From nobody Sun Feb 8 05:53:57 2026 Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C90131922DC for ; Mon, 23 Dec 2024 09:39:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734946750; cv=none; b=NMotB14oU62pW6RmgY9wdhTVh7P+oy08AMyNy7/dxDPEfjy6fyc021ORQKyTke+bcIuiUUOcrATQ+9s84FXenKUKeiqgQWcJZ3GcADxT2nl3vmyPvzWDaFsN32NrRuE3uJ8Sj2qelVd0Q5TcznhnQcw71Mc5NJDciYgW7mjuyvg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734946750; c=relaxed/simple; bh=ETP1ymbYo1qfIFjSyhEeHy3LDAuXB162qdikBGe/IQ0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=b+NhJ/3XfA6TDZNVMPmjjqQDtoN1QfUES04QxkbNII6cHbFfcM75jtt9CxJsYgCFIQg55025V7NE4OQOsVN5eFsD+eApvD2YAhC5kKdGCi5b13nyyRVTUH7pICmdVqUc1PKmx0sL0+o0zvhTLClHoVb3EJ45d9vRRStmZQxW5zQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=S/uPR2kL; arc=none smtp.client-ip=209.85.128.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="S/uPR2kL" Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4361c705434so28841145e9.3 for ; Mon, 23 Dec 2024 01:39:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1734946747; x=1735551547; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2WQPaGV5b+bcwoSffAZhjDIDuT9+0kfuESUg3le7qes=; b=S/uPR2kLF86smPRNNp62sdxWFylsWDsHWYWqW+3KQ5uPAboMJ7IYggifp3LBWvxwH/ 9yh4OYk5oEwIq6sU3pvxfEV+PkbM3vfVYLWf4HpXoDecL7OESzxwTCdt4Y0ucl+QG9UU GwGvlFVNNbKzMCGNhWQFqxml6Q+2r2J9cBQ8pN2IixylqGrCikViYn90FQqz1RnBwbKZ x1nayG1QWsT3DysiLneGOFsVN04Rs74+0IC9RnPz12dAfpDTN+MAahWTq25MDL5XEcVz DEBJsgK8euDi14hX6w5h6cC6gXoICRAdQJ+GJIPzRCUUsWfbwWdq5G5lBgAgGH5mO7lr 2Upw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734946747; x=1735551547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2WQPaGV5b+bcwoSffAZhjDIDuT9+0kfuESUg3le7qes=; b=v0pAhWp62FjbKo01no/kw/OdaCQeNNBRmxMyutE8pkX95B52Aj/fTo/sGDsIDBu5mb RYOD9KTRtR6Mfq7PcwsgUJMnKAolmI6RoDZzuFs8f2/q1oEk2qT6ClC+gJUNk4GcF0dV 62BOoI7z9CkqvuAPf1aZ1fiYK5+5lcVY8qhMq+IHO8ZZgyEu8hx0srsHWPohkQULSJKR RAZqkHB/gjgHqfr1V8mMCIn4yRmrwXZ/tjgacrXmI/uYtzvnblGtV6osexzU9PbtsvnE kkvpJ35EHdmJpgOMP39zLACSXH9uVBNLZ5HZXoTVOgQPoUkoCVzZEP2/Vjp7e+Vx8WAn wdbg== X-Forwarded-Encrypted: i=1; AJvYcCXnNLwPO2M6NjfMsia949qOdWf41SX2hbGacZzl9q4CgWo1Fn+2XGcJHZTf+vJ15VBMGlt7n8Px13ktJFU=@vger.kernel.org X-Gm-Message-State: AOJu0YxnEi/mcF+bKQcTqhqbFMmIlU84FvLJefWjNtvOPoVfakxH6dn2 4/ILnYyHWrFAErkckbpemx7MtghySc/voq/meT1PcBZ6zgrCcfnsAbke6MBGJCQ= X-Gm-Gg: ASbGncvdZ6InDgbYmcEofZBdvD7MjxTkdUSLZ5AMkOEFoCoN5wqK73dDIVDEAuC/Hni 16bWHiDS+uWgc64NH4D0/MRCHzRW5IHke8omwNgmEXDQG5WMoRykca5rymx9vUvf7BVLuXEyjn8 PHdMcKMoQC/Gb0+5l5VK7Ikt5AQjun6SDn3el5odvVrTM8h0mGuuHjcCjdjx7GRNil+pm6kKrJV VrdH/xWNNBINzMSpwc+AMtGe/1Wq9wgiWvO1CYtMaQA6KxOg3K9kvWxXfBW X-Google-Smtp-Source: AGHT+IFm5r7Cf+dDlJFPMsarFoOSiqqlJkGJ9HXC2Cwjx2DL/obpCNE4LF9QIF4f2V7W2lIYeSDR9w== X-Received: by 2002:a05:600c:470a:b0:434:f767:68ea with SMTP id 5b1f17b1804b1-43668548337mr99288815e9.5.1734946747191; Mon, 23 Dec 2024 01:39:07 -0800 (PST) Received: from dhcp161.suse.cz ([193.86.92.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a1c829235sm10773868f8f.15.2024.12.23.01.39.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 01:39:06 -0800 (PST) From: Petr Pavlu To: Luis Chamberlain , Petr Pavlu , Sami Tolvanen , Daniel Gomez , Peter Zijlstra , Josh Poimboeuf , Jason Baron , Steven Rostedt , Ard Biesheuvel Cc: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/3] module: Constify parameters of module_enforce_rwx_sections() Date: Mon, 23 Dec 2024 10:37:47 +0100 Message-ID: <20241223093840.29417-2-petr.pavlu@suse.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241223093840.29417-1-petr.pavlu@suse.com> References: <20241223093840.29417-1-petr.pavlu@suse.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Minor cleanup, this is a non-functional change. Signed-off-by: Petr Pavlu --- kernel/module/internal.h | 5 +++-- kernel/module/strict_rwx.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index daef2be83902..7e78f6a8e85e 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -330,8 +330,9 @@ static inline struct module *mod_find(unsigned long add= r, struct mod_tree_root * int module_enable_rodata_ro(const struct module *mod, bool after_init); int module_enable_data_nx(const struct module *mod); int module_enable_text_rox(const struct module *mod); -int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, - char *secstrings, struct module *mod); +int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechd= rs, + const char *secstrings, + const struct module *mod); =20 #ifdef CONFIG_MODULE_SIG int module_sig_check(struct load_info *info, int flags); diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c index 239e5013359d..d1c43309bb25 100644 --- a/kernel/module/strict_rwx.c +++ b/kernel/module/strict_rwx.c @@ -81,8 +81,9 @@ int module_enable_data_nx(const struct module *mod) return 0; } =20 -int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, - char *secstrings, struct module *mod) +int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechd= rs, + const char *secstrings, + const struct module *mod) { const unsigned long shf_wx =3D SHF_WRITE | SHF_EXECINSTR; int i; --=20 2.43.0 From nobody Sun Feb 8 05:53:57 2026 Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F3721925A3 for ; Mon, 23 Dec 2024 09:39:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734946751; cv=none; b=QAyxkVxM9F0kXdwt9mkVM8XKyFp3roWMWS1Zzz01JHzJRAklcYwziRIG1mZcOSCZ7cJ5fDUYFGkNG6uLbRXi8U6bO31MYfcXcDFzMIdwcxmBSYJTX81pIAB4nfvQPrHDTo6nLG6vYyrERvZ41JxwKrXekZVWJfZ6Tjr0v4SQ6lw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734946751; c=relaxed/simple; bh=6tdjyAZQ6cbVp+w0GpB3/BWnpCb4MftVCuh43tzcHRA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LNNBIqb0+jhyxzFocQ6lXXe+0iGmscGEo6+XLLasw1hNzONcpY6wPKzJELWHwiqXf5iMZjPdzfJbSuejBS1cxztaR6v1XdewXMpzxCFxkepOTPuzkDFcEbsSK8GbXk+P5MdQB2dUA1CWjzNkNoY31M43/9RFr9dhSmG9O83hHmU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=P+2WMAfr; arc=none smtp.client-ip=209.85.128.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="P+2WMAfr" Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-432d86a3085so26146735e9.2 for ; Mon, 23 Dec 2024 01:39:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1734946748; x=1735551548; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NexceldLvPH8eTfckj5Ngxuw5KfU1fsgYnDIWr0Vew8=; b=P+2WMAfr+RPh6VW3zUhMMiEmXd7Lj/nhNSOjLuacpvBuRoRnvGlaut/NLpEm/9ITio D0cX6b6z2p+LLqA9hq2aYp69aVxeRJODVRS5luOdjbOg5eykvVSo3bQtj+m0CIhGFpuB z4Rt23WmBoDOuYn6dPOQJEm0RnpWxxMm5IEYpbNqx675VbVhUkdlmAg1zL7kPGQGOTi7 YrynVzfythnzmi0un2HD52RdYC7oi+34EHM4jL4nDAHvfMN0tL+O9ZhzASn/luMf0/8K Sx6J67tB3DIwY0tZcaoivVpQTh0F0kql5/kKOaoQOXS5+BBy4cABfd3PbHfeA8gGJ9x1 1GVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734946748; x=1735551548; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NexceldLvPH8eTfckj5Ngxuw5KfU1fsgYnDIWr0Vew8=; b=f/O4DiLwpMx0j5GaEKBRCSlGxtQBhmuUApr/tE+GC/KtPU1CvSsrgPLdolLYjkc8eT EJ2/S9p3wvY0fMkONdVahpxSTEgIIcBXvsn9gBxiRbycfl9fAAvORzoJlVq1m906ep6y y2yQoWwgTSVC4r+Lh5uM/ZS5ZLzj6RLbbo2vbOpbn46oIlxSxHrTjEZquwoUDspk/HW6 YR9jLr0dqH4TgoFq6W6tYvfWR0CEByYpxloLU4adCXCZtYjkr3kl8JoZM3mHgxx9l84q Fle57ufRywxWIQglQ79jgtVuuiZn6kzH6/tpiehzkZGBFVH9/Gk5qugD2PgihGA8UBU2 V9kQ== X-Forwarded-Encrypted: i=1; AJvYcCWJ3FUqqi/+/8Bfnt/FzAooDJLgd9gvICpt6SvT5y2cf7deGJNzyZsSo3UHIOVIuA/i9HGQLzIayMVT1Ic=@vger.kernel.org X-Gm-Message-State: AOJu0Yxq8OLdHu4S4wa5KD/jpnnDCXP3Az+RGz9phg/hnHr/yi82tFgb OGMO5BwenZ7BSPyzt7vG6PSOqtzSQ2jVOVOXvxDFla4aHxFGa3a9yAFzATCN8rk= X-Gm-Gg: ASbGncs1CWvXeylS7fr38BwNT5dZ3A7c9zIBhZh/TH3v8r0VqbVpoQJGnHGrfgmDxy4 9IogKy0BQ04fe0KI1iUCL5t/96gcpiC3MjJQmHhe23EJR86WO+WcmpG6JeTicYeXOMAOwizlwXW 326vA4eWu6g+w+3hTU1o9Jbi9HgdZgyZuG37DPsXRfR+Feo+41hJq315WarZZiC+pQ0F2l4w1Ht HNmF/oDdlNRE+6p/YiynuXakNSlSN21UeDk/5sRSwU+tVZ0A93OarEja4NY X-Google-Smtp-Source: AGHT+IEeEsudDKP/+A7DnHtNti9OLkLotRBCvT8iEm73qgWuk5HeUCkRxJarZJy9KksulKFauzJM0A== X-Received: by 2002:a05:600c:4748:b0:434:a7e7:a1ca with SMTP id 5b1f17b1804b1-43668b5f5b7mr89549795e9.20.1734946747810; Mon, 23 Dec 2024 01:39:07 -0800 (PST) Received: from dhcp161.suse.cz ([193.86.92.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a1c829235sm10773868f8f.15.2024.12.23.01.39.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 01:39:07 -0800 (PST) From: Petr Pavlu To: Luis Chamberlain , Petr Pavlu , Sami Tolvanen , Daniel Gomez , Peter Zijlstra , Josh Poimboeuf , Jason Baron , Steven Rostedt , Ard Biesheuvel Cc: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/3] module: Add a separate function to mark sections as read-only after init Date: Mon, 23 Dec 2024 10:37:48 +0100 Message-ID: <20241223093840.29417-3-petr.pavlu@suse.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241223093840.29417-1-petr.pavlu@suse.com> References: <20241223093840.29417-1-petr.pavlu@suse.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move the logic to mark special sections as read-only after module initialization into a separate function, along other related code in strict_rwx.c. Use a table with names of such sections to make it easier to add more. Signed-off-by: Petr Pavlu --- kernel/module/internal.h | 2 ++ kernel/module/main.c | 18 +++--------------- kernel/module/strict_rwx.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 15 deletions(-) diff --git a/kernel/module/internal.h b/kernel/module/internal.h index 7e78f6a8e85e..c4c918d9b65e 100644 --- a/kernel/module/internal.h +++ b/kernel/module/internal.h @@ -333,6 +333,8 @@ int module_enable_text_rox(const struct module *mod); int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechd= rs, const char *secstrings, const struct module *mod); +void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs, + const char *secstrings); =20 #ifdef CONFIG_MODULE_SIG int module_sig_check(struct load_info *info, int flags); diff --git a/kernel/module/main.c b/kernel/module/main.c index 5399c182b3cb..12ca6c6d7efd 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2710,7 +2710,6 @@ core_param(module_blacklist, module_blacklist, charp,= 0400); static struct module *layout_and_allocate(struct load_info *info, int flag= s) { struct module *mod; - unsigned int ndx; int err; =20 /* Allow arches to frob section contents and sizes. */ @@ -2728,22 +2727,11 @@ static struct module *layout_and_allocate(struct lo= ad_info *info, int flags) info->sechdrs[info->index.pcpu].sh_flags &=3D ~(unsigned long)SHF_ALLOC; =20 /* - * Mark ro_after_init section with SHF_RO_AFTER_INIT so that - * layout_sections() can put it in the right place. + * Mark relevant sections as SHF_RO_AFTER_INIT so layout_sections() can + * put them in the right place. * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. */ - ndx =3D find_sec(info, ".data..ro_after_init"); - if (ndx) - info->sechdrs[ndx].sh_flags |=3D SHF_RO_AFTER_INIT; - /* - * Mark the __jump_table section as ro_after_init as well: these data - * structures are never modified, with the exception of entries that - * refer to code in the __init section, which are annotated as such - * at module load time. - */ - ndx =3D find_sec(info, "__jump_table"); - if (ndx) - info->sechdrs[ndx].sh_flags |=3D SHF_RO_AFTER_INIT; + module_mark_ro_after_init(info->hdr, info->sechdrs, info->secstrings); =20 /* * Determine total sizes, and put offsets in sh_entsize. For now diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c index d1c43309bb25..598f89195336 100644 --- a/kernel/module/strict_rwx.c +++ b/kernel/module/strict_rwx.c @@ -101,3 +101,36 @@ int module_enforce_rwx_sections(const Elf_Ehdr *hdr, c= onst Elf_Shdr *sechdrs, =20 return 0; } + +static const char *const ro_after_init[] =3D { + /* + * Section .data..ro_after_init holds data explicitly annotated by + * __ro_after_init. + */ + ".data..ro_after_init", + + /* + * Section __jump_table holds data structures that are never modified, + * with the exception of entries that refer to code in the __init + * section, which are marked as such at module load time. + */ + "__jump_table", +}; + +void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs, + const char *secstrings) +{ + int i, j; + + for (i =3D 1; i < hdr->e_shnum; i++) { + Elf_Shdr *shdr =3D &sechdrs[i]; + + for (j =3D 0; j < ARRAY_SIZE(ro_after_init); j++) { + if (strcmp(secstrings + shdr->sh_name, + ro_after_init[j]) =3D=3D 0) { + shdr->sh_flags |=3D SHF_RO_AFTER_INIT; + break; + } + } + } +} --=20 2.43.0 From nobody Sun Feb 8 05:53:57 2026 Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 207831925BA for ; Mon, 23 Dec 2024 09:39:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734946752; cv=none; b=UQWSt/3T6XCGyu896vkgs0C4Mlwgh6996XzNctYcht4E2DCP0/bTwqAsVuqH9zQNLnpt4RDc3HxFGn7I7zZpAWwul75z3hlidEQS3ozgLyvESrTz/MlVHUcDUkOdCl8L0S0ZfHARf7ULq6lhYRp6u7hTPzQ+OTj/sJJIuSAIRwo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734946752; c=relaxed/simple; bh=UH4xbEe0zmFXOwPUKrl24/lhmUI7cbLTQl/c73IEBaw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GhXIvictY7lXLAIKgDBX1R6tFDiU4QQNynM3PAgJ4SOuQxsgFfQ6zdR6n6U8XH+KVM/BQ7NPX/1BWyDDY09fJrdgEeOFPCiJjrxpyvmaTFJ5madHMXMISQC/ZpNpQJLPbj52/PGSXigzumzHILsJqAyjh6Zla1JCvyu4V6TjSHo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=fxR+k1WO; arc=none smtp.client-ip=209.85.221.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="fxR+k1WO" Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-38632b8ae71so2987435f8f.0 for ; Mon, 23 Dec 2024 01:39:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1734946748; x=1735551548; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HLu09/IZb76vH1AepGLoCNTFGrmu/5Ir8RKortKBDcM=; b=fxR+k1WOP+yrLzNAlMDe3uKprLZKgG/wgPAJpEQFWc4omwMB4MGvtsscFZBbKd4K6Z FGpqC8dSg1Q1uzWEbcNxnx46ameWzFpk2lLG9I9S943XqtOdl3wxBVDqlva9Ilecx0hK m84uPkygCY3v+85a3XFdPy0Kg/UYj5Qe43Z1gHB+myP8tby2XR2dlcx2XbOm/XLtI6Cc