Re: arm64 code looking for variable rodata_enabled when STRICT_KERNEL_RWX = n

From: FMDF <fmdefrancesco@gmail.com>
To: Chan Kim <ckim@etri.re.kr>
Cc: kernelnewbies <kernelnewbies@kernelnewbies.org>
Subject: Re: arm64 code looking for variable rodata_enabled when STRICT_KERNEL_RWX = n
Date: Sat, 19 Mar 2022 11:23:32 +0100	[thread overview]
Message-ID: <CAPj211vDW5itKk=aEThHph1JWjo0gSvH89NA0Gi+4kGK4t4v+w@mail.gmail.com> (raw)
In-Reply-To: <0b3f01d83a8d$ee6b5180$cb41f480$@etri.re.kr>

[-- Attachment #1.1: Type: text/plain, Size: 5198 bytes --]

On Fri, 18 Mar 2022, 07:04 Chan Kim, <ckim@etri.re.kr> wrote:

> Hello all,
>
> This is what I see when I search “KERNEL_RWX” during “make menuconfig” for
> arm64 kernel(5-10.0-rc5).
>
> The Kconfig file says CONFIG_STRICT_KERNEL_RWX is for setting text and
> rodata read-only.
>
>      Symbol: ARCH_OPTIONAL_KERNEL_RWX [=n]
>
>      Type  : bool
>
>      Defined at arch/Kconfig:928
>
>      Symbol: ARCH_OPTIONAL_KERNEL_RWX_DEFAULT [=n]
>
>      Type  : bool
>
>      Defined at arch/Kconfig:931
>
>
>
>      Symbol: STRICT_KERNEL_RWX [=y]
>
>      Type  : bool
>
>      Defined at arch/Kconfig:937
>
>        Prompt: Make kernel text and rodata read-only
>
>        Depends on: ARCH_HAS_STRICT_KERNEL_RWX [=y]
>
>        Visible if: ARCH_HAS_STRICT_KERNEL_RWX [=y] &&
> ARCH_OPTIONAL_KERNEL_RWX [=n]
>
>        Location:
>
>      (1) -> General architecture-dependent options
>
> I wanted to try setting STRICT_KERNEL_RWX to =n. It says this option is
> visible when ARCH_OPTIONAL_KERNEL_RWX is =y which is now =n.
>
Now I'm a bit confused... why do you say that "It says this option is
visible when ARCH_OPTIONAL_KERNEL_RWX is =y"?

I haven't ever written Kbuild rules but as far as I understand that
message  "Symbol: STRICT_KERNEL_RWX [=y] [is] Visible if:
ARCH_HAS_STRICT_KERNEL_RWX [=y] && ARCH_OPTIONAL_KERNEL_RWX [=n]" seems to
say that we can see and enable/disable STRICT_KERNEL_RWX if and only if
ARCH_HAS_STRICT_KERNEL_RWX is set to "yes" AND ARCH_OPTIONAL_KERNEL_RWX is
set to "no".

Is it me that I'm misunderstanding the above-mentioned message from "make
menuconfig"?

> So I modified to ARCH_OPTIONAL_KERNEL_RWX=y in arch/Kconfig line 928.
> (BTW, is it correct to modify this Kconfig file directly? I’m not sure at
> the moment)
>
For sure, I'd never do this. Why don't you simply use make menuconfig for
enabling/disabling options? Options are strictly interrelated and largely
depend on others. Why do you want to bypass dependency checks?

> Then I could see the STRICT_KERNEL_RWX menu in the menuconfig and I set it
> to =n as I wanted.
>
> But when I build the kernel, I see this errors.
>
Again, if it's not me that I'm missing something, the following errors are
simply explained by your weird way to enable/disable options.

Please correct me if I didn't get something that you wrote (I'm very tired
now after a long night staying awoke :))

Regards,

Fabio M. De Francesco

    ckim@ckim-ubuntu:~/ProjX/LinuxDevDrv/kernel-release-RD-INFRA-2020.11.30$
> makeit
>
>       CALL    scripts/atomic/check-atomics.sh
>
>       CALL    scripts/checksyscalls.sh
>
>       CHK     include/generated/compile.h
>
>       CC      arch/arm64/mm/mmu.o
>
>     arch/arm64/mm/mmu.c: In function 'parse_rodata':
>
>     arch/arm64/mm/mmu.c:595:28: error: 'rodata_enabled' undeclared (first
> use in this function)
>
>       595 |  int ret = strtobool(arg, &rodata_enabled);
>
>           |                            ^~~~~~~~~~~~~~
>
>     arch/arm64/mm/mmu.c:595:28: note: each undeclared identifier is
> reported only once for each function it appears in
>
>     arch/arm64/mm/mmu.c: In function 'map_entry_trampoline':
>
>     arch/arm64/mm/mmu.c:614:18: error: 'rodata_enabled' undeclared (first
> use in this function)
>
>       614 |  pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX :
> PAGE_KERNEL_EXEC;
>
>           |                  ^~~~~~~~~~~~~~
>
>     arch/arm64/mm/mmu.c: In function 'map_kernel':
>
>     arch/arm64/mm/mmu.c:669:23: error: 'rodata_enabled' undeclared (first
> use in this function)
>
>       669 |  pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX :
> PAGE_KERNEL_EXEC;
>
>           |                       ^~~~~~~~~~~~~~
>
>     make[2]: *** [scripts/Makefile.build:283: arch/arm64/mm/mmu.o] Error 1
>
>     make[1]: *** [scripts/Makefile.build:500: arch/arm64/mm] Error 2
>
>     make: *** [Makefile:1799: arch/arm64] Error 2
>
> variable “rodata_enabled” is defined in init/main.c as below.
>
>     #if defined(CONFIG_STRICT_KERNEL_RWX) ||
> defined(CONFIG_STRICT_MODULE_RWX)
>
>     bool rodata_enabled __ro_after_init = true;
>
>     static int __init set_debug_rodata(char *str)
>
>     {
>
>         return strtobool(str, &rodata_enabled);
>
>     }
>
>     __setup("rodata=", set_debug_rodata);
>
>     #endif
>
> But now since CONFIG_STRICT_KERNEL_RWX=n, it is not defined
> here(CONFIG_STRICT_MODULE_RWX=n too).
>
> and arch/arm64/mm/mmu.c code is still using `rodata_enabled`. Is this a
> bug of the code? Or am I missing something?
>
> I can modify init/main.c and include/linux/init.h so that this
> rodata_enabled and related functions be defined regardless of these CONFIG
> values and make the errors go away, but I’m curious if this a kind of
> kernel bug raising compiler error.
>
> Any comment will be really appreciated.
>
> Thank you!
>
>
>
> Chan Kim
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>

[-- Attachment #1.2: Type: text/html, Size: 10826 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies