From patchwork Thu Mar 6 13:13:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 14004461 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADCA220E03A for ; Thu, 6 Mar 2025 13:15:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741266933; cv=none; b=gdkF698oGIOB9fW4C732DNTIFBkxBw6raiQkvmnuAt5FamTyyXUFbmBnDzhsBEo/+lKTRIyUMHsyydBRDzdXLyo8JAnGPMPpNPU/6qyfOA587RYtlpH951UmjLfFkF62RdFhBCC1NZUHhnjHLhrtStIn4B3VEma3wv4wyo4sgFM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741266933; c=relaxed/simple; bh=BvSlaG3rLjNuw2XDjvoJaB0XtiXWFz6skWwh3t2ohzk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Tk3H5nCCTuO8igp6tErj+DmcpWLXenVreuTAGPfHUUV8a+Y5gqwoEAE7D0bM7BQBQnWnSYt+i5C7SSzXfHH0Rnr2hlEX+yq/EFlbaGj9C2zQhIG/s4gi9bhzoDSpyjjjOLHoPZ8Uyb4LslIVwrNGYWZjovVjReL+QefjpSyPJhI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=OvORDHt+; arc=none smtp.client-ip=209.85.128.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="OvORDHt+" Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4393dc02b78so3976495e9.3 for ; Thu, 06 Mar 2025 05:15:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1741266930; x=1741871730; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Pj78PG0pp5n8PTZUVZot4fU7c++ftFca2ezsst8qrio=; b=OvORDHt+NMLiOA+Iolz2wGqz+F4SlpHLd88MJytIqHdLfYYUzFL1FHQEnbdfe0DR+T aJYDJcZq5Xu3a31EuLHW/TsVz0VxJzF3tOveXIL4x7hnIZgy6XoY1bKH4kEJ+0fyTwrL q0P54ei19rJkc5tZgg5W2Th822C1/TjXoZf+u37ASa1D9LZRZTETzFUygTxNOPtrnnvF yL9+9mTT36rPDToP6e9ryvC/Smk2OZ0erN1SauT5WY560NSp5dcHMUzlDGGmUx8EUNlo ydszgzldoB7Z1CBjlaRbo3ltfkkGplru1mdc2Y4Aof+/925O+VRuLvQENco4dT4MZKd2 elqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741266930; x=1741871730; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pj78PG0pp5n8PTZUVZot4fU7c++ftFca2ezsst8qrio=; b=afi3pcWQCZT70n5hxPT4O1RnSW9jKBmXvCzbFM09+nssWD9os0ufqg7lNO39bF8BFv oqOiLN1r4pD8Nn8oacL+hcmaUv+2nntwKnlegYP4AQ0rDIFSuyRFLCBNol9fYC3BD2sY YZk+QH6Vij7sFQiRNn0AUTMh2jhvYgC2P9PpWvorc7hvMDRMvn/+tzFlNQ29/V+kdKo3 jKdu7K5fxZ4CAN6h3VPBwkJi+zSBX9YsX9qUkse/w/BOmgMk9QQBsMH4f8ywVgCWS/fr +vRxbLlAi4OzucLHTlS4vFBZa6Qn0zd8yG9RSTG3vrxhLiW1mOleI8ltsIJnwNeKFMTs rREQ== X-Forwarded-Encrypted: i=1; AJvYcCXnBFEuzUvjQKge2RMXTBtlMrlPTePbr/gkPo35pWBCk/nEmuvlFGiFWDO1/wHH617ij0G5Fgwfui+wFmtE@vger.kernel.org X-Gm-Message-State: AOJu0Yyk7+3fDA3EbLF3+SwWP0ZBvB7bMwcVlaw87kyNNXNXKXfU5/Ma T91mLQcIspNDvo2GoR/ZvBfNXH6x/axXsxIQcif0qoYM6pzl+Mec5bwvXVQHlb8= X-Gm-Gg: ASbGncvU+mX8VqFE6r9sqRNm5AIKAOX7TQa95SLGz9SvzSd7L6fv4CJkIGpeTmxRHf/ e1P4votDVUvuhtAWSBpiM7AgNXvOhPeGvrFTl8kR44qPQ+shlpj47KabzWnIQbWHgGxZ5q6tfS/ 0r9WFZ9IxhEyW3GZSaJ9CRnWCcRrjka+VWRWU9IBvBh6HhtvDF4lIEmBvSoe/9F3IxXvprB/VSP Kj02tS8lNvmokFSFcvpHUeT4zA/nDPLgG4aMVcfo3AQvxdeqeHiMqz8qZAjr2g4D3NbRV/wjJzO /+24O7LqUT0/KYsnVPqMVjqRGydwAftr94+gUsgGwyhNm8sH X-Google-Smtp-Source: AGHT+IFr54SyRcHfD64GHzzREo8VdfNOB246KLkodyLGDvF849R5Dk9GM2hPiS0mwZXhRJQCfmy98g== X-Received: by 2002:a05:600c:1d02:b0:439:91dd:cfa3 with SMTP id 5b1f17b1804b1-43bd29d8db3mr54480605e9.29.1741266929975; Thu, 06 Mar 2025 05:15:29 -0800 (PST) Received: from dhcp161.suse.cz ([193.86.92.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43bdd8c327fsm19704485e9.13.2025.03.06.05.15.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Mar 2025 05:15:29 -0800 (PST) From: Petr Pavlu To: Luis Chamberlain , Petr Pavlu , Peter Zijlstra , Josh Poimboeuf , Jason Baron Cc: Sami Tolvanen , Daniel Gomez , Steven Rostedt , Ard Biesheuvel , Christophe Leroy , linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 1/3] module: Constify parameters of module_enforce_rwx_sections() Date: Thu, 6 Mar 2025 14:13:52 +0100 Message-ID: <20250306131430.7016-2-petr.pavlu@suse.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250306131430.7016-1-petr.pavlu@suse.com> References: <20250306131430.7016-1-petr.pavlu@suse.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Minor cleanup, this is a non-functional change. Signed-off-by: Petr Pavlu --- kernel/module/internal.h | 5 +++-- kernel/module/strict_rwx.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index d09b46ef032f..18f32e791db0 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -333,8 +333,9 @@ int module_enable_rodata_ro(const struct module *mod); int module_enable_rodata_ro_after_init(const struct module *mod); int module_enable_data_nx(const struct module *mod); int module_enable_text_rox(const struct module *mod); -int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, - char *secstrings, struct module *mod); +int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, + const char *secstrings, + const struct module *mod); #ifdef CONFIG_MODULE_SIG int module_sig_check(struct load_info *info, int flags); diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c index 74834ba15615..81278e687055 100644 --- a/kernel/module/strict_rwx.c +++ b/kernel/module/strict_rwx.c @@ -86,8 +86,9 @@ int module_enable_data_nx(const struct module *mod) return 0; } -int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, - char *secstrings, struct module *mod) +int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, + const char *secstrings, + const struct module *mod) { const unsigned long shf_wx = SHF_WRITE | SHF_EXECINSTR; int i; From patchwork Thu Mar 6 13:13:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 14004462 Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4362D20F08E for ; Thu, 6 Mar 2025 13:15:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741266936; cv=none; b=GIEAO3aK3BTBGjaZV0smzWSR12HByDkeWDJ/Ne9rd9YHlO5682iPSUAwp7wz0ZLy9NtdeV0tqy0mA2OeD6kRdFkGg/7G2YKEFokRFEthNlhVN/EgNz+4GnYMItNbXxuL6ye16fEeZKsdfP0qc+M61V37DHi6MB/rO+b0pc0u324= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741266936; c=relaxed/simple; bh=0tGSJ2zcfBUxZkyVy6Lyn8LU+JSKx/WFyTwadsmy5nY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HwHmH2zimtf0c/oOoTg4QSzKlKdJsnEy76vAwlrYrvrEF4YwLNtKJXdicZRwICY9pJ5gjCdQ6xfSlNLnFIygkywCsU4X+jRsSLs3TclmnO5+sKJe/bWES+a3zEWanCOtRofxtaK1hSD6dlhk2/x/mpgPHrnG22rQftluFDwihwQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=PLO2JKdQ; arc=none smtp.client-ip=209.85.221.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="PLO2JKdQ" Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-390e6ac844fso560987f8f.3 for ; Thu, 06 Mar 2025 05:15:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1741266932; x=1741871732; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qz4XRTq2wHtyfxO9Iu3bx9YuJ/6rqBX5vJIg6Ki8YEc=; b=PLO2JKdQv8xHHNAxPqDJZ1qOmIsmGdiKTFD10pGaXcG77RCl/DkLJNZcCimed9BO6c HbYLWTyBF2N0bJXKPWLvmbuz0Zxx2qoTbGXItMyCJhxQr0hhVCygk0TemIY3v3d20gwk AwV/Y1QdDLYXElT6EnwCwZD6y1vB/s7wJta/WNOniEV4uomcytWlYtCLNx06Pj7u1gZa nFUtIhSrnBgDUpejuasxw14UOgRpiR1FedJ1i+DQ4bhpScWjpYrDwAwRi8k+f7ltWAt5 nm0s4mMmN3IsRYP6SeXMPimVb+YD0MgL6HJgLV6KSIyd94fNJaWN5wDAnSeDXqny/Mi9 385Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741266932; x=1741871732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qz4XRTq2wHtyfxO9Iu3bx9YuJ/6rqBX5vJIg6Ki8YEc=; b=QzusBrzQSBWRvWSZbzEBLUJ6b25JPHXeIt2u2DvsfiuUCE44acIPiCb2s2fEgVFWuT iziDPFlXnsEz7vfxC9T75dP69BEkQCMzfDRHucNlGv0nVPwVAOS9XarOnGXimUDZVfyk cNC+/TSfE4CjQIV2LbbIUqSXPKjXylsMfd2pg4YvR3PKAw4VYX3E8c16+xQEN8p94qMO Iby06SB6Mw0DLSP7DHhZNNswldHqaFSQxiWFocd30eBZH45EDmm9lmEqQkPUankbsirF j3RQkByw2vZ+CddszQPGJb3wUYHLg2FXIxCnglWRP9hL2MNVE0NxE7LoiDqp7DEafO1s S/Yg== X-Forwarded-Encrypted: i=1; AJvYcCXZXBvJl3JbuD0g1LJZBODWv7KauQ1SBii3DLOVfgN96MdpM3oX5Y8MuOxZeqK/LSwl2fVK1YiSE7rdW5Lh@vger.kernel.org X-Gm-Message-State: AOJu0YwaYK7DUdRV6kBhfeGjDUuo5QG6gda5txPgFkNzk6Du72085++A WGwRKrgA0CSKOp0IgrpAiKFu2LfnqU7S583KUp0WqhQpmhRyT25rkZVYkccDFzE= X-Gm-Gg: ASbGnctgGWc/bO5EcMLh/QXr7U2mNUYfdfEvXf09pKn0r+MXLDhWOx4t/Ci+UCTxE3y VCKWosWolysj4VQB67Mbvd9Rjjb5aDBgHDM9UY+7FrFel/AP+Et2JDSA4bvx0JVxaiuJkre7waT bGElb732BuRJvKvrcr+JRMo+fiItVf463vmYRWgVCl8HZppoNFN7FpQij5PL3ns9lJqdcUVYFB3 WVbiH/s0in9yxOj84FRVFoCh8D75EOI6NQJ9uOWwnlcw8xtFvh3h0tU0U2Ys8UBg/mgyKb9zKsH hz+aq9uZS6Ayg8woQPqWT6ZQlSw06nowWJMn6+WFfBsKMv0g X-Google-Smtp-Source: AGHT+IHqVig/PZTsgpubptGowxDPhYadgbR/BUVqM7eADw/KYZQQ9lMGwoFbn+PLE/hr3mMmnwG7GQ== X-Received: by 2002:a5d:6d07:0:b0:38f:3224:660b with SMTP id ffacd0b85a97d-3911f7377fdmr5718510f8f.22.1741266932519; Thu, 06 Mar 2025 05:15:32 -0800 (PST) Received: from dhcp161.suse.cz ([193.86.92.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43bdd8c327fsm19704485e9.13.2025.03.06.05.15.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Mar 2025 05:15:30 -0800 (PST) From: Petr Pavlu To: Luis Chamberlain , Petr Pavlu , Peter Zijlstra , Josh Poimboeuf , Jason Baron Cc: Sami Tolvanen , Daniel Gomez , Steven Rostedt , Ard Biesheuvel , Christophe Leroy , linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 2/3] module: Add a separate function to mark sections as read-only after init Date: Thu, 6 Mar 2025 14:13:53 +0100 Message-ID: <20250306131430.7016-3-petr.pavlu@suse.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250306131430.7016-1-petr.pavlu@suse.com> References: <20250306131430.7016-1-petr.pavlu@suse.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Move the logic to mark special sections as read-only after module initialization into a separate function, along other related code in strict_rwx.c. Use a table with names of such sections to make it easier to add more. Signed-off-by: Petr Pavlu --- kernel/module/internal.h | 2 ++ kernel/module/main.c | 18 +++--------------- kernel/module/strict_rwx.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 15 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 18f32e791db0..7cd250ad1b51 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -336,6 +336,8 @@ int module_enable_text_rox(const struct module *mod); int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, const char *secstrings, const struct module *mod); +void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs, + const char *secstrings); #ifdef CONFIG_MODULE_SIG int module_sig_check(struct load_info *info, int flags); diff --git a/kernel/module/main.c b/kernel/module/main.c index 1fb9ad289a6f..e66d501d1209 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2791,7 +2791,6 @@ core_param(module_blacklist, module_blacklist, charp, 0400); static struct module *layout_and_allocate(struct load_info *info, int flags) { struct module *mod; - unsigned int ndx; int err; /* Allow arches to frob section contents and sizes. */ @@ -2809,22 +2808,11 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC; /* - * Mark