| Message ID | 721b5c42e0e79d307d5bcb08f9c8402f5067ded0.1671098103.git.baskov@ispras.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp325934wrn;
Thu, 15 Dec 2022 04:39:32 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6QzztJDC1ALVmMrfVFzfKVkGaP9LOI4EkgLa3Nt1Qh3OprYhMfRW2l7FV3iKUAWzeQgdD9
X-Received: by 2002:aa7:8a02:0:b0:573:846c:b88 with SMTP id
m2-20020aa78a02000000b00573846c0b88mr26782008pfa.23.1671107971800;
Thu, 15 Dec 2022 04:39:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671107971; cv=none;
d=google.com; s=arc-20160816;
b=TlkMIEvVe5aO2IwgsTsXPjUkL7T/2aKYUePMgW1Afg5nlCrrg08fUyCR+h5KO38DJq
X2SRzeVbwWu2/y3fEq906/nH3n1hZEgYym6CL9/tNs88C3QFYKWUXxY66wClWw3vCPqg
3VAfP1Ik9eICKU5PChmItUlbwE8A6EdxzqsBbnDVT6Sk8rB003okLD480dUoP4vDuY2L
G5aYk1sGAcJu3kzf75g6WwmS8M4pYT3iRgLj34EHdxY16h1+VXElT3xEyeSa6+qLwE4Z
fiG2ISKLyKByyLOhmBhikTPfgDtUGZQkoMGgfrB78yHiUudqplOzvJjn2NoiAerXkIO2
ujrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=LKdPN2ZvZx4fnLPS2t3A1XEN4tVvozM/uwlffktRvcE=;
b=w0/XTol5ppBQL+CVWToOoXwTonOVKeTTtZpiUut65eTCkqN1d01py2qBlUQnSw4hOu
TVah0z+/63k+VrHN0nan4EGzDPfZ+87f87YEydUO1R2Zjs9xcYMKi3G/lLRTFNQA9fQ5
87cq6MV65n6NDAG6bSOt/9A3jx3tM/kWv5TOvE1GYGJKV9/w8PsFIkKXCRXp5QFU57QC
eYEnd4uXGrb2hAqB7+tJFSwR+hrVKG9AA34JY5hWaYE7+zE1bIUbLv2moG9Xz7+5/qHA
h6elrzDvBT2UuYaK8pAl+L8pGDM7dKTJJA+bwVuc1VD1WiNve25EhsT4vz6S0y+wVO88
EwBg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=ZX0IrRns;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
z14-20020aa7888e000000b00576916b7127si2884848pfe.181.2022.12.15.04.39.19;
Thu, 15 Dec 2022 04:39:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=ZX0IrRns;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229882AbiLOMjE (ORCPT <rfc822;jeantsuru.cumc.mandola@gmail.com>
+ 99 others); Thu, 15 Dec 2022 07:39:04 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53376 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229797AbiLOMij (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 15 Dec 2022 07:38:39 -0500
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85FD12EF6C;
Thu, 15 Dec 2022 04:38:25 -0800 (PST)
Received: from localhost.localdomain (unknown [83.149.199.65])
by mail.ispras.ru (Postfix) with ESMTPSA id AD20F400CBDC;
Thu, 15 Dec 2022 12:38:21 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru AD20F400CBDC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
s=default; t=1671107901;
bh=LKdPN2ZvZx4fnLPS2t3A1XEN4tVvozM/uwlffktRvcE=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=ZX0IrRnsenVbR64VOD4t+61yrGNmLTwUUhZm4VdJHbvwWZKDY0FDAhig3UQXx9ynv
3NpWs1+D0wD5XIuz0DWBRRqT2RZ9DpntTQd+h35zrGmdPLYaBoxdke6KA1MxWNAz1C
bzaxCj4glhhojWN1lIgyNViKDrVyduWp+wJdHXxY=
From: Evgeniy Baskov <baskov@ispras.ru>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Evgeniy Baskov <baskov@ispras.ru>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>,
"Limonciello, Mario" <mario.limonciello@amd.com>,
joeyli <jlee@suse.com>, lvc-project@linuxtesting.org,
x86@kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v4 02/26] x86/build: Remove RWX sections and align on 4KB
Date: Thu, 15 Dec 2022 15:37:53 +0300
Message-Id:
<721b5c42e0e79d307d5bcb08f9c8402f5067ded0.1671098103.git.baskov@ispras.ru>
X-Mailer: git-send-email 2.37.4
In-Reply-To: <cover.1671098103.git.baskov@ispras.ru>
References: <cover.1671098103.git.baskov@ispras.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1752283712515169284?=
X-GMAIL-MSGID: =?utf-8?q?1752283712515169284?=
|
| Series |
x86_64: Improvements at compressed kernel stage
|
|
Commit Message
Evgeniy Baskov
Dec. 15, 2022, 12:37 p.m. UTC
Avoid creating sections simultaneously writable and readable to prepare for W^X implementation. Align sections on page size (4KB) to allow protecting them in the page tables. Split init code form ".init" segment into separate R_X ".inittext" segment and make ".init" segment non-executable. Also add these segments to x86_32 architecture for consistency. Currently paging is disabled in x86_32 in compressed kernel, so protection is not applied anyways, but .init code was incorrectly placed in non-executable ".data" segment. This should not change anything meaningful in memory layout now, but might be required in case memory protection will also be implemented in compressed kernel for x86_32. Tested-by: Mario Limonciello <mario.limonciello@amd.com> Tested-by: Peter Jones <pjones@redhat.com> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> --- arch/x86/kernel/vmlinux.lds.S | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)
Comments
On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov@ispras.ru> wrote: > > Avoid creating sections simultaneously writable and readable > to prepare for W^X implementation. Align sections on page size (4KB) to > allow protecting them in the page tables. > > Split init code form ".init" segment into separate R_X ".inittext" > segment and make ".init" segment non-executable. > > Also add these segments to x86_32 architecture for consistency. > Currently paging is disabled in x86_32 in compressed kernel, so > protection is not applied anyways, but .init code was incorrectly > placed in non-executable ".data" segment. This should not change > anything meaningful in memory layout now, but might be required in case > memory protection will also be implemented in compressed kernel for > x86_32. > > Tested-by: Mario Limonciello <mario.limonciello@amd.com> > Tested-by: Peter Jones <pjones@redhat.com> > Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> One nit: the series modifies both the decompressor linker script and the core kernel one, so please make it very explicit in the commit log which one is being modified, and why it matters for this particular context. > --- > arch/x86/kernel/vmlinux.lds.S | 15 ++++++++------- > 1 file changed, 8 insertions(+), 7 deletions(-) > > diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S > index 2e0ee14229bf..2e56d694c491 100644 > --- a/arch/x86/kernel/vmlinux.lds.S > +++ b/arch/x86/kernel/vmlinux.lds.S > @@ -102,12 +102,11 @@ jiffies = jiffies_64; > PHDRS { > text PT_LOAD FLAGS(5); /* R_E */ > data PT_LOAD FLAGS(6); /* RW_ */ > -#ifdef CONFIG_X86_64 > -#ifdef CONFIG_SMP > +#if defined(CONFIG_X86_64) && defined(CONFIG_SMP) > percpu PT_LOAD FLAGS(6); /* RW_ */ > #endif > - init PT_LOAD FLAGS(7); /* RWE */ > -#endif > + inittext PT_LOAD FLAGS(5); /* R_E */ > + init PT_LOAD FLAGS(6); /* RW_ */ > note PT_NOTE FLAGS(0); /* ___ */ > } > > @@ -227,9 +226,10 @@ SECTIONS > #endif > > INIT_TEXT_SECTION(PAGE_SIZE) > -#ifdef CONFIG_X86_64 > - :init > -#endif > + :inittext > + > + . = ALIGN(PAGE_SIZE); > + > > /* > * Section for code used exclusively before alternatives are run. All > @@ -241,6 +241,7 @@ SECTIONS > .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { > *(.altinstr_aux) > } > + :init > > INIT_DATA_SECTION(16) > > -- > 2.37.4 >
On 2023-03-10 17:45, Ard Biesheuvel wrote: > On Thu, 15 Dec 2022 at 13:38, Evgeniy Baskov <baskov@ispras.ru> wrote: >> >> Avoid creating sections simultaneously writable and readable >> to prepare for W^X implementation. Align sections on page size (4KB) >> to >> allow protecting them in the page tables. >> >> Split init code form ".init" segment into separate R_X ".inittext" >> segment and make ".init" segment non-executable. >> >> Also add these segments to x86_32 architecture for consistency. >> Currently paging is disabled in x86_32 in compressed kernel, so >> protection is not applied anyways, but .init code was incorrectly >> placed in non-executable ".data" segment. This should not change >> anything meaningful in memory layout now, but might be required in >> case >> memory protection will also be implemented in compressed kernel for >> x86_32. >> >> Tested-by: Mario Limonciello <mario.limonciello@amd.com> >> Tested-by: Peter Jones <pjones@redhat.com> >> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> > > Reviewed-by: Ard Biesheuvel <ardb@kernel.org> > > One nit: the series modifies both the decompressor linker script and > the core kernel one, so please make it very explicit in the commit log > which one is being modified, and why it matters for this particular > context. > Thanks! I'll amend the log. > >> --- >> arch/x86/kernel/vmlinux.lds.S | 15 ++++++++------- >> 1 file changed, 8 insertions(+), 7 deletions(-) >> >> diff --git a/arch/x86/kernel/vmlinux.lds.S >> b/arch/x86/kernel/vmlinux.lds.S >> index 2e0ee14229bf..2e56d694c491 100644 >> --- a/arch/x86/kernel/vmlinux.lds.S >> +++ b/arch/x86/kernel/vmlinux.lds.S >> @@ -102,12 +102,11 @@ jiffies = jiffies_64; >> PHDRS { >> text PT_LOAD FLAGS(5); /* R_E */ >> data PT_LOAD FLAGS(6); /* RW_ */ >> -#ifdef CONFIG_X86_64 >> -#ifdef CONFIG_SMP >> +#if defined(CONFIG_X86_64) && defined(CONFIG_SMP) >> percpu PT_LOAD FLAGS(6); /* RW_ */ >> #endif >> - init PT_LOAD FLAGS(7); /* RWE */ >> -#endif >> + inittext PT_LOAD FLAGS(5); /* R_E */ >> + init PT_LOAD FLAGS(6); /* RW_ */ >> note PT_NOTE FLAGS(0); /* ___ */ >> } >> >> @@ -227,9 +226,10 @@ SECTIONS >> #endif >> >> INIT_TEXT_SECTION(PAGE_SIZE) >> -#ifdef CONFIG_X86_64 >> - :init >> -#endif >> + :inittext >> + >> + . = ALIGN(PAGE_SIZE); >> + >> >> /* >> * Section for code used exclusively before alternatives are >> run. All >> @@ -241,6 +241,7 @@ SECTIONS >> .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { >> *(.altinstr_aux) >> } >> + :init >> >> INIT_DATA_SECTION(16) >> >> -- >> 2.37.4 >>
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 2e0ee14229bf..2e56d694c491 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -102,12 +102,11 @@ jiffies = jiffies_64; PHDRS { text PT_LOAD FLAGS(5); /* R_E */ data PT_LOAD FLAGS(6); /* RW_ */ -#ifdef CONFIG_X86_64 -#ifdef CONFIG_SMP +#if defined(CONFIG_X86_64) && defined(CONFIG_SMP) percpu PT_LOAD FLAGS(6); /* RW_ */ #endif - init PT_LOAD FLAGS(7); /* RWE */ -#endif + inittext PT_LOAD FLAGS(5); /* R_E */ + init PT_LOAD FLAGS(6); /* RW_ */ note PT_NOTE FLAGS(0); /* ___ */ } @@ -227,9 +226,10 @@ SECTIONS #endif INIT_TEXT_SECTION(PAGE_SIZE) -#ifdef CONFIG_X86_64 - :init -#endif + :inittext + + . = ALIGN(PAGE_SIZE); + /* * Section for code used exclusively before alternatives are run. All @@ -241,6 +241,7 @@ SECTIONS .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) { *(.altinstr_aux) } + :init INIT_DATA_SECTION(16)