linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] ARM: mm: fix location of _etext
@ 2016-06-15 20:24 Kees Cook
  2016-06-16 12:04 ` Ard Biesheuvel
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2016-06-15 20:24 UTC (permalink / raw)
  To: Russell King
  Cc: linux-kernel, Ard Biesheuvel, Matt Fleming, Pratyush Anand,
	Nicolas Pitre, Vladimir Murzin, Toshi Kani, Stephen Boyd,
	Chris Brandt, Alexander Potapenko, Marc Zyngier, Arnd Bergmann,
	linux-arm-kernel

The _etext position is defined to be the end of the kernel text code,
and should not include any part of the data segments. This interferes
with things that might check memory ranges and expect executable code
up to _etext. Just to be conservative, leave the kernel resource as
it was, using __init_begin instead of _etext as the end mark.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
v2:
- Switched resource tracker to using __init_begin, rmk
---
 arch/arm/kernel/setup.c       | 2 +-
 arch/arm/kernel/vmlinux.lds.S | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
index 7b5350060612..dd84f03dc2d4 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -844,7 +844,7 @@ static void __init request_standard_resources(const struct machine_desc *mdesc)
 	struct resource *res;
 
 	kernel_code.start   = virt_to_phys(_text);
-	kernel_code.end     = virt_to_phys(_etext - 1);
+	kernel_code.end     = virt_to_phys(__init_begin - 1);
 	kernel_data.start   = virt_to_phys(_sdata);
 	kernel_data.end     = virt_to_phys(_end - 1);
 
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index e2c6da096cef..99420fc1f066 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -125,6 +125,8 @@ SECTIONS
 #ifdef CONFIG_DEBUG_ALIGN_RODATA
 	. = ALIGN(1<<SECTION_SHIFT);
 #endif
+	_etext = .;			/* End of text section */
+
 	RO_DATA(PAGE_SIZE)
 
 	. = ALIGN(4);
@@ -155,8 +157,6 @@ SECTIONS
 
 	NOTES
 
-	_etext = .;			/* End of text and rodata section */
-
 #ifdef CONFIG_DEBUG_RODATA
 	. = ALIGN(1<<SECTION_SHIFT);
 #else
-- 
2.7.4


-- 
Kees Cook
Chrome OS & Brillo Security

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] ARM: mm: fix location of _etext
  2016-06-15 20:24 [PATCH v2] ARM: mm: fix location of _etext Kees Cook
@ 2016-06-16 12:04 ` Ard Biesheuvel
  2016-06-16 17:08   ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Ard Biesheuvel @ 2016-06-16 12:04 UTC (permalink / raw)
  To: Kees Cook
  Cc: Russell King, linux-kernel, Matt Fleming, Pratyush Anand,
	Nicolas Pitre, Vladimir Murzin, Toshi Kani, Stephen Boyd,
	Chris Brandt, Alexander Potapenko, Marc Zyngier, Arnd Bergmann,
	linux-arm-kernel

On 15 June 2016 at 22:24, Kees Cook <keescook@chromium.org> wrote:
> The _etext position is defined to be the end of the kernel text code,
> and should not include any part of the data segments. This interferes
> with things that might check memory ranges and expect executable code
> up to _etext. Just to be conservative, leave the kernel resource as
> it was, using __init_begin instead of _etext as the end mark.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> v2:
> - Switched resource tracker to using __init_begin, rmk

Actually, Linus removed the x86 /proc/iomem resources for kernel segments in

c4004b02f8e5 ("x86: remove the kernel code/data/bss resources from /proc/iomem")

so I wonder if we should not just do the same for ARM and arm64?



> ---
>  arch/arm/kernel/setup.c       | 2 +-
>  arch/arm/kernel/vmlinux.lds.S | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
> index 7b5350060612..dd84f03dc2d4 100644
> --- a/arch/arm/kernel/setup.c
> +++ b/arch/arm/kernel/setup.c
> @@ -844,7 +844,7 @@ static void __init request_standard_resources(const struct machine_desc *mdesc)
>         struct resource *res;
>
>         kernel_code.start   = virt_to_phys(_text);
> -       kernel_code.end     = virt_to_phys(_etext - 1);
> +       kernel_code.end     = virt_to_phys(__init_begin - 1);
>         kernel_data.start   = virt_to_phys(_sdata);
>         kernel_data.end     = virt_to_phys(_end - 1);
>
> diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
> index e2c6da096cef..99420fc1f066 100644
> --- a/arch/arm/kernel/vmlinux.lds.S
> +++ b/arch/arm/kernel/vmlinux.lds.S
> @@ -125,6 +125,8 @@ SECTIONS
>  #ifdef CONFIG_DEBUG_ALIGN_RODATA
>         . = ALIGN(1<<SECTION_SHIFT);
>  #endif
> +       _etext = .;                     /* End of text section */
> +
>         RO_DATA(PAGE_SIZE)
>
>         . = ALIGN(4);
> @@ -155,8 +157,6 @@ SECTIONS
>
>         NOTES
>
> -       _etext = .;                     /* End of text and rodata section */
> -
>  #ifdef CONFIG_DEBUG_RODATA
>         . = ALIGN(1<<SECTION_SHIFT);
>  #else
> --
> 2.7.4
>
>
> --
> Kees Cook
> Chrome OS & Brillo Security

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] ARM: mm: fix location of _etext
  2016-06-16 12:04 ` Ard Biesheuvel
@ 2016-06-16 17:08   ` Kees Cook
  0 siblings, 0 replies; 3+ messages in thread
From: Kees Cook @ 2016-06-16 17:08 UTC (permalink / raw)
  To: Ard Biesheuvel
  Cc: Russell King, linux-kernel, Matt Fleming, Pratyush Anand,
	Nicolas Pitre, Vladimir Murzin, Toshi Kani, Stephen Boyd,
	Chris Brandt, Alexander Potapenko, Marc Zyngier, Arnd Bergmann,
	linux-arm-kernel

On Thu, Jun 16, 2016 at 5:04 AM, Ard Biesheuvel
<ard.biesheuvel@linaro.org> wrote:
> On 15 June 2016 at 22:24, Kees Cook <keescook@chromium.org> wrote:
>> The _etext position is defined to be the end of the kernel text code,
>> and should not include any part of the data segments. This interferes
>> with things that might check memory ranges and expect executable code
>> up to _etext. Just to be conservative, leave the kernel resource as
>> it was, using __init_begin instead of _etext as the end mark.
>>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> v2:
>> - Switched resource tracker to using __init_begin, rmk
>
> Actually, Linus removed the x86 /proc/iomem resources for kernel segments in
>
> c4004b02f8e5 ("x86: remove the kernel code/data/bss resources from /proc/iomem")
>
> so I wonder if we should not just do the same for ARM and arm64?

Nope, that got reverted. Removing it breaks things.

4046d6e81f33b7ef50d6668b78076d54c5e066b6

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-16 17:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-15 20:24 [PATCH v2] ARM: mm: fix location of _etext Kees Cook
2016-06-16 12:04 ` Ard Biesheuvel
2016-06-16 17:08   ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).