[PATCH 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index

[PATCH 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 0d86fc8e88d5..18a732597112 100644

[PATCH 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: just replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +-

[PATCH 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index

[PATCH 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, this moves the table into the RO_DATA segment via a new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S

[PATCH 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file changed, 6

[PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

This series works to move the linker sections for NOTES and EXCEPTION_TABLE into the RO_DATA area, where they belong on most (all?) architectures. The problem being addressed was the discovery by Rick Edgecombe that the exception table was accidentally marked executable while he was developing his

[PATCH 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

This finishes renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +-

[PATCH 07/29] x86: Restore "text" Program Header with dummy section

Instead of depending on markings in the section following NOTES to restore the associated Program Header, use a dummy section, as done in other architectures. This is preparation for moving NOTES into the RO_DATA macro. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file

[PATCH 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, it can live in the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 --

[PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/arm64/kernel/vmlinux.lds.S | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index

[PATCH 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, the Program Header assignment restoration needs to be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3 +--

[PATCH 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c1..7341964722ae

[PATCH 29/29] x86: Use INT3 instead of NOP for linker fill bytes

Instead of using 0x90 (NOP) to fill bytes between functions, which makes it easier to sloppily target functions in function pointer overwrite attacks, fill with 0xCC (INT3) to force a trap. Also drops the space between "=" and the value to better match the binutils documentation

[PATCH 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..72303827bcb4

[PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that needs only to be read-only. As such, it should live in RO_DATA. This creates a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 12

[PATCH 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, this provides a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S|

[PATCH 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..9a09aab63ab3

[PATCH 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index

[PATCH 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook ---

[PATCH 26/29] x86/mm: Remove redundant on addresses

The on addresses are redundant and are better removed to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index

[PATCH 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed, 4 insertions(+), 4

[PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem

The resource reservations in made for the kernel image did not reflect the gaps between text, rodata, and data. This adds the rodata resource and updates the start/end calculations to match the respective calls to free_kernel_image_pages(). Before (booted with "nokaslr" for easier comparison):

[PATCH 27/29] x86/mm: Report which part of kernel image is freed

The memory freeing report wasn't very useful for figuring out which parts of the kernel image were being freed. This adds the details for clearer reporting. Before: [2.150450] Freeing unused kernel image memory: 1348K [2.154574] Write protecting the kernel read-only data: 20480k [

[PATCH 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

This renames RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +-

[PATCH 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe0..aba90398b774

[PATCH 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed, 7 insertions(+), 7

[PATCH 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, this moves RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-- 1 file changed, 2

[PATCH 02/29] powerpc: Remove PT_NOTE workaround

The kernel requires gcc 4.6 now, so this PT_NOTE workaround can be removed in preparation for moving NOTES into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Thu, Sep 26, 2019 at 11:05:59AM +0200, Peter Zijlstra wrote: > On Wed, Sep 25, 2019 at 11:45:26PM +0200, Peter Zijlstra wrote: > > [7.149889] [Firmware Bug]: device: 'pci:7f': no node assigned on > > NUMA capable HW > > [7.882888] [Firmware Bug]: device: 'pci:ff': no node

Re: [PATCH v6] numa: make node_to_cpumask_map() NUMA_NO_NODE aware

On Wed, Sep 25, 2019 at 11:45:26PM +0200, Peter Zijlstra wrote: > [7.149889] [Firmware Bug]: device: 'pci:7f': no node assigned on NUMA > capable HW > [7.882888] [Firmware Bug]: device: 'pci:ff': no node assigned on NUMA > capable HW Going by the limited number of intel numa