As per admin guide documentation, "rodata=on" should be the default on
platforms. Documentation/admin-guide/kernel-parameters.txt describes
these options as
rodata= [KNL,EARLY]
on Mark read-only kernel memory as read-only (default).
off Leave read-only kernel memory writable for debugging.
full Mark read-only kernel memory and aliases as read-only
[arm64]
But on arm64 platform, "rodata=full" is the default instead. This patch
implements the following changes.
- Make "rodata=on" behaviour same as the original "rodata=full"
- Make "rodata=noalias" (new) behaviour same as the original "rodata=on"
- Drop the original "rodata=full"
- Add comment for arch_parse_debug_rodata()
- Update kernel-parameters.txt as required
After this patch, the "rodata=on" will be the default on arm64 platform
as well.
Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com>
---
.../admin-guide/kernel-parameters.txt | 2 +-
arch/arm64/include/asm/setup.h | 26 +++++++++++++++++--
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index a22b7e621007..51bce7b9d805 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5901,7 +5901,7 @@
rodata= [KNL,EARLY]
on Mark read-only kernel memory as read-only (default).
off Leave read-only kernel memory writable for debugging.
- full Mark read-only kernel memory and aliases as read-only
+ noalias Use more block mappings,may have better performance.
[arm64]
rockchip.usb_uart
diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h
index ba269a7a3201..37f58a603224 100644
--- a/arch/arm64/include/asm/setup.h
+++ b/arch/arm64/include/asm/setup.h
@@ -13,6 +13,28 @@
extern phys_addr_t __fdt_pointer __initdata;
extern u64 __cacheline_aligned boot_args[4];
+/*
+ * rodata=on (default)
+ *
+ * This applies read-only attributes to VM areas and to the linear
+ * alias of the backing pages as well. This prevents code or read-
+ * only data from being modified (inadvertently or intentionally),
+ * via another mapping for the same memory page.
+ *
+ * But this might cause linear map region to be mapped down to base
+ * pages, which may adversely affect performance in some cases.
+ *
+ * rodata=off
+ *
+ * This provides more block mappings and contiguous hints for linear
+ * map region which would minimize TLB footprint. This also leaves
+ * read-only kernel memory writable for debugging.
+ *
+ * rodata=noalias
+ *
+ * This provides more block mappings and contiguous hints for linear
+ * map region which would minimize TLB footprint.
+ */
static inline bool arch_parse_debug_rodata(char *arg)
{
extern bool rodata_enabled;
@@ -21,7 +43,7 @@ static inline bool arch_parse_debug_rodata(char *arg)
if (!arg)
return false;
- if (!strcmp(arg, "full")) {
+ if (!strcmp(arg, "on")) {
rodata_enabled = rodata_full = true;
return true;
}
@@ -31,7 +53,7 @@ static inline bool arch_parse_debug_rodata(char *arg)
return true;
}
- if (!strcmp(arg, "on")) {
+ if (!strcmp(arg, "noalias")) {
rodata_enabled = true;
rodata_full = false;
return true;
--
2.40.1As per admin guide documentation, "rodata=on" should be the default on
platforms. Documentation/admin-guide/kernel-parameters.txt describes
these options as
rodata= [KNL,EARLY]
on Mark read-only kernel memory as read-only (default).
off Leave read-only kernel memory writable for debugging.
full Mark read-only kernel memory and aliases as read-only
[arm64]
But on arm64 platform, "rodata=full" is the default instead. This patch
implements the following changes.
- Make "rodata=on" behaviour same as the original "rodata=full"
- Make "rodata=noalias" (new) behaviour same as the original "rodata=on"
- Drop the original "rodata=full"
- Add comment for arch_parse_debug_rodata()
- Update kernel-parameters.txt as required
After this patch, the "rodata=on" will be the default on arm64 platform
as well.
Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com>
---
Add more comment for "rodata=noalias" in arch_parse_debug_rodata() from Ard.
---
.../admin-guide/kernel-parameters.txt | 2 +-
arch/arm64/include/asm/setup.h | 28 +++++++++++++++++--
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 97c497bdafac..639669324350 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -6105,7 +6105,7 @@
rodata= [KNL,EARLY]
on Mark read-only kernel memory as read-only (default).
off Leave read-only kernel memory writable for debugging.
- full Mark read-only kernel memory and aliases as read-only
+ noalias Use more block mappings,may have better performance.
[arm64]
rockchip.usb_uart
diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h
index ba269a7a3201..6b994d0881d1 100644
--- a/arch/arm64/include/asm/setup.h
+++ b/arch/arm64/include/asm/setup.h
@@ -13,6 +13,30 @@
extern phys_addr_t __fdt_pointer __initdata;
extern u64 __cacheline_aligned boot_args[4];
+/*
+ * rodata=on (default)
+ *
+ * This applies read-only attributes to VM areas and to the linear
+ * alias of the backing pages as well. This prevents code or read-
+ * only data from being modified (inadvertently or intentionally),
+ * via another mapping for the same memory page.
+ *
+ * But this might cause linear map region to be mapped down to base
+ * pages, which may adversely affect performance in some cases.
+ *
+ * rodata=off
+ *
+ * This provides more block mappings and contiguous hints for linear
+ * map region which would minimize TLB footprint. This also leaves
+ * read-only kernel memory writable for debugging.
+ *
+ * rodata=noalias
+ *
+ * This provides more block mappings and contiguous hints for linear
+ * map region which would minimize TLB footprint. This leaves the linear
+ * alias of read-only mappings in the vmalloc space writeable, making
+ * them susceptible to inadvertent modification by software.
+ */
static inline bool arch_parse_debug_rodata(char *arg)
{
extern bool rodata_enabled;
@@ -21,7 +45,7 @@ static inline bool arch_parse_debug_rodata(char *arg)
if (!arg)
return false;
- if (!strcmp(arg, "full")) {
+ if (!strcmp(arg, "on")) {
rodata_enabled = rodata_full = true;
return true;
}
@@ -31,7 +55,7 @@ static inline bool arch_parse_debug_rodata(char *arg)
return true;
}
- if (!strcmp(arg, "on")) {
+ if (!strcmp(arg, "noalias")) {
rodata_enabled = true;
rodata_full = false;
return true;
--
2.40.1Digging up an old thread... On Tue, Dec 17, 2024 at 03:17:15PM +0800, Huang Shijie wrote: > As per admin guide documentation, "rodata=on" should be the default on > platforms. Documentation/admin-guide/kernel-parameters.txt describes > these options as > > rodata= [KNL,EARLY] > on Mark read-only kernel memory as read-only (default). > off Leave read-only kernel memory writable for debugging. > full Mark read-only kernel memory and aliases as read-only > [arm64] > > But on arm64 platform, "rodata=full" is the default instead. This patch > implements the following changes. > > - Make "rodata=on" behaviour same as the original "rodata=full" > - Make "rodata=noalias" (new) behaviour same as the original "rodata=on" > - Drop the original "rodata=full" > - Add comment for arch_parse_debug_rodata() > - Update kernel-parameters.txt as required > > After this patch, the "rodata=on" will be the default on arm64 platform > as well. > > Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com> > --- > Add more comment for "rodata=noalias" in arch_parse_debug_rodata() from Ard. > --- > .../admin-guide/kernel-parameters.txt | 2 +- > arch/arm64/include/asm/setup.h | 28 +++++++++++++++++-- > 2 files changed, 27 insertions(+), 3 deletions(-) Sorry, but I'd missed this as you'd sent it as a reply to an existing series. When you send a new version of a patch, please can you post it as a new thread with an updated version? I think the idea of this series is good, so if you send a v5 against mainline then I can review it. Thanks, Will
On 2025/6/27 23:44, Will Deacon wrote: > Digging up an old thread... > > On Tue, Dec 17, 2024 at 03:17:15PM +0800, Huang Shijie wrote: >> As per admin guide documentation, "rodata=on" should be the default on >> platforms. Documentation/admin-guide/kernel-parameters.txt describes >> these options as >> >> rodata= [KNL,EARLY] >> on Mark read-only kernel memory as read-only (default). >> off Leave read-only kernel memory writable for debugging. >> full Mark read-only kernel memory and aliases as read-only >> [arm64] >> >> But on arm64 platform, "rodata=full" is the default instead. This patch >> implements the following changes. >> >> - Make "rodata=on" behaviour same as the original "rodata=full" >> - Make "rodata=noalias" (new) behaviour same as the original "rodata=on" >> - Drop the original "rodata=full" >> - Add comment for arch_parse_debug_rodata() >> - Update kernel-parameters.txt as required >> >> After this patch, the "rodata=on" will be the default on arm64 platform >> as well. >> >> Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com> >> --- >> Add more comment for "rodata=noalias" in arch_parse_debug_rodata() from Ard. >> --- >> .../admin-guide/kernel-parameters.txt | 2 +- >> arch/arm64/include/asm/setup.h | 28 +++++++++++++++++-- >> 2 files changed, 27 insertions(+), 3 deletions(-) > Sorry, but I'd missed this as you'd sent it as a reply to an existing > series. When you send a new version of a patch, please can you post it > as a new thread with an updated version? Okay, I will rebase this patch set and send out it later.. Thanks Huang Shijie
As per admin guide documentation, "rodata=on" should be the default on
platforms. Documentation/admin-guide/kernel-parameters.txt describes
these options as
rodata= [KNL,EARLY]
on Mark read-only kernel memory as read-only (default).
off Leave read-only kernel memory writable for debugging.
full Mark read-only kernel memory and aliases as read-only
[arm64]
But on arm64 platform, "rodata=full" is the default instead. This patch
implements the following changes.
- Make "rodata=on" behaviour same as the original "rodata=full"
- Make "rodata=noalias" (new) behaviour same as the original "rodata=on"
- Drop the original "rodata=full"
- Add comment for arch_parse_debug_rodata()
- Update kernel-parameters.txt as required
After this patch, the "rodata=on" will be the default on arm64 platform
as well.
Signed-off-by: Huang Shijie <shijie@os.amperecomputing.com>
---
Add more descriptions for "noalias":
It is not a security feature yet.
---
.../admin-guide/kernel-parameters.txt | 3 ++-
arch/arm64/include/asm/setup.h | 27 +++++++++++++++++--
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index a22b7e621007..f5db01eecbd3 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5901,7 +5901,8 @@
rodata= [KNL,EARLY]
on Mark read-only kernel memory as read-only (default).
off Leave read-only kernel memory writable for debugging.
- full Mark read-only kernel memory and aliases as read-only
+ noalias Use more block mappings,may have better performance.
+ But this is not a security feature.
[arm64]
rockchip.usb_uart
diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h
index ba269a7a3201..0ef57d19fc2a 100644
--- a/arch/arm64/include/asm/setup.h
+++ b/arch/arm64/include/asm/setup.h
@@ -13,6 +13,29 @@
extern phys_addr_t __fdt_pointer __initdata;
extern u64 __cacheline_aligned boot_args[4];
+/*
+ * rodata=on (default)
+ *
+ * This applies read-only attributes to VM areas and to the linear
+ * alias of the backing pages as well. This prevents code or read-
+ * only data from being modified (inadvertently or intentionally),
+ * via another mapping for the same memory page.
+ *
+ * But this might cause linear map region to be mapped down to base
+ * pages, which may adversely affect performance in some cases.
+ *
+ * rodata=off
+ *
+ * This provides more block mappings and contiguous hints for linear
+ * map region which would minimize TLB footprint. This also leaves
+ * read-only kernel memory writable for debugging.
+ *
+ * rodata=noalias
+ *
+ * This provides more block mappings and contiguous hints for linear
+ * map region which would minimize TLB footprint. This is not a
+ * security feature yet.
+ */
static inline bool arch_parse_debug_rodata(char *arg)
{
extern bool rodata_enabled;
@@ -21,7 +44,7 @@ static inline bool arch_parse_debug_rodata(char *arg)
if (!arg)
return false;
- if (!strcmp(arg, "full")) {
+ if (!strcmp(arg, "on")) {
rodata_enabled = rodata_full = true;
return true;
}
@@ -31,7 +54,7 @@ static inline bool arch_parse_debug_rodata(char *arg)
return true;
}
- if (!strcmp(arg, "on")) {
+ if (!strcmp(arg, "noalias")) {
rodata_enabled = true;
rodata_full = false;
return true;
--
2.40.1© 2016 - 2025 Red Hat, Inc.