qbzMGBKLHMi+WQN0Lu4BZ/I/8wo013G1mG9njLAbf2rfdSfYVbTo7XIAMXLE3RaW43Gh ivMYeu01k9kYROg2TQ3YJByYotYao0ISMkRrEJTeDe29dAmfe1yVmVyBoaouy11QFhjp gAiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734946748; x=1735551548; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HLu09/IZb76vH1AepGLoCNTFGrmu/5Ir8RKortKBDcM=; b=hJ1cLoucEmZroT49fjMSD0oALzKHDcLCvHyncj171oP9oIy4fC8RYInTCnyqyz3Oj4 6yZ3KBp1tpIWCgneQBeE2DxVb7aivyhO1bHcLL1Noqd3rKgLvCOfysxZY/4R1ndOzWqp eRukjx6U3jz+SGxmAs+g9l68nPq4C7/5is+BiC3a2hMV+mBjZ7mjYdzxhOmm//r8lFXU kj9n+kABfoM9SqGthOYrEqKCSbZlqp3lml3CfKWCNemPEq+YeiKl4HFoE6bLjT6w7Yeb J/0D3VVwZQs9B1fxlVgc8areQ+HlwYNNS4cbUrt7ZRRmHZA+pFQTV8hZAQMDRhP3WGht iTDg== X-Forwarded-Encrypted: i=1; AJvYcCUr3l2wiM1c9D8ALfc9qHrLuaXiB8UpWPl8/jL+m1Ps20eiKr4S8lunzz63ZdWNXDia+HRvmrefRHhaXhk=@vger.kernel.org X-Gm-Message-State: AOJu0Yyk1knfKjs8JWfahqHJZpbigqwt3dd4jYCSkwoNlMswNxYf3y66 s0C5O2TbHrTSA+2/7KUMCI+JQ9fgM6gxG4NPytyNTFUq7d8L9ZM1lEGlLjAkv6o= X-Gm-Gg: ASbGnctBchWbdQR0c82kbiShjNYj+DVZXssQcb5yOMb9V2A2tinW7HQ6X2Y0NoXh8su qYzxDaLP3BkJySCoZ1haXfDFIJ9c7vRo2S2lNG5KMcyHSHPzRymB0IeXr5S45VhDzutHWW/Sz2M 96ZDSgSz3Y64GjCsJVhVHZKJJ97N+PnOqTz9yHZ7KqhMNbwaeTQ1Jj+1rvuuvIoZ/tZGxyiHdCx 3HZdUl/NOmDK/+j0aGLlITovVvybkyErbKYab2r+mlUrzwPrG0sJH+k8xwy X-Google-Smtp-Source: AGHT+IH/O/K2z2kiA821Hde63hWbwa0B+QD6rT/zP3IoMk1MAKsl29HlJV0aQSy+OLPVN88I+iGbAg== X-Received: by 2002:a5d:5f48:0:b0:385:faaa:9d1d with SMTP id ffacd0b85a97d-38a221fae50mr11914975f8f.35.1734946748435; Mon, 23 Dec 2024 01:39:08 -0800 (PST) Received: from dhcp161.suse.cz ([193.86.92.181]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a1c829235sm10773868f8f.15.2024.12.23.01.39.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 01:39:08 -0800 (PST) From: Petr Pavlu To: Luis Chamberlain , Petr Pavlu , Sami Tolvanen , Daniel Gomez , Peter Zijlstra , Josh Poimboeuf , Jason Baron , Steven Rostedt , Ard Biesheuvel Cc: linux-modules@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 3/3] module: Make .static_call_sites read-only after init Date: Mon, 23 Dec 2024 10:37:49 +0100 Message-ID: <20241223093840.29417-4-petr.pavlu@suse.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241223093840.29417-1-petr.pavlu@suse.com> References: <20241223093840.29417-1-petr.pavlu@suse.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Section .static_call_sites holds data structures that need to be sorted and processed only at module load time. This initial processing happens in static_call_add_module(), which is invoked as a callback to the MODULE_STATE_COMING notification from prepare_coming_module(). The section is never modified afterwards. Make it therefore read-only after module initialization to avoid any (non-)accidental modifications. Signed-off-by: Petr Pavlu --- kernel/module/strict_rwx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c index 598f89195336..4ae5facab569 100644 --- a/kernel/module/strict_rwx.c +++ b/kernel/module/strict_rwx.c @@ -115,6 +115,15 @@ static const char *const ro_after_init[] =3D { * section, which are marked as such at module load time. */ "__jump_table", + +#ifdef CONFIG_HAVE_STATIC_CALL_INLINE + /* + * Section .static_call_sites holds data structures that need to be + * sorted and processed at module load time but are never modified + * afterwards. + */ + ".static_call_sites", +#endif }; =20 void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs, --=20 2.43.0