Applied: [PATCH 0/6] v/master: DEBUG_RODATA, JUMP_LABEL and MODULE_RONX fixes
Leann Ogasawara
leann.ogasawara at canonical.com
Wed Apr 1 19:04:29 UTC 2015
Applied patches 1-5 to Vivid. I'd picked these up before you sent the
V2's with the detailed commit messages, but we can clean that up on the
next rebase (assuming I remember).
Thanks,
Leann
On Mon, 2015-03-30 at 18:36 +0200, Paolo Pisati wrote:
> This patchset deals with 3 different configs:
>
> 1) DEBUG_SET_MODULE_RONX fixes (patches 1-3)
>
> Upstream found that DEBUG_SET_MODULE_RONX was non-functional on arm and
> arm64:
>
> Without the patches:
>
> root at beaglebone:~# cat /sys/module/bridge/sections/.text
> 0xbf199000
> root at beaglebone:~# cat /sys/module/bridge/sections/.data
> 0xbf1ae000
> root at beaglebone:~# grep -e 0xbf199000 -e 0xbf1ae000 /sys/kernel/debug/kernel_page_tables
> 0xbf199000-0xbf1b6000 116K RW x MEM/CACHED/WBRA
>
> With the patches applied:
>
> root at beaglebone:~# cat /sys/module/bridge/sections/.text
> 0xbf191000
> root at beaglebone:~# cat /sys/module/bridge/sections/.data
> 0xbf1a6000
> root at beaglebone:~# grep -e 0xbf191000 -e 0xbf1a6000
> /sys/kernel/debug/kernel_page_tables
> 0xbf191000-0xbf1a2000 68K ro x MEM/CACHED/WBRA
> 0xbf1a2000-0xbf1a6000 16K ro NX MEM/CACHED/WBRA
> 0xbf1a6000-0xbf1ae000 32K RW NX MEM/CACHED/WBRA
> root at beaglebone:~# uname -a
> Linux beaglebone 3.19.0-9-generic #9~RONXFIX SMP Tue Mar 24 10:34:39 UTC 2015 armv7l armv7l armv7l GNU/Linux
> root at beaglebone:~#
>
> I really hoped upstream could cc stable with these patches, but i got no answer
> so far, and with kernel freeze upon us, i decided to go ahead and pull them in:
>
> https://lkml.org/lkml/2015/3/24/197
>
> 2) JUMP_LABEL=y (patch 4)
>
> during utopic we found that JUMP_LABEL on armhf wasn't working if
> DEBUG_SET_MODULE_RONX was enabled:
>
> https://lists.ubuntu.com/archives/kernel-team/2014-October/049433.html
>
> now that the necessary bits to make the two work together have landed upstream, we can enable it again
>
> 3) DEBUG_RODATA=y (patch 5)
>
> DEBUG_RODATA is a security feature similar to DEBUG_SET_MODULE_RONX,
> but contrary to this one, it operates on all sections but modules
> and it's already enabled on every arch that support it (except armhf).
>
> Patch 6 is NOT supposed to be pulled, but people might find it useful when
> testing DEBUG_SET_MODULE_RONX and DEBUG_RODATA, so i'm posting it as a reference.
>
> Tested on armhf and arm64, proposing for v/master-next.
>
> Laura Abbott (3):
> ARM: 8311/1: Don't use is_module_addr in setting page attributes
> kernel/module.c: Update debug alignment after symtable generation
> arm64: Don't use is_module_addr in setting page attributes
>
> Paolo Pisati (3):
> UBUNTU: [Config] armhf: JUMP_LABEL=y
> UBUNTU: [Config] armhf: ARM_KERNMEM_PERMS=y && DEBUG_RODATA=y
> UBUNTU: [Config] armhf: ARM_PTDUMP=y
>
> arch/arm/mm/pageattr.c | 5 ++++-
> arch/arm64/mm/pageattr.c | 5 ++++-
> debian.master/config/amd64/config.common.amd64 | 1 -
> debian.master/config/annotations | 7 +++----
> debian.master/config/arm64/config.common.arm64 | 1 -
> debian.master/config/armhf/config.common.armhf | 1 -
> debian.master/config/config.common.ubuntu | 5 +++--
> debian.master/config/i386/config.common.i386 | 1 -
> debian.master/config/powerpc/config.common.powerpc | 1 -
> debian.master/config/ppc64el/config.common.ppc64el | 1 -
> kernel/module.c | 2 ++
> 11 files changed, 16 insertions(+), 14 deletions(-)
>
> --
> 2.1.4
>
>
More information about the kernel-team
mailing list