ro_after_init section with SHF_RO_AFTER_INIT so that - * layout_sections() can put it in the right place. + * Mark relevant sections as SHF_RO_AFTER_INIT so layout_sections() can + * put them in the right place. * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. */ - ndx = find_sec(info, ".data..ro_after_init"); - if (ndx) - info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; - /* - * Mark the __jump_table section as ro_after_init as well: these data - * structures are never modified, with the exception of entries that - * refer to code in the __init section, which are annotated as such - * at module load time. - */ - ndx = find_sec(info, "__jump_table"); - if (ndx) - info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; + module_mark_ro_after_init(info->hdr, info->sechdrs, info->secstrings); /* * Determine total sizes, and put offsets in sh_entsize. For now diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c index 81278e687055..fa701dad4ed1 100644 --- a/kernel/module/strict_rwx.c +++ b/kernel/module/strict_rwx.c @@ -106,3 +106,36 @@ int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, return 0; } + +static const char *const ro_after_init[] = { + /* + * Section .data..ro_after_init holds data explicitly annotated by + * __ro_after_init. + */ + ".data..ro_after_init", + + /* + * Section __jump_table holds data structures that are never modified, + * with the exception of entries that refer to code in the __init + * section, which are marked as such at module load time. + */ + "__jump_table", +}; + +void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs, + const char *secstrings) +{ + int i, j; + + for (i = 1; i < hdr->e_shnum; i++) { + Elf_Shdr *shdr = &sechdrs[i]; + + for (j = 0; j < ARRAY_SIZE(ro_after_init); j++) { + if (strcmp(secstrings + shdr->sh_name, + ro_after_init[j]) == 0) { + shdr->sh_flags |= SHF_RO_AFTER_INIT; + break; + } + } + } +} From patchwork Thu Mar 6 13:13:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Pavlu X-Patchwork-Id: 14004463 Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1AA0220F073 for ; Thu, 6 Mar 2025 13:15:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741266937; cv=none; b=iHhSNtxYujPX4i1/9TcopiBduLP0xX/9sGZzGYeaNzzEVlfbxMC+z6ys6Ql67vzzKJTTcsWhkV4y4RVfg5gIlv/28MLNl85eZjlVJfufUUzYiCEvE0LiEUe16xJFgC9kuxmCkzpNTDPIv7jfwO8cwq0cVw1ORhALT0Jmel/AcwI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741266937; c=relaxed/simple; bh=sqdytAodsHq9QNCvtIZ+Zn5N0QYNPXaH3EIcLQ+sw0Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NYZuRP23zR29x5D7yBgFXhqMF8PIn14nn9Ur+Wyc2Y4jdvpA6FeDCOMw3DsAkdUpX3YF49/ZgYa7Z10Eg+kCIonEXihQW1q7Nf7xP/atfIJChdYjX+wxb0iq+lpfELsYO4mde5OwtkN77qqG2q+7wemvxsyh9x7lPi2k+8B7hEE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=LgpclZZj; arc=none smtp.client-ip=209.85.128.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="LgpclZZj" Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4394036c0efso3726005e9.2 for ; Thu, 06 Mar 2025 05:15:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1741266933; x=1741871733; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2F56/bXpgvW/PQd4WvaaCrrA3/3M+CJr+Y5MI4QmHaE=; b=LgpclZZj3U0fINsuUb75w886HF7sCDLRA8wccWhTlLz++4I+gh61laBhNJlzfGhyVj dnXyn2rAHluoFTus9o+30f/JaoTBE+CoZqFMDBQTkDAqJTfjqAUJq/q9d2az1u1QqMx2 xvbwAS6+tOGPxwh+/PbwlV2MkQWY1Zm51HC3m31Cj6snBoCxd8vLxRm4WduMNHoiWa/S O7flxjnMSZLyKbTw62nsLP9/QTrY/TyrViNioznuVqp1rrp4Oo7Y1nsaz0LCIF3udDAM