From patchwork Tue Feb 14 20:52:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9572861 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A8A4C60578 for ; Tue, 14 Feb 2017 20:55:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 980AF26C9B for ; Tue, 14 Feb 2017 20:55:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8C8B92840E; Tue, 14 Feb 2017 20:55:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 8900B26C9B for ; Tue, 14 Feb 2017 20:55:04 +0000 (UTC) Received: (qmail 24121 invoked by uid 550); 14 Feb 2017 20:55:02 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 23759 invoked from network); 14 Feb 2017 20:54:59 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=zQrmG4SFbc+2qiLzTEuZ1bTXopsEBta8lCz/N74XApo=; b=JqGn0UZZWTarIggpxAwiH5QBT1sNJpQPxKyHbhBgsAjqRs+9cEw81ZwYNQE3pZoMIU jsNpuVqukVlQXGER9/9YIlsS+chBA9P7v0IrYE9ncXY+8V2pyrbWErJJAsy6R0aiOEDg mDqtjkoqqU/b9yHFjC+ETbH1xmYxfhbNGyM9A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=zQrmG4SFbc+2qiLzTEuZ1bTXopsEBta8lCz/N74XApo=; b=Iu8uBfzKoOfj/+UKis8uOoRkTfsJCu+GJVE+fSut8iBlW4VwY/5JnjZUXhS78J7p39 jrjUfWTpLlSLcFZgPg05QqcCmGgM/NI/F00aVtJb3NH/IkmEcTi3hh2R2xl7M866+RuR 3r2ja6edq9XIFLQiZt/E5XhaRpmha0GM4N7RbbD965/sr6GiKK2hblyjnjj7dmO+ssc2 j9vOIRCcTN4/gvyvqFlP1OSGi139NVM36LCh6WNqc0UvoMzsfwpWWoc/vReRpoq5+CcE JSxUZTtdKznBs2jBhV/Gr//qU2b8OvuQhlhnjSWBmb8Jn9lWhpgZR2aQYSay45hxOXF8 YlTw== X-Gm-Message-State: AMke39kbvBmMebGrYd6hirc+pSYrqW+bvT+ZldGXLmqoBTVZdnUOMwn0+hMN0gAmiekXzG2b X-Received: by 10.223.169.140 with SMTP id b12mr26954627wrd.138.1487105688286; Tue, 14 Feb 2017 12:54:48 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, catalin.marinas@arm.com, will.deacon@arm.com, labbott@fedoraproject.org Cc: kernel-hardening@lists.openwall.com, kvmarm@lists.cs.columbia.edu, marc.zyngier@arm.com, andre.przywara@arm.com, suzuki.poulose@arm.com, james.morse@arm.com, keescook@chromium.org, Ard Biesheuvel Date: Tue, 14 Feb 2017 20:52:34 +0000 Message-Id: <1487105558-21897-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1487105558-21897-1-git-send-email-ard.biesheuvel@linaro.org> References: <1487105558-21897-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH v3 1/5] arm: kvm: move kvm_vgic_global_state out of .text section X-Virus-Scanned: ClamAV using ClamSMTP The kvm_vgic_global_state struct contains a static key which is written to by jump_label_init() at boot time. So in preparation of making .text regions truly (well, almost truly) read-only, mark kvm_vgic_global_state __ro_after_init so it moves to the .rodata section instead. Acked-by: Marc Zyngier Reviewed-by: Laura Abbott Reviewed-by: Mark Rutland Tested-by: Mark Rutland Signed-off-by: Ard Biesheuvel --- virt/kvm/arm/vgic/vgic.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c index 6440b56ec90e..2f373455ed4e 100644 --- a/virt/kvm/arm/vgic/vgic.c +++ b/virt/kvm/arm/vgic/vgic.c @@ -29,7 +29,9 @@ #define DEBUG_SPINLOCK_BUG_ON(p) #endif -struct vgic_global __section(.hyp.text) kvm_vgic_global_state = {.gicv3_cpuif = STATIC_KEY_FALSE_INIT,}; +struct vgic_global kvm_vgic_global_state __ro_after_init = { + .gicv3_cpuif = STATIC_KEY_FALSE_INIT, +}; /* * Locking order is always: