Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Sep 2017 10:09:04 -0700
From: Kees Cook <keescook@...omium.org>
To: Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc: "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Arnd Bergmann <arnd@...db.de>, 
	Nicolas Pitre <nico@...aro.org>, Russell King <linux@...linux.org.uk>, 
	Thomas Garnier <thgarnie@...gle.com>, Marc Zyngier <marc.zyngier@....com>, 
	Mark Rutland <mark.rutland@....com>, Tony Lindgren <tony@...mide.com>, 
	Matt Fleming <matt@...eblueprint.co.uk>, Dave Martin <dave.martin@....com>
Subject: Re: [PATCH v2 02/29] asm-generic: add .data.rel.ro sections to __ro_after_init

On Sun, Sep 3, 2017 at 5:07 AM, Ard Biesheuvel
<ard.biesheuvel@...aro.org> wrote:
> When running in PIC mode, the compiler will emit const structures
> containing runtime relocatable quantities into .data.rel.ro.* sections,
> so that the linker can be smart about placing them together in a segment
> that is read-write initially, and is remapped read-only afterwards. This
> is exactly what __ro_after_init aims to provide, so move these sections
> together.
>
> Acked-by: Arnd Bergmann <arnd@...db.de>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>

Acked-by: Kees Cook <keescook@...omium.org>

-Kees

> ---
>  include/asm-generic/vmlinux.lds.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
> index da0be9a8d1de..d16537b0b102 100644
> --- a/include/asm-generic/vmlinux.lds.h
> +++ b/include/asm-generic/vmlinux.lds.h
> @@ -261,7 +261,7 @@
>  #ifndef RO_AFTER_INIT_DATA
>  #define RO_AFTER_INIT_DATA                                             \
>         VMLINUX_SYMBOL(__start_ro_after_init) = .;                      \
> -       *(.data..ro_after_init)                                         \
> +       *(.data..ro_after_init .data.rel.ro.*)                          \
>         VMLINUX_SYMBOL(__end_ro_after_init) = .;
>  #endif
>
> --
> 2.11.0
>



-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.