* [PATCH] arm64: fix build error when use rodata_enabled
@ 2022-01-05 3:07 ` AliOS system security
0 siblings, 0 replies; 11+ messages in thread
From: AliOS system security @ 2022-01-05 3:07 UTC (permalink / raw)
To: catalin.marinas, will
Cc: linux-arm-kernel, linux-kernel, AliOS system security
rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
or CONFIG_STRICT_MODULE_RWX is selected
Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
---
arch/arm64/mm/mmu.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index acfae9b..47f8754 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
vm_area_add_early(vma);
}
+#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
static int __init parse_rodata(char *arg)
{
int ret = strtobool(arg, &rodata_enabled);
@@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
return 0;
}
early_param("rodata", parse_rodata);
+#endif
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
static int __init map_entry_trampoline(void)
{
- pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
+ pgprot_t prot = PAGE_KERNEL_EXEC;
+#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
+ if (rodata_enabled)
+ prot = PAGE_KERNEL_ROX;
+#endif
phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
/* The trampoline is always mapped and can therefore be global */
@@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
* mapping to install SW breakpoints. Allow this (only) when
* explicitly requested with rodata=off.
*/
- pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
+ pgprot_t text_prot = PAGE_KERNEL_EXEC;
+#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
+ if (rodata_enabled)
+ text_prot = PAGE_KERNEL_ROX;
+#endif
/*
* If we have a CPU that supports BTI and a kernel built for
--
2.7.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH] arm64: fix build error when use rodata_enabled
@ 2022-01-05 3:07 ` AliOS system security
0 siblings, 0 replies; 11+ messages in thread
From: AliOS system security @ 2022-01-05 3:07 UTC (permalink / raw)
To: catalin.marinas, will
Cc: linux-arm-kernel, linux-kernel, AliOS system security
rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
or CONFIG_STRICT_MODULE_RWX is selected
Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
---
arch/arm64/mm/mmu.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index acfae9b..47f8754 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
vm_area_add_early(vma);
}
+#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
static int __init parse_rodata(char *arg)
{
int ret = strtobool(arg, &rodata_enabled);
@@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
return 0;
}
early_param("rodata", parse_rodata);
+#endif
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
static int __init map_entry_trampoline(void)
{
- pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
+ pgprot_t prot = PAGE_KERNEL_EXEC;
+#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
+ if (rodata_enabled)
+ prot = PAGE_KERNEL_ROX;
+#endif
phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
/* The trampoline is always mapped and can therefore be global */
@@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
* mapping to install SW breakpoints. Allow this (only) when
* explicitly requested with rodata=off.
*/
- pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
+ pgprot_t text_prot = PAGE_KERNEL_EXEC;
+#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
+ if (rodata_enabled)
+ text_prot = PAGE_KERNEL_ROX;
+#endif
/*
* If we have a CPU that supports BTI and a kernel built for
--
2.7.4
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH] arm64: fix build error when use rodata_enabled
2022-01-05 3:07 ` AliOS system security
@ 2022-01-05 9:21 ` Anshuman Khandual
-1 siblings, 0 replies; 11+ messages in thread
From: Anshuman Khandual @ 2022-01-05 9:21 UTC (permalink / raw)
To: AliOS system security, catalin.marinas, will
Cc: linux-arm-kernel, linux-kernel
Hello,
On 1/5/22 8:37 AM, AliOS system security wrote:
> rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
> or CONFIG_STRICT_MODULE_RWX is selected
Both these configs get selected invariably with CONFIG_ARM64 in the
platform config file (arch/arm64/Kconfig). I guess there can not be
any such situation, where both configs will be missing/not selected
given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64.
config ARM64
def_bool y
select ACPI_CCA_REQUIRED if ACPI
.....
select ARCH_HAS_STRICT_KERNEL_RWX
select ARCH_HAS_STRICT_MODULE_RWX
.....
Hence for all practical purpose, rodata_enabled could be considered
always available. I am sure there other similar situations as well,
where code elements are not wrapped around if the config option is
always present.
>
> Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
Also please refer Documentation/process/submitting-patches.rst for
the rules regarding names, that can be used for a commit sign off.
------------------------------------------------------------------------
then you just add a line saying::
Signed-off-by: Random J Developer <random@developer.example.org>
using your real name (sorry, no pseudonyms or anonymous contributions.)
------------------------------------------------------------------------
- Anshuman
> ---
> arch/arm64/mm/mmu.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index acfae9b..47f8754 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
> vm_area_add_early(vma);
> }
>
> +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> static int __init parse_rodata(char *arg)
> {
> int ret = strtobool(arg, &rodata_enabled);
> @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
> return 0;
> }
> early_param("rodata", parse_rodata);
> +#endif
>
> #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> static int __init map_entry_trampoline(void)
> {
> - pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> + pgprot_t prot = PAGE_KERNEL_EXEC;
> +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> + if (rodata_enabled)
> + prot = PAGE_KERNEL_ROX;
> +#endif
> phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
>
> /* The trampoline is always mapped and can therefore be global */
> @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
> * mapping to install SW breakpoints. Allow this (only) when
> * explicitly requested with rodata=off.
> */
> - pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> + pgprot_t text_prot = PAGE_KERNEL_EXEC;
> +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> + if (rodata_enabled)
> + text_prot = PAGE_KERNEL_ROX;
> +#endif
>
> /*
> * If we have a CPU that supports BTI and a kernel built for
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] arm64: fix build error when use rodata_enabled
@ 2022-01-05 9:21 ` Anshuman Khandual
0 siblings, 0 replies; 11+ messages in thread
From: Anshuman Khandual @ 2022-01-05 9:21 UTC (permalink / raw)
To: AliOS system security, catalin.marinas, will
Cc: linux-arm-kernel, linux-kernel
Hello,
On 1/5/22 8:37 AM, AliOS system security wrote:
> rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
> or CONFIG_STRICT_MODULE_RWX is selected
Both these configs get selected invariably with CONFIG_ARM64 in the
platform config file (arch/arm64/Kconfig). I guess there can not be
any such situation, where both configs will be missing/not selected
given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64.
config ARM64
def_bool y
select ACPI_CCA_REQUIRED if ACPI
.....
select ARCH_HAS_STRICT_KERNEL_RWX
select ARCH_HAS_STRICT_MODULE_RWX
.....
Hence for all practical purpose, rodata_enabled could be considered
always available. I am sure there other similar situations as well,
where code elements are not wrapped around if the config option is
always present.
>
> Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
Also please refer Documentation/process/submitting-patches.rst for
the rules regarding names, that can be used for a commit sign off.
------------------------------------------------------------------------
then you just add a line saying::
Signed-off-by: Random J Developer <random@developer.example.org>
using your real name (sorry, no pseudonyms or anonymous contributions.)
------------------------------------------------------------------------
- Anshuman
> ---
> arch/arm64/mm/mmu.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index acfae9b..47f8754 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
> vm_area_add_early(vma);
> }
>
> +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> static int __init parse_rodata(char *arg)
> {
> int ret = strtobool(arg, &rodata_enabled);
> @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
> return 0;
> }
> early_param("rodata", parse_rodata);
> +#endif
>
> #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> static int __init map_entry_trampoline(void)
> {
> - pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> + pgprot_t prot = PAGE_KERNEL_EXEC;
> +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> + if (rodata_enabled)
> + prot = PAGE_KERNEL_ROX;
> +#endif
> phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
>
> /* The trampoline is always mapped and can therefore be global */
> @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
> * mapping to install SW breakpoints. Allow this (only) when
> * explicitly requested with rodata=off.
> */
> - pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> + pgprot_t text_prot = PAGE_KERNEL_EXEC;
> +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> + if (rodata_enabled)
> + text_prot = PAGE_KERNEL_ROX;
> +#endif
>
> /*
> * If we have a CPU that supports BTI and a kernel built for
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] arm64: fix build error when use rodata_enabled
2022-01-05 3:07 ` AliOS system security
(?)
@ 2022-01-05 10:22 ` kernel test robot
-1 siblings, 0 replies; 11+ messages in thread
From: kernel test robot @ 2022-01-05 10:22 UTC (permalink / raw)
To: AliOS system security, catalin.marinas, will
Cc: kbuild-all, linux-arm-kernel, linux-kernel, AliOS system security
Hi AliOS,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on v5.16-rc8 next-20220105]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/AliOS-system-security/arm64-fix-build-error-when-use-rodata_enabled/20220105-110838
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-randconfig-s032-20220105 (https://download.01.org/0day-ci/archive/20220105/202201051817.4KPMZJag-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 11.2.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://github.com/0day-ci/linux/commit/6af4245e93d33d4f4a79a560a707539be994f73e
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review AliOS-system-security/arm64-fix-build-error-when-use-rodata_enabled/20220105-110838
git checkout 6af4245e93d33d4f4a79a560a707539be994f73e
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=arm64 SHELL=/bin/bash arch/arm64/mm/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
arch/arm64/mm/mmu.c: In function 'map_entry_trampoline':
>> arch/arm64/mm/mmu.c:627:9: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
627 | phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
