Re: Adding module support for __ro_after_init

From: Rusty Russell
Date: Sun Jun 05 2016 - 01:09:56 EST

Next message: Tom Yan: "Re: [PATCH] sd: remove redundant check for BLK_DEF_MAX_SECTORS"
Previous message: concernedfossdev: "Article on GRSecurity, RMS, etc."
In reply to: Kees Cook: "Adding module support for __ro_after_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kees Cook <keescook@xxxxxxxxxx> writes:
> Hi Rusty,
>
> I'd love to get your thoughts on the best way to support
> __ro_after_init markings for modules. Are the r/o markings done after
> module __init runs? If so, this should make things easy, and then we
> just need to move .data..ro_after_init into .rodata at link time. If
> not, then we'd need to explicitly make this section read-only after
> _init.

As you might expect, the sections are made read-only before anything
runs. We'll need to do the latter, which means it needs to be
page-aligned. (Well we could put it in the same page as .rodata, and
just not protect that fully until after init).

Jessica might have more thoughts...
Rusty.

Next message: Tom Yan: "Re: [PATCH] sd: remove redundant check for BLK_DEF_MAX_SECTORS"
Previous message: concernedfossdev: "Article on GRSecurity, RMS, etc."
In reply to: Kees Cook: "Adding module support for __ro_after_init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]