| Message ID | 20190926175602.33098-15-keescook@chromium.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES | expand |
On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote: > Many architectures have an EXCEPTION_TABLE that needs only to be > read-only. As such, it should live in RO_DATA. This creates a macro to > identify this case for the architectures that can move EXCEPTION_TABLE > into RO_DATA. > > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > include/asm-generic/vmlinux.lds.h | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h > index d57a28786bb8..35a6cba39d9f 100644 > --- a/include/asm-generic/vmlinux.lds.h > +++ b/include/asm-generic/vmlinux.lds.h > @@ -69,6 +69,17 @@ > #define NOTES_HEADERS_RESTORE > #endif > > +/* > + * Some architectures have non-executable read-only exception tables. > + * They can be added to the RO_DATA segment by specifying their desired > + * alignment. > + */ > +#ifdef RO_DATA_EXCEPTION_TABLE_ALIGN > +#define RO_DATA_EXCEPTION_TABLE EXCEPTION_TABLE(RO_DATA_EXCEPTION_TABLE_ALIGN) > +#else > +#define RO_DATA_EXCEPTION_TABLE > +#endif > + > /* Align . to a 8 byte boundary equals to maximum function alignment. */ > #define ALIGN_FUNCTION() . = ALIGN(8) > > @@ -508,6 +519,7 @@ > __stop___modver = .; \ > } \ > \ > + RO_DATA_EXCEPTION_TABLE \ > NOTES \ > \ > . = ALIGN((align)); \ I had to read this one to understand the later arm64 change. It looks fine to me, so: Acked-by: Will Deacon <will@kernel.org> Will
On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote: > Many architectures have an EXCEPTION_TABLE that needs only to be > read-only. As such, it should live in RO_DATA. This creates a macro to > identify this case for the architectures that can move EXCEPTION_TABLE > into RO_DATA. > > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > include/asm-generic/vmlinux.lds.h | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h > index d57a28786bb8..35a6cba39d9f 100644 > --- a/include/asm-generic/vmlinux.lds.h > +++ b/include/asm-generic/vmlinux.lds.h > @@ -69,6 +69,17 @@ > #define NOTES_HEADERS_RESTORE > #endif > > +/* > + * Some architectures have non-executable read-only exception tables. > + * They can be added to the RO_DATA segment by specifying their desired > + * alignment. > + */ > +#ifdef RO_DATA_EXCEPTION_TABLE_ALIGN > +#define RO_DATA_EXCEPTION_TABLE EXCEPTION_TABLE(RO_DATA_EXCEPTION_TABLE_ALIGN) > +#else > +#define RO_DATA_EXCEPTION_TABLE > +#endif > + > /* Align . to a 8 byte boundary equals to maximum function alignment. */ > #define ALIGN_FUNCTION() . = ALIGN(8) > > @@ -508,6 +519,7 @@ > __stop___modver = .; \ > } \ > \ > + RO_DATA_EXCEPTION_TABLE \ > NOTES \ > \ > . = ALIGN((align)); \ > -- I think you can drop the "DATA" from the names as it is kinda clear where the exception table lands: RO_EXCEPTION_TABLE_ALIGN RO_EXCEPTION_TABLE The "read-only" part is the important one.
On Thu, Oct 10, 2019 at 05:25:16PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote: > > Many architectures have an EXCEPTION_TABLE that needs only to be > > read-only. As such, it should live in RO_DATA. This creates a macro to > > identify this case for the architectures that can move EXCEPTION_TABLE > > into RO_DATA. > > > > Signed-off-by: Kees Cook <keescook@chromium.org> > > --- > > include/asm-generic/vmlinux.lds.h | 12 ++++++++++++ > > 1 file changed, 12 insertions(+) > > > > diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h > > index d57a28786bb8..35a6cba39d9f 100644 > > --- a/include/asm-generic/vmlinux.lds.h > > +++ b/include/asm-generic/vmlinux.lds.h > > @@ -69,6 +69,17 @@ > > #define NOTES_HEADERS_RESTORE > > #endif > > > > +/* > > + * Some architectures have non-executable read-only exception tables. > > + * They can be added to the RO_DATA segment by specifying their desired > > + * alignment. > > + */ > > +#ifdef RO_DATA_EXCEPTION_TABLE_ALIGN > > +#define RO_DATA_EXCEPTION_TABLE EXCEPTION_TABLE(RO_DATA_EXCEPTION_TABLE_ALIGN) > > +#else > > +#define RO_DATA_EXCEPTION_TABLE > > +#endif > > + > > /* Align . to a 8 byte boundary equals to maximum function alignment. */ > > #define ALIGN_FUNCTION() . = ALIGN(8) > > > > @@ -508,6 +519,7 @@ > > __stop___modver = .; \ > > } \ > > \ > > + RO_DATA_EXCEPTION_TABLE \ > > NOTES \ > > \ > > . = ALIGN((align)); \ > > -- > > I think you can drop the "DATA" from the names as it is kinda clear > where the exception table lands: > > RO_EXCEPTION_TABLE_ALIGN > RO_EXCEPTION_TABLE > > The "read-only" part is the important one. Excellent point; I was not loving the how long the name was either. :)
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index d57a28786bb8..35a6cba39d9f 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -69,6 +69,17 @@ #define NOTES_HEADERS_RESTORE #endif +/* + * Some architectures have non-executable read-only exception tables. + * They can be added to the RO_DATA segment by specifying their desired + * alignment. + */ +#ifdef RO_DATA_EXCEPTION_TABLE_ALIGN +#define RO_DATA_EXCEPTION_TABLE EXCEPTION_TABLE(RO_DATA_EXCEPTION_TABLE_ALIGN) +#else +#define RO_DATA_EXCEPTION_TABLE +#endif + /* Align . to a 8 byte boundary equals to maximum function alignment. */ #define ALIGN_FUNCTION() . = ALIGN(8) @@ -508,6 +519,7 @@ __stop___modver = .; \ } \ \ + RO_DATA_EXCEPTION_TABLE \ NOTES \ \ . = ALIGN((align)); \
Many architectures have an EXCEPTION_TABLE that needs only to be read-only. As such, it should live in RO_DATA. This creates a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook <keescook@chromium.org> --- include/asm-generic/vmlinux.lds.h | 12 ++++++++++++ 1 file changed, 12 insertions(+)