From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Dan Li <ashimida@linux.alibaba.com>,
Mark Rutland <mark.rutland@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Sasha Levin <sashal@kernel.org>,
will@kernel.org, peterz@infradead.org, maz@kernel.org,
pcc@google.com, linux-arm-kernel@lists.infradead.org
Subject: [PATCH AUTOSEL 5.4 16/19] arm64: Mark __stack_chk_guard as __ro_after_init
Date: Wed, 22 Sep 2021 23:38:50 -0400 [thread overview]
Message-ID: <20210923033853.1421193-16-sashal@kernel.org> (raw)
In-Reply-To: <20210923033853.1421193-1-sashal@kernel.org>
From: Dan Li <ashimida@linux.alibaba.com>
[ Upstream commit 9fcb2e93f41c07a400885325e7dbdfceba6efaec ]
__stack_chk_guard is setup once while init stage and never changed
after that.
Although the modification of this variable at runtime will usually
cause the kernel to crash (so does the attacker), it should be marked
as __ro_after_init, and it should not affect performance if it is
placed in the ro_after_init section.
Signed-off-by: Dan Li <ashimida@linux.alibaba.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/1631612642-102881-1-git-send-email-ashimida@linux.alibaba.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 7d7cfa128b71..f61ef46ebff7 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -56,7 +56,7 @@
#if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK)
#include <linux/stackprotector.h>
-unsigned long __stack_chk_guard __read_mostly;
+unsigned long __stack_chk_guard __ro_after_init;
EXPORT_SYMBOL(__stack_chk_guard);
#endif
--
2.30.2
next prev parent reply other threads:[~2021-09-23 3:40 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-23 3:38 [PATCH AUTOSEL 5.4 01/19] ibmvnic: check failover_pending in login response Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 02/19] net: macb: fix use after free on rmmod Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 03/19] net: stmmac: allow CSR clock of 300MHz Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 04/19] m68k: Double cast io functions to unsigned long Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 05/19] ipv6: delay fib6_sernum increase in fib6_add Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 06/19] bpf: Add oversize check before call kvcalloc() Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 07/19] xen/balloon: use a kernel thread instead a workqueue Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 08/19] nvme-multipath: fix ANA state updates when a namespace is not present Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 09/19] sparc32: page align size in arch_dma_alloc Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 10/19] blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 11/19] compiler.h: Introduce absolute_pointer macro Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 12/19] net: i825xx: Use absolute_pointer for memcpy from fixed memory location Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 13/19] sparc: avoid stringop-overread errors Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 14/19] qnx4: " Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 15/19] parisc: Use absolute_pointer() to define PAGE0 Sasha Levin
2021-09-23 3:38 ` Sasha Levin [this message]
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 17/19] alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 18/19] net: 6pack: Fix tx timeout and slot time Sasha Levin
2021-09-23 3:38 ` [PATCH AUTOSEL 5.4 19/19] spi: Fix tegra20 build with CONFIG_PM=n Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210923033853.1421193-16-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ashimida@linux.alibaba.com \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=pcc@google.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).