tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

module: Add a separate function to mark sections as read-only after init

Move the logic to mark special sections as read-only after module
initialization into a separate function, along other related code in
strict_rwx.c. Use a table with names of such sections to make it easier to
add more.

Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20250306131430.7016-3-petr.pavlu@suse.com
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>

Petr Pavlu f7984942 7bba3167

+38 -15
+2
kernel/module/internal.h
··· 325 325 int module_enforce_rwx_sections(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, 326 326 const char *secstrings, 327 327 const struct module *mod); 328 + void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs, 329 + const char *secstrings); 328 330 329 331 #ifdef CONFIG_MODULE_SIG 330 332 int module_sig_check(struct load_info *info, int flags);
+3 -15
kernel/module/main.c
··· 2768 2768 static struct module *layout_and_allocate(struct load_info *info, int flags) 2769 2769 { 2770 2770 struct module *mod; 2771 - unsigned int ndx; 2772 2771 int err; 2773 2772 2774 2773 /* Allow arches to frob section contents and sizes. */ ··· 2785 2786 info->sechdrs[info->index.pcpu].sh_flags &= ~(unsigned long)SHF_ALLOC; 2786 2787 2787 2788 /* 2788 - * Mark ro_after_init section with SHF_RO_AFTER_INIT so that 2789 - * layout_sections() can put it in the right place. 2789 + * Mark relevant sections as SHF_RO_AFTER_INIT so layout_sections() can 2790 + * put them in the right place. 2790 2791 * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set. 2791 2792 */ 2792 - ndx = find_sec(info, ".data..ro_after_init"); 2793 - if (ndx) 2794 - info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; 2795 - /* 2796 - * Mark the __jump_table section as ro_after_init as well: these data 2797 - * structures are never modified, with the exception of entries that 2798 - * refer to code in the __init section, which are annotated as such 2799 - * at module load time. 2800 - */ 2801 - ndx = find_sec(info, "__jump_table"); 2802 - if (ndx) 2803 - info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT; 2793 + module_mark_ro_after_init(info->hdr, info->sechdrs, info->secstrings); 2804 2794 2805 2795 /* 2806 2796 * Determine total sizes, and put offsets in sh_entsize. For now
+33
kernel/module/strict_rwx.c
··· 107 107 108 108 return 0; 109 109 } 110 + 111 + static const char *const ro_after_init[] = { 112 + /* 113 + * Section .data..ro_after_init holds data explicitly annotated by 114 + * __ro_after_init. 115 + */ 116 + ".data..ro_after_init", 117 + 118 + /* 119 + * Section __jump_table holds data structures that are never modified, 120 + * with the exception of entries that refer to code in the __init 121 + * section, which are marked as such at module load time. 122 + */ 123 + "__jump_table", 124 + }; 125 + 126 + void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs, 127 + const char *secstrings) 128 + { 129 + int i, j; 130 + 131 + for (i = 1; i < hdr->e_shnum; i++) { 132 + Elf_Shdr *shdr = &sechdrs[i]; 133 + 134 + for (j = 0; j < ARRAY_SIZE(ro_after_init); j++) { 135 + if (strcmp(secstrings + shdr->sh_name, 136 + ro_after_init[j]) == 0) { 137 + shdr->sh_flags |= SHF_RO_AFTER_INIT; 138 + break; 139 + } 140 + } 141 + } 142 + }