[lvc-project] [PATCH v4 02/26] x86/build: Remove RWX sections and align on 4KB

Sat Mar 11 17:31:45 MSK 2023

On 2023-03-10 17:45, Ard Biesheuvel wrote:
> On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov at ispras.ru> wrote:
>> 
>> Avoid creating sections simultaneously writable and readable
>> to prepare for W^X implementation. Align sections on page size (4KB) 
>> to
>> allow protecting them in the page tables.
>> 
>> Split init code form ".init" segment into separate R_X ".inittext"
>> segment and make ".init" segment non-executable.
>> 
>> Also add these segments to x86_32 architecture for consistency.
>> Currently paging is disabled in x86_32 in compressed kernel, so
>> protection is not applied anyways, but .init code was incorrectly
>> placed in non-executable ".data" segment. This should not change
>> anything meaningful in memory layout now, but might be required in 
>> case
>> memory protection will also be implemented in compressed kernel for
>> x86_32.
>> 
>> Tested-by: Mario Limonciello <mario.limonciello at amd.com>
>> Tested-by: Peter Jones <pjones at redhat.com>
>> Signed-off-by: Evgeniy Baskov <baskov at ispras.ru>
> 
> Reviewed-by: Ard Biesheuvel <ardb at kernel.org>
> 
> One nit: the series modifies both the decompressor linker script and
> the core kernel one, so please make it very explicit in the commit log
> which one is being modified, and why it matters for this particular
> context.
> 

Thanks! I'll amend the log.
> 
>> ---
>>  arch/x86/kernel/vmlinux.lds.S | 15 ++++++++-------
>>  1 file changed, 8 insertions(+), 7 deletions(-)
>> 
>> diff --git a/arch/x86/kernel/vmlinux.lds.S 
>> b/arch/x86/kernel/vmlinux.lds.S
>> index 2e0ee14229bf..2e56d694c491 100644
>> --- a/arch/x86/kernel/vmlinux.lds.S
>> +++ b/arch/x86/kernel/vmlinux.lds.S
>> @@ -102,12 +102,11 @@ jiffies = jiffies_64;
>>  PHDRS {
>>         text PT_LOAD FLAGS(5);          /* R_E */
>>         data PT_LOAD FLAGS(6);          /* RW_ */
>> -#ifdef CONFIG_X86_64
>> -#ifdef CONFIG_SMP
>> +#if defined(CONFIG_X86_64) && defined(CONFIG_SMP)
>>         percpu PT_LOAD FLAGS(6);        /* RW_ */
>>  #endif
>> -       init PT_LOAD FLAGS(7);          /* RWE */
>> -#endif
>> +       inittext PT_LOAD FLAGS(5);      /* R_E */
>> +       init PT_LOAD FLAGS(6);          /* RW_ */
>>         note PT_NOTE FLAGS(0);          /* ___ */
>>  }
>> 
>> @@ -227,9 +226,10 @@ SECTIONS
>>  #endif
>> 
>>         INIT_TEXT_SECTION(PAGE_SIZE)
>> -#ifdef CONFIG_X86_64
>> -       :init
>> -#endif
>> +       :inittext
>> +
>> +       . = ALIGN(PAGE_SIZE);
>> +
>> 
>>         /*
>>          * Section for code used exclusively before alternatives are 
>> run. All
>> @@ -241,6 +241,7 @@ SECTIONS
>>         .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) {
>>                 *(.altinstr_aux)
>>         }
>> +       :init
>> 
>>         INIT_DATA_SECTION(16)
>> 
>> --
>> 2.37.4
>>