| ^~~~~~~~~~~
vim +627 arch/arm64/mm/mmu.c
28b066da69b937 Ard Biesheuvel 2017-03-09 618
51a0048beb4496 Will Deacon 2017-11-14 619 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
51a0048beb4496 Will Deacon 2017-11-14 620 static int __init map_entry_trampoline(void)
51a0048beb4496 Will Deacon 2017-11-14 621 {
6af4245e93d33d AliOS system security 2022-01-05 622 pgprot_t prot = PAGE_KERNEL_EXEC;
6af4245e93d33d AliOS system security 2022-01-05 623 #if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
6af4245e93d33d AliOS system security 2022-01-05 624 if (rodata_enabled)
6af4245e93d33d AliOS system security 2022-01-05 625 prot = PAGE_KERNEL_ROX;
6af4245e93d33d AliOS system security 2022-01-05 626 #endif
51a0048beb4496 Will Deacon 2017-11-14 @627 phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
51a0048beb4496 Will Deacon 2017-11-14 628
51a0048beb4496 Will Deacon 2017-11-14 629 /* The trampoline is always mapped and can therefore be global */
51a0048beb4496 Will Deacon 2017-11-14 630 pgprot_val(prot) &= ~PTE_NG;
51a0048beb4496 Will Deacon 2017-11-14 631
51a0048beb4496 Will Deacon 2017-11-14 632 /* Map only the text into the trampoline page table */
51a0048beb4496 Will Deacon 2017-11-14 633 memset(tramp_pg_dir, 0, PGD_SIZE);
51a0048beb4496 Will Deacon 2017-11-14 634 __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
475ba3fc194b64 Will Deacon 2019-04-08 635 prot, __pgd_pgtable_alloc, 0);
51a0048beb4496 Will Deacon 2017-11-14 636
6c27c4082f4f70 Will Deacon 2017-12-06 637 /* Map both the text and data into the kernel page table */
51a0048beb4496 Will Deacon 2017-11-14 638 __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
6c27c4082f4f70 Will Deacon 2017-12-06 639 if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
6c27c4082f4f70 Will Deacon 2017-12-06 640 extern char __entry_tramp_data_start[];
6c27c4082f4f70 Will Deacon 2017-12-06 641
6c27c4082f4f70 Will Deacon 2017-12-06 642 __set_fixmap(FIX_ENTRY_TRAMP_DATA,
6c27c4082f4f70 Will Deacon 2017-12-06 643 __pa_symbol(__entry_tramp_data_start),
6c27c4082f4f70 Will Deacon 2017-12-06 644 PAGE_KERNEL_RO);
6c27c4082f4f70 Will Deacon 2017-12-06 645 }
6c27c4082f4f70 Will Deacon 2017-12-06 646
51a0048beb4496 Will Deacon 2017-11-14 647 return 0;
51a0048beb4496 Will Deacon 2017-11-14 648 }
51a0048beb4496 Will Deacon 2017-11-14 649 core_initcall(map_entry_trampoline);
51a0048beb4496 Will Deacon 2017-11-14 650 #endif
51a0048beb4496 Will Deacon 2017-11-14 651
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] arm64: fix build error when use rodata_enabled
@ 2022-01-05 10:22 ` kernel test robot
0 siblings, 0 replies; 11+ messages in thread
From: kernel test robot @ 2022-01-05 10:22 UTC (permalink / raw)
To: AliOS system security, catalin.marinas, will
Cc: kbuild-all, linux-arm-kernel, linux-kernel, AliOS system security
Hi AliOS,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on v5.16-rc8 next-20220105]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/AliOS-system-security/arm64-fix-build-error-when-use-rodata_enabled/20220105-110838
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-randconfig-s032-20220105 (https://download.01.org/0day-ci/archive/20220105/202201051817.4KPMZJag-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 11.2.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://github.com/0day-ci/linux/commit/6af4245e93d33d4f4a79a560a707539be994f73e
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review AliOS-system-security/arm64-fix-build-error-when-use-rodata_enabled/20220105-110838
git checkout 6af4245e93d33d4f4a79a560a707539be994f73e
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=arm64 SHELL=/bin/bash arch/arm64/mm/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
arch/arm64/mm/mmu.c: In function 'map_entry_trampoline':
>> arch/arm64/mm/mmu.c:627:9: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
627 | phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
| ^~~~~~~~~~~
vim +627 arch/arm64/mm/mmu.c
28b066da69b937 Ard Biesheuvel 2017-03-09 618
51a0048beb4496 Will Deacon 2017-11-14 619 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
51a0048beb4496 Will Deacon 2017-11-14 620 static int __init map_entry_trampoline(void)
51a0048beb4496 Will Deacon 2017-11-14 621 {
6af4245e93d33d AliOS system security 2022-01-05 622 pgprot_t prot = PAGE_KERNEL_EXEC;
6af4245e93d33d AliOS system security 2022-01-05 623 #if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
6af4245e93d33d AliOS system security 2022-01-05 624 if (rodata_enabled)
6af4245e93d33d AliOS system security 2022-01-05 625 prot = PAGE_KERNEL_ROX;
6af4245e93d33d AliOS system security 2022-01-05 626 #endif
51a0048beb4496 Will Deacon 2017-11-14 @627 phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
51a0048beb4496 Will Deacon 2017-11-14 628
51a0048beb4496 Will Deacon 2017-11-14 629 /* The trampoline is always mapped and can therefore be global */
51a0048beb4496 Will Deacon 2017-11-14 630 pgprot_val(prot) &= ~PTE_NG;
51a0048beb4496 Will Deacon 2017-11-14 631
51a0048beb4496 Will Deacon 2017-11-14 632 /* Map only the text into the trampoline page table */
51a0048beb4496 Will Deacon 2017-11-14 633 memset(tramp_pg_dir, 0, PGD_SIZE);
51a0048beb4496 Will Deacon 2017-11-14 634 __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
475ba3fc194b64 Will Deacon 2019-04-08 635 prot, __pgd_pgtable_alloc, 0);
51a0048beb4496 Will Deacon 2017-11-14 636
6c27c4082f4f70 Will Deacon 2017-12-06 637 /* Map both the text and data into the kernel page table */
51a0048beb4496 Will Deacon 2017-11-14 638 __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
6c27c4082f4f70 Will Deacon 2017-12-06 639 if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
6c27c4082f4f70 Will Deacon 2017-12-06 640 extern char __entry_tramp_data_start[];
6c27c4082f4f70 Will Deacon 2017-12-06 641
6c27c4082f4f70 Will Deacon 2017-12-06 642 __set_fixmap(FIX_ENTRY_TRAMP_DATA,
6c27c4082f4f70 Will Deacon 2017-12-06 643 __pa_symbol(__entry_tramp_data_start),
6c27c4082f4f70 Will Deacon 2017-12-06 644 PAGE_KERNEL_RO);
6c27c4082f4f70 Will Deacon 2017-12-06 645 }
6c27c4082f4f70 Will Deacon 2017-12-06 646
51a0048beb4496 Will Deacon 2017-11-14 647 return 0;
51a0048beb4496 Will Deacon 2017-11-14 648 }
51a0048beb4496 Will Deacon 2017-11-14 649 core_initcall(map_entry_trampoline);
51a0048beb4496 Will Deacon 2017-11-14 650 #endif
51a0048beb4496 Will Deacon 2017-11-14 651
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] arm64: fix build error when use rodata_enabled
@ 2022-01-05 10:22 ` kernel test robot
0 siblings, 0 replies; 11+ messages in thread
From: kernel test robot @ 2022-01-05 10:22 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 5050 bytes --]
Hi AliOS,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on v5.16-rc8 next-20220105]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/AliOS-system-security/arm64-fix-build-error-when-use-rodata_enabled/20220105-110838
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-randconfig-s032-20220105 (https://download.01.org/0day-ci/archive/20220105/202201051817.4KPMZJag-lkp(a)intel.com/config)
compiler: aarch64-linux-gcc (GCC) 11.2.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://github.com/0day-ci/linux/commit/6af4245e93d33d4f4a79a560a707539be994f73e
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review AliOS-system-security/arm64-fix-build-error-when-use-rodata_enabled/20220105-110838
git checkout 6af4245e93d33d4f4a79a560a707539be994f73e
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=arm64 SHELL=/bin/bash arch/arm64/mm/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
arch/arm64/mm/mmu.c: In function 'map_entry_trampoline':
>> arch/arm64/mm/mmu.c:627:9: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
627 | phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
| ^~~~~~~~~~~
vim +627 arch/arm64/mm/mmu.c
28b066da69b937 Ard Biesheuvel 2017-03-09 618
51a0048beb4496 Will Deacon 2017-11-14 619 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
51a0048beb4496 Will Deacon 2017-11-14 620 static int __init map_entry_trampoline(void)
51a0048beb4496 Will Deacon 2017-11-14 621 {
6af4245e93d33d AliOS system security 2022-01-05 622 pgprot_t prot = PAGE_KERNEL_EXEC;
6af4245e93d33d AliOS system security 2022-01-05 623 #if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
6af4245e93d33d AliOS system security 2022-01-05 624 if (rodata_enabled)
6af4245e93d33d AliOS system security 2022-01-05 625 prot = PAGE_KERNEL_ROX;
6af4245e93d33d AliOS system security 2022-01-05 626 #endif
51a0048beb4496 Will Deacon 2017-11-14 @627 phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
51a0048beb4496 Will Deacon 2017-11-14 628
51a0048beb4496 Will Deacon 2017-11-14 629 /* The trampoline is always mapped and can therefore be global */
51a0048beb4496 Will Deacon 2017-11-14 630 pgprot_val(prot) &= ~PTE_NG;
51a0048beb4496 Will Deacon 2017-11-14 631
51a0048beb4496 Will Deacon 2017-11-14 632 /* Map only the text into the trampoline page table */
51a0048beb4496 Will Deacon 2017-11-14 633 memset(tramp_pg_dir, 0, PGD_SIZE);
51a0048beb4496 Will Deacon 2017-11-14 634 __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
475ba3fc194b64 Will Deacon 2019-04-08 635 prot, __pgd_pgtable_alloc, 0);
51a0048beb4496 Will Deacon 2017-11-14 636
6c27c4082f4f70 Will Deacon 2017-12-06 637 /* Map both the text and data into the kernel page table */
51a0048beb4496 Will Deacon 2017-11-14 638 __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
6c27c4082f4f70 Will Deacon 2017-12-06 639 if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
6c27c4082f4f70 Will Deacon 2017-12-06 640 extern char __entry_tramp_data_start[];
6c27c4082f4f70 Will Deacon 2017-12-06 641
6c27c4082f4f70 Will Deacon 2017-12-06 642 __set_fixmap(FIX_ENTRY_TRAMP_DATA,
6c27c4082f4f70 Will Deacon 2017-12-06 643 __pa_symbol(__entry_tramp_data_start),
6c27c4082f4f70 Will Deacon 2017-12-06 644 PAGE_KERNEL_RO);
6c27c4082f4f70 Will Deacon 2017-12-06 645 }
6c27c4082f4f70 Will Deacon 2017-12-06 646
51a0048beb4496 Will Deacon 2017-11-14 647 return 0;
51a0048beb4496 Will Deacon 2017-11-14 648 }
51a0048beb4496 Will Deacon 2017-11-14 649 core_initcall(map_entry_trampoline);
51a0048beb4496 Will Deacon 2017-11-14 650 #endif
51a0048beb4496 Will Deacon 2017-11-14 651
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] arm64: fix build error when use rodata_enabled
2022-01-05 9:21 ` Anshuman Khandual
@ 2022-01-05 10:47 ` Mark Rutland
-1 siblings, 0 replies; 11+ messages in thread
From: Mark Rutland @ 2022-01-05 10:47 UTC (permalink / raw)
To: AliOS system security
Cc: Anshuman Khandual, catalin.marinas, will, linux-arm-kernel, linux-kernel
On Wed, Jan 05, 2022 at 02:51:05PM +0530, Anshuman Khandual wrote:
> Hello,
>
> On 1/5/22 8:37 AM, AliOS system security wrote:
> > rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
> > or CONFIG_STRICT_MODULE_RWX is selected
Further to Anshuman's comments here, for a build issue, please include the
specific build error in the commit log, and describe the configuration where
this manifests.
For the reasons Anshuman gives below I do not see how this can be a problem in
mainline.
Thanks,
Mark.
> Both these configs get selected invariably with CONFIG_ARM64 in the
> platform config file (arch/arm64/Kconfig). I guess there can not be
> any such situation, where both configs will be missing/not selected
> given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64.
>
> config ARM64
> def_bool y
> select ACPI_CCA_REQUIRED if ACPI
> .....
> select ARCH_HAS_STRICT_KERNEL_RWX
> select ARCH_HAS_STRICT_MODULE_RWX
> .....
>
> Hence for all practical purpose, rodata_enabled could be considered
> always available. I am sure there other similar situations as well,
> where code elements are not wrapped around if the config option is
> always present.
>
> >
> > Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
>
> Also please refer Documentation/process/submitting-patches.rst for
> the rules regarding names, that can be used for a commit sign off.
>
> ------------------------------------------------------------------------
> then you just add a line saying::
>
> Signed-off-by: Random J Developer <random@developer.example.org>
>
> using your real name (sorry, no pseudonyms or anonymous contributions.)
> ------------------------------------------------------------------------
>
> - Anshuman
>
> > ---
> > arch/arm64/mm/mmu.c | 14 ++++++++++++--
> > 1 file changed, 12 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> > index acfae9b..47f8754 100644
> > --- a/arch/arm64/mm/mmu.c
> > +++ b/arch/arm64/mm/mmu.c
> > @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
> > vm_area_add_early(vma);
> > }
> >
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > static int __init parse_rodata(char *arg)
> > {
> > int ret = strtobool(arg, &rodata_enabled);
> > @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
> > return 0;
> > }
> > early_param("rodata", parse_rodata);
> > +#endif
> >
> > #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> > static int __init map_entry_trampoline(void)
> > {
> > - pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + prot = PAGE_KERNEL_ROX;
> > +#endif
> > phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
> >
> > /* The trampoline is always mapped and can therefore be global */
> > @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
> > * mapping to install SW breakpoints. Allow this (only) when
> > * explicitly requested with rodata=off.
> > */
> > - pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t text_prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + text_prot = PAGE_KERNEL_ROX;
> > +#endif
> >
> > /*
> > * If we have a CPU that supports BTI and a kernel built for
> >
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] arm64: fix build error when use rodata_enabled
@ 2022-01-05 10:47 ` Mark Rutland
0 siblings, 0 replies; 11+ messages in thread
From: Mark Rutland @ 2022-01-05 10:47 UTC (permalink / raw)
To: AliOS system security
Cc: Anshuman Khandual, catalin.marinas, will, linux-arm-kernel, linux-kernel
On Wed, Jan 05, 2022 at 02:51:05PM +0530, Anshuman Khandual wrote:
> Hello,
>
> On 1/5/22 8:37 AM, AliOS system security wrote:
> > rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
> > or CONFIG_STRICT_MODULE_RWX is selected
Further to Anshuman's comments here, for a build issue, please include the
specific build error in the commit log, and describe the configuration where
this manifests.
For the reasons Anshuman gives below I do not see how this can be a problem in
mainline.
Thanks,
Mark.
> Both these configs get selected invariably with CONFIG_ARM64 in the
> platform config file (arch/arm64/Kconfig). I guess there can not be
> any such situation, where both configs will be missing/not selected
> given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64.
>
> config ARM64
> def_bool y
> select ACPI_CCA_REQUIRED if ACPI
> .....
> select ARCH_HAS_STRICT_KERNEL_RWX
> select ARCH_HAS_STRICT_MODULE_RWX
> .....
>
> Hence for all practical purpose, rodata_enabled could be considered
> always available. I am sure there other similar situations as well,
> where code elements are not wrapped around if the config option is
> always present.
>
> >
> > Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
>
> Also please refer Documentation/process/submitting-patches.rst for
> the rules regarding names, that can be used for a commit sign off.
>
> ------------------------------------------------------------------------
> then you just add a line saying::
>
> Signed-off-by: Random J Developer <random@developer.example.org>
>
> using your real name (sorry, no pseudonyms or anonymous contributions.)
> ------------------------------------------------------------------------
>
> - Anshuman
>
> > ---
> > arch/arm64/mm/mmu.c | 14 ++++++++++++--
> > 1 file changed, 12 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> > index acfae9b..47f8754 100644
> > --- a/arch/arm64/mm/mmu.c
> > +++ b/arch/arm64/mm/mmu.c
> > @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
> > vm_area_add_early(vma);
> > }
> >
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > static int __init parse_rodata(char *arg)
> > {
> > int ret = strtobool(arg, &rodata_enabled);
> > @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
> > return 0;
> > }
> > early_param("rodata", parse_rodata);
> > +#endif
> >
> > #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> > static int __init map_entry_trampoline(void)
> > {
> > - pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + prot = PAGE_KERNEL_ROX;
> > +#endif
> > phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
> >
> > /* The trampoline is always mapped and can therefore be global */
> > @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
> > * mapping to install SW breakpoints. Allow this (only) when
> > * explicitly requested with rodata=off.
> > */
> > - pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t text_prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + text_prot = PAGE_KERNEL_ROX;
> > +#endif
> >
> > /*
> > * If we have a CPU that supports BTI and a kernel built for
> >
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: 回复:[PATCH] arm64: fix build error when use rodata_enabled
[not found] ` <6f37012b-b082-457f-9aee-2315a461c031.alios_sys_security@linux.alibaba.com>
@ 2022-01-05 12:48 ` Anshuman Khandual
0 siblings, 0 replies; 11+ messages in thread
From: Anshuman Khandual @ 2022-01-05 12:48 UTC (permalink / raw)
To: AliOS system security, catalin.marinas, will
Cc: linux-arm-kernel, linux-kernel
On 1/5/22 6:07 PM, AliOS system security wrote:
> Hello,
> When I commen out these configs like below to disable rodata function for debug purpose
Then it's a modified custom kernel, not mainline anymore.
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 3bb0b67..40fbd85 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -36,8 +36,8 @@ config ARM64
> select ARCH_HAS_SET_DIRECT_MAP
> select ARCH_HAS_SET_MEMORY
> select ARCH_STACKWALK
> - select ARCH_HAS_STRICT_KERNEL_RWX
> - select ARCH_HAS_STRICT_MODULE_RWX
> +# select ARCH_HAS_STRICT_KERNEL_RWX
> +# select ARCH_HAS_STRICT_MODULE_RWX
> select ARCH_HAS_SYNC_DMA_FOR_DEVICE
>
> then build failed with below log:
> arch/arm64/mm/mmu.c: In function ‘parse_rodata’:
> arch/arm64/mm/mmu.c:601:28: error: ‘rodata_enabled’ undeclared (first use in this function); did you mean ‘kasan_enabled’?
> int ret = strtobool(arg, &rodata_enabled);
> ^~~~~~~~~~~~~~
> kasan_enabled
> arch/arm64/mm/mmu.c:601:28: note: each undeclared identifier is reported only once for each function it appears in
> CC net/core/skbuff.o
> arch/arm64/mm/mmu.c: In function ‘map_entry_trampoline’:
> arch/arm64/mm/mmu.c:620:18: error: ‘rodata_enabled’ undeclared (first use in this function); did you mean ‘kasan_enabled’?
> pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
These build errors are caused on a modified kernel, not mainline.
>
> I hope these configs can be used at least for function test.
> And wrap around variable when it is defined within macro should be better.
If the config options are not user selectable (which is the case here), they
should not be used for testing. Because there might be already assumptions in
the kernel, around its availability.
>
> Thanks!
>
> ------------------------------------------------------------------
> 发件人:Anshuman Khandual <anshuman.khandual@arm.com>
> 发送时间:2022年1月5日(星期三) 17:21
> 收件人:AliOS system security <alios_sys_security@linux.alibaba.com>; catalin.marinas <catalin.marinas@arm.com>; will <will@kernel.org>
> 抄 送:linux-arm-kernel <linux-arm-kernel@lists.infradead.org>; linux-kernel <linux-kernel@vger.kernel.org>
> 主 题:Re: [PATCH] arm64: fix build error when use rodata_enabled
>
> Hello,
>
> On 1/5/22 8:37 AM, AliOS system security wrote:
> > rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
> > or CONFIG_STRICT_MODULE_RWX is selected
>
> Both these configs get selected invariably with CONFIG_ARM64 in the
> platform config file (arch/arm64/Kconfig). I guess there can not be
> any such situation, where both configs will be missing/not selected
> given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64.
>
> config ARM64
> def_bool y
> select ACPI_CCA_REQUIRED if ACPI
> .....
> select ARCH_HAS_STRICT_KERNEL_RWX
> select ARCH_HAS_STRICT_MODULE_RWX
> .....
>
> Hence for all practical purpose, rodata_enabled could be considered
> always available. I am sure there other similar situations as well,
> where code elements are not wrapped around if the config option is
> always present.
>
> >
> > Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
>
> Also please refer Documentation/process/submitting-patches.rst for
> the rules regarding names, that can be used for a commit sign off.
>
> ------------------------------------------------------------------------
> then you just add a line saying::
>
> Signed-off-by: Random J Developer <random@developer.example.org>
>
> using your real name (sorry, no pseudonyms or anonymous contributions.)
> ------------------------------------------------------------------------
>
> - Anshuman
>
> > ---
> > arch/arm64/mm/mmu.c | 14 ++++++++++++--
> > 1 file changed, 12 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> > index acfae9b..47f8754 100644
> > --- a/arch/arm64/mm/mmu.c
> > +++ b/arch/arm64/mm/mmu.c
> > @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
> > vm_area_add_early(vma);
> > }
> >
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > static int __init parse_rodata(char *arg)
> > {
> > int ret = strtobool(arg, &rodata_enabled);
> > @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
> > return 0;
> > }
> > early_param("rodata", parse_rodata);
> > +#endif
> >
> > #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> > static int __init map_entry_trampoline(void)
> > {
> > - pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + prot = PAGE_KERNEL_ROX;
> > +#endif
> > phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
> >
> > /* The trampoline is always mapped and can therefore be global */
> > @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
> > * mapping to install SW breakpoints. Allow this (only) when
> > * explicitly requested with rodata=off.
> > */
> > - pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t text_prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + text_prot = PAGE_KERNEL_ROX;
> > +#endif
> >
> > /*
> > * If we have a CPU that supports BTI and a kernel built for
> >
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: 回复:[PATCH] arm64: fix build error when use rodata_enabled
@ 2022-01-05 12:48 ` Anshuman Khandual
0 siblings, 0 replies; 11+ messages in thread
From: Anshuman Khandual @ 2022-01-05 12:48 UTC (permalink / raw)
To: AliOS system security, catalin.marinas, will
Cc: linux-arm-kernel, linux-kernel
On 1/5/22 6:07 PM, AliOS system security wrote:
> Hello,
> When I commen out these configs like below to disable rodata function for debug purpose
Then it's a modified custom kernel, not mainline anymore.
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 3bb0b67..40fbd85 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -36,8 +36,8 @@ config ARM64
> select ARCH_HAS_SET_DIRECT_MAP
> select ARCH_HAS_SET_MEMORY
> select ARCH_STACKWALK
> - select ARCH_HAS_STRICT_KERNEL_RWX
> - select ARCH_HAS_STRICT_MODULE_RWX
> +# select ARCH_HAS_STRICT_KERNEL_RWX
> +# select ARCH_HAS_STRICT_MODULE_RWX
> select ARCH_HAS_SYNC_DMA_FOR_DEVICE
>
> then build failed with below log:
> arch/arm64/mm/mmu.c: In function ‘parse_rodata’:
> arch/arm64/mm/mmu.c:601:28: error: ‘rodata_enabled’ undeclared (first use in this function); did you mean ‘kasan_enabled’?
> int ret = strtobool(arg, &rodata_enabled);
> ^~~~~~~~~~~~~~
> kasan_enabled
> arch/arm64/mm/mmu.c:601:28: note: each undeclared identifier is reported only once for each function it appears in
> CC net/core/skbuff.o
> arch/arm64/mm/mmu.c: In function ‘map_entry_trampoline’:
> arch/arm64/mm/mmu.c:620:18: error: ‘rodata_enabled’ undeclared (first use in this function); did you mean ‘kasan_enabled’?
> pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
These build errors are caused on a modified kernel, not mainline.
>
> I hope these configs can be used at least for function test.
> And wrap around variable when it is defined within macro should be better.
If the config options are not user selectable (which is the case here), they
should not be used for testing. Because there might be already assumptions in
the kernel, around its availability.
>
> Thanks!
>
> ------------------------------------------------------------------
> 发件人:Anshuman Khandual <anshuman.khandual@arm.com>
> 发送时间:2022年1月5日(星期三) 17:21
> 收件人:AliOS system security <alios_sys_security@linux.alibaba.com>; catalin.marinas <catalin.marinas@arm.com>; will <will@kernel.org>
> 抄 送:linux-arm-kernel <linux-arm-kernel@lists.infradead.org>; linux-kernel <linux-kernel@vger.kernel.org>
> 主 题:Re: [PATCH] arm64: fix build error when use rodata_enabled
>
> Hello,
>
> On 1/5/22 8:37 AM, AliOS system security wrote:
> > rodata_enabled should be used when CONFIG_STRICT_KERNEL_RWX
> > or CONFIG_STRICT_MODULE_RWX is selected
>
> Both these configs get selected invariably with CONFIG_ARM64 in the
> platform config file (arch/arm64/Kconfig). I guess there can not be
> any such situation, where both configs will be missing/not selected
> given ARCH_OPTIONAL_KERNEL_RWX[or _DEFAULT] is not enabled on arm64.
>
> config ARM64
> def_bool y
> select ACPI_CCA_REQUIRED if ACPI
> .....
> select ARCH_HAS_STRICT_KERNEL_RWX
> select ARCH_HAS_STRICT_MODULE_RWX
> .....
>
> Hence for all practical purpose, rodata_enabled could be considered
> always available. I am sure there other similar situations as well,
> where code elements are not wrapped around if the config option is
> always present.
>
> >
> > Signed-off-by: AliOS system security <alios_sys_security@linux.alibaba.com>
>
> Also please refer Documentation/process/submitting-patches.rst for
> the rules regarding names, that can be used for a commit sign off.
>
> ------------------------------------------------------------------------
> then you just add a line saying::
>
> Signed-off-by: Random J Developer <random@developer.example.org>
>
> using your real name (sorry, no pseudonyms or anonymous contributions.)
> ------------------------------------------------------------------------
>
> - Anshuman
>
> > ---
> > arch/arm64/mm/mmu.c | 14 ++++++++++++--
> > 1 file changed, 12 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> > index acfae9b..47f8754 100644
> > --- a/arch/arm64/mm/mmu.c
> > +++ b/arch/arm64/mm/mmu.c
> > @@ -596,6 +596,7 @@ static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end,
> > vm_area_add_early(vma);
> > }
> >
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > static int __init parse_rodata(char *arg)
> > {
> > int ret = strtobool(arg, &rodata_enabled);
> > @@ -613,11 +614,16 @@ static int __init parse_rodata(char *arg)
> > return 0;
> > }
> > early_param("rodata", parse_rodata);
> > +#endif
> >
> > #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> > static int __init map_entry_trampoline(void)
> > {
> > - pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + prot = PAGE_KERNEL_ROX;
> > +#endif
> > phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
> >
> > /* The trampoline is always mapped and can therefore be global */
> > @@ -672,7 +678,11 @@ static void __init map_kernel(pgd_t *pgdp)
> > * mapping to install SW breakpoints. Allow this (only) when
> > * explicitly requested with rodata=off.
> > */
> > - pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> > + pgprot_t text_prot = PAGE_KERNEL_EXEC;
> > +#if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX)
> > + if (rodata_enabled)
> > + text_prot = PAGE_KERNEL_ROX;
> > +#endif
> >
> > /*
> > * If we have a CPU that supports BTI and a kernel built for
> >
>
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-01-05 12:49 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-05 3:07 [PATCH] arm64: fix build error when use rodata_enabled AliOS system security
2022-01-05 3:07 ` AliOS system security
2022-01-05 9:21 ` Anshuman Khandual
2022-01-05 9:21 ` Anshuman Khandual
2022-01-05 10:47 ` Mark Rutland
2022-01-05 10:47 ` Mark Rutland
[not found] ` <6f37012b-b082-457f-9aee-2315a461c031.alios_sys_security@linux.alibaba.com>
2022-01-05 12:48 ` 回复:[PATCH] " Anshuman Khandual
2022-01-05 12:48 ` Anshuman Khandual
2022-01-05 10:22 ` [PATCH] " kernel test robot
2022-01-05 10:22 ` kernel test robot
2022-01-05 10:22 ` kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.