Re: [PATCH] arm64: fix build error when use rodata_enabled

[Mark Rutland <mark.rutland@arm.com>]

On Wed, Jan 05, 2022 at 02:51:05PM +0530, Anshuman Khandual wrote:
> Hello,
> 
> On 1/5/22 8:37 AM, AliOS system security wrote:
> > rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
> > or CONFIG_STRICT_MODULE_RWX is selected

Further to Anshuman's comments here, for a build issue, please include the
specific build error in the commit log, and describe the configuration where
this manifests.

For the reasons Anshuman gives below I do not see how this can be a problem in
mainline.

Thanks,
Mark.

> Both these configs get selected invariably with CONFIG_ARM64 in the
> platform config file (arch/arm64/Kconfig). I guess there can not be
> any such situation, where both configs will be missing/not selected
> given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64.
> 
> config ARM64
>         def_bool y
>         select ACPI_CCA_REQUIRED if ACPI
> 	.....
>         select ARCH_HAS_STRICT_KERNEL_RWX
>         select ARCH_HAS_STRICT_MODULE_RWX
> 	.....
> 
> Hence for all practical purpose, rodata_enabled could be considered
> always available. I am sure there other similar situations as well,
> where code elements are not wrapped around if the config option is
> always present.
> 
> > 
> > Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
> 
> Also please refer Documentation/process/submitting-patches.rst for
> the rules regarding names, that can be used for a commit sign off.
> 
> ------------------------------------------------------------------------
> then you just add a line saying::
> 
>         Signed-off-by: Random J Developer <random@developer.example.org>
> 
> using your real name (sorry, no pseudonyms or anonymous contributions.)
> ------------------------------------------------------------------------
> 
> - Anshuman
> 
> > ---
> >  arch/arm64/mm/mmu.c | 14 ++++++++++++--
> >  1 file changed, 12 insertions(+), 2 deletions(-)
> > 
> > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> > index acfae9b..47f8754 100644
> > --- a/arch/arm64/mm/mmu.c
> > +++ b/arch/arm64/mm/mmu.c
> > @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
> >  	vm_area_add_early(vma);
> >  }
> >  
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> >  static int __init parse_rodata(char *arg)
> >  {
> >  	int ret = strtobool(arg, &rodata_enabled);
> > @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
> >  	return 0;
> >  }
> >  early_param("rodata", parse_rodata);
> > +#endif
> >  
> >  #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> >  static int __init map_entry_trampoline(void)
> >  {
> > -	pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > +	pgprot_t prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > +	if (rodata_enabled)
> > +		prot = PAGE_KERNEL_ROX;
> > +#endif
> >  	phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
> >  
> >  	/* The trampoline is always mapped and can therefore be global */
> > @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
> >  	 * mapping to install SW breakpoints. Allow this (only) when
> >  	 * explicitly requested with rodata=off.
> >  	 */
> > -	pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > +	pgprot_t text_prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > +	if (rodata_enabled)
> > +		text_prot = PAGE_KERNEL_ROX;
> > +#endif
> >  
> >  	/*
> >  	 * If we have a CPU that supports BTI and a kernel built for
> > 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel