDk3vxdwVeE03RR2lQAfw4UleDbYVuiS+
	/m0w==
X-Gm-Message-State: AODbwcDTjnFI6VP0IWgyrIZnM5wzGRVCeS7BUQzOS6UQsDr97ujYjxep
	Fw5e2HVMYN8Qmw==
X-Received: by 10.36.138.70 with SMTP id v67mr6337130itd.1.1494437822146;
	Wed, 10 May 2017 10:37:02 -0700 (PDT)
From: Daniel Micay <danielmicay@gmail.com>
To: Tejun Heo <tj@kernel.org>,
	Christoph Lameter <cl@linux.com>
Cc: Kees Cook <keescook@chromium.org>, kernel-hardening@lists.openwall.com,
	Daniel Micay <danielmicay@gmail.com>
Date: Wed, 10 May 2017 13:36:37 -0400
Message-Id: <20170510173637.25116-1-danielmicay@gmail.com>
X-Mailer: git-send-email 2.12.2
Subject: [kernel-hardening] [PATCH] mark most percpu globals as
	__ro_after_init
X-Virus-Scanned: ClamAV using ClamSMTP

Moving pcpu_base_addr to this section comes from PaX where it's part of
KERNEXEC. This extends it to the rest of the globals only written by the
init code.

Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
---
 mm/percpu.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/mm/percpu.c b/mm/percpu.c
index e0aa8ae7bde7..c03753054099 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -121,35 +121,35 @@ struct pcpu_chunk {
 	unsigned long		populated[];	/* populated bitmap */
 };
 
-static int pcpu_unit_pages __read_mostly;
-static int pcpu_unit_size __read_mostly;
-static int pcpu_nr_units __read_mostly;
-static int pcpu_atom_size __read_mostly;
-static int pcpu_nr_slots __read_mostly;
-static size_t pcpu_chunk_struct_size __read_mostly;
+static int pcpu_unit_pages __ro_after_init;
+static int pcpu_unit_size __ro_after_init;
+static int pcpu_nr_units __ro_after_init;
+static int pcpu_atom_size __ro_after_init;
+static int pcpu_nr_slots __ro_after_init;
+static size_t pcpu_chunk_struct_size __ro_after_init;
 
 /* cpus with the lowest and highest unit addresses */
-static unsigned int pcpu_low_unit_cpu __read_mostly;
-static unsigned int pcpu_high_unit_cpu __read_mostly;
+static unsigned int pcpu_low_unit_cpu __ro_after_init;
+static unsigned int pcpu_high_unit_cpu __ro_after_init;
 
 /* the address of the first chunk which starts with the kernel static area */
-void *pcpu_base_addr __read_mostly;
+void *pcpu_base_addr __ro_after_init;
 EXPORT_SYMBOL_GPL(pcpu_base_addr);
 
-static const int *pcpu_unit_map __read_mostly;		/* cpu -> unit */
-const unsigned long *pcpu_unit_offsets __read_mostly;	/* cpu -> unit offset */
+static const int *pcpu_unit_map __ro_after_init;		/* cpu -> unit */
+const unsigned long *pcpu_unit_offsets __ro_after_init;	/* cpu -> unit offset */
 
 /* group information, used for vm allocation */
-static int pcpu_nr_groups __read_mostly;
-static const unsigned long *pcpu_group_offsets __read_mostly;
-static const size_t *pcpu_group_sizes __read_mostly;
+static int pcpu_nr_groups __ro_after_init;
+static const unsigned long *pcpu_group_offsets __ro_after_init;
+static const size_t *pcpu_group_sizes __ro_after_init;
 
 /*
  * The first chunk which always exists.  Note that unlike other
  * chunks, this one can be allocated and mapped in several different
  * ways and thus often doesn't live in the vmalloc area.
  */
-static struct pcpu_chunk *pcpu_first_chunk;
+static struct pcpu_chunk *pcpu_first_chunk __ro_after_init;
 
 /*
  * Optional reserved chunk.  This chunk reserves part of the first
@@ -158,13 +158,13 @@ static struct pcpu_chunk *pcpu_first_chunk;
  * area doesn't exist, the following variables contain NULL and 0
  * respectively.
  */
-static struct pcpu_chunk *pcpu_reserved_chunk;
-static int pcpu_reserved_chunk_limit;
+static struct pcpu_chunk *pcpu_reserved_chunk __ro_after_init;
+static int pcpu_reserved_chunk_limit __ro_after_init;
 
 static DEFINE_SPINLOCK(pcpu_lock);	/* all internal data structures */
 static DEFINE_MUTEX(pcpu_alloc_mutex);	/* chunk create/destroy, [de]pop, map ext */
 
-static struct list_head *pcpu_slot __read_mostly; /* chunk list slots */
+static struct list_head *pcpu_slot __ro_after_init; /* chunk list slots */
 
 /* chunks which need their map areas extended, protected by pcpu_lock */
 static LIST_HEAD(pcpu_map_extend_chunks);