i/HDxR8c0pOrdViAgJUPfLAXIjLhpJhfRRm0By6bS65QsS4a0Nq4DDzSA6Szjj9saQ3P 80WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741266933; x=1741871733; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2F56/bXpgvW/PQd4WvaaCrrA3/3M+CJr+Y5MI4QmHaE=; b=mojDL+DYlpbGIVHvqVGiKWMl+OMs3HRzJdAwj5KUmvkVDYDAwKezlmYcAp3vctsAfB LdR17ZxKs8VGPfd45duD5VV1pXER69wHRm4laB3GdjmDFTMu0Ko4gTlb5jqnIkBiDVP8 ua7sUr8z13WTZEjvU5NUrfbvdqTXKnXGTqbh6ej0EWoRCYvkK1ZCeQIq3lo25d+/IP+Y 5ZVCgn1xkY6LfVOk+F3xHxFSOflQPXxeIclTmOPqNGHWaY77gm05qXprBSZMUSNsydAF TsslTM3UpyJIYTS1yMkaFp/Q/46mDbYEUOOfyy7kETZwwfFZzL64BaBbFimVrXcYDwv+ S3eQ== X-Forwarded-Encrypted: i=1; AJvYcCWJ4PMY2AqDWJGFNvfCKTruPFNiioj+KjZ4wMy7YRI489NQTJb3ldha62qzbCMQytdSO7BJdueZvcVkkX+h@vger.kernel.org X-Gm-Message-State: AOJu0YxMZUQgqAmzOL+4xumiENJUzWG+h/mu2GBnJJc+3xDebEVmZ0x7 QmhieiKs/Xr02CgSZeKnJSOgPpFUxuvQItvfr2HCcLIp+eyX6rRSv+4DJeu+VoM= X-Gm-Gg: ASbGnctUFe6rhl/gY5gKnJBgX8GJLoUB9+KB6dOTGt+YbqYLKi5LriDevfXxNQrrphP m609qP2qNVFi6OwNN0oac8vKfYu+tSFNpLX6mApFou9jg4VsnMeDFctR4MK2QpZ48z7XX4Q9md1 JZ1w3FphwNHs+/V1O9KiAWZ5OsuIdTaiDFtX9Eexew8uZLS2zW+/7xW5zJ+wkBaBrHqyKRBXRf7 GRfde9dQEaHyZQt/UiEsWiX3lu2ooXKcRd+b1VUT9jw0N+Kj8R5OjEW+ahloeMhHBQX4XQoa5Zv h1ZnXdKYWtn7u1VUoZQVPAiVhqQmz+nKNLdWFByp9LlQQtFW X-Google-Smtp-Source: AGHT+IHOyulRWsRbaL8sagZbBUzdBihh8XWqd70FOnBN7LQrsvkLlJuS76NdiPbsbr5xA7z7M3wvvQ== X-Received: by 2002:a05:600c:1c29:b0:43b:c94d:e200 with SMTP id 5b1f17b1804b1-43bd2929948mr46520145e9.1.1741266933457; Thu, 06 Mar 2025 05:15:33 -0800 (PST) Received: from dhcp161.suse.cz ([193.86.92.181]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43bdd8c327fsm19704485e9.13.2025.03.06.05.15.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Mar 2025 05:15:32 -0800 (PST) From: Petr Pavlu To: Luis Chamberlain , Petr Pavlu , Peter Zijlstra , Josh Poimboeuf , Jason Baron Cc: Sami Tolvanen , Daniel Gomez , Steven Rostedt , Ard Biesheuvel , Christophe Leroy , linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 3/3] module: Make .static_call_sites read-only after init Date: Thu, 6 Mar 2025 14:13:54 +0100 Message-ID: <20250306131430.7016-4-petr.pavlu@suse.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250306131430.7016-1-petr.pavlu@suse.com> References: <20250306131430.7016-1-petr.pavlu@suse.com> Precedence: bulk X-Mailing-List: linux-modules@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Section .static_call_sites holds data structures that need to be sorted and processed only at module load time. This initial processing happens in static_call_add_module(), which is invoked as a callback to the MODULE_STATE_COMING notification from prepare_coming_module(). The section is never modified afterwards. Make it therefore read-only after module initialization to avoid any (non-)accidental modifications. Signed-off-by: Petr Pavlu Reviewed-by: Sami Tolvanen --- kernel/module/strict_rwx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c index fa701dad4ed1..a3fc8d603750 100644 --- a/kernel/module/strict_rwx.c +++ b/kernel/module/strict_rwx.c @@ -120,6 +120,15 @@ static const char *const ro_after_init[] = { * section, which are marked as such at module load time. */ "__jump_table", + +#ifdef CONFIG_HAVE_STATIC_CALL_INLINE + /* + * Section .static_call_sites holds data structures that need to be + * sorted and processed at module load time but are never modified + * afterwards. + */ + ".static_call_sites", +#endif }; void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs,