Re: [PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

On Tue, Oct 01, 2019 at 10:03:56AM +0100, Will Deacon wrote: > Hi Kees, > > On Thu, Sep 26, 2019 at 10:55:51AM -0700, Kees Cook wrote: > > The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. > > > > Signed-off-by: Kees Cook > > --- > &g

[PATCH 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, this moves the table into the RO_DATA segment via a new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S

[PATCH 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index b8efb08204a1

[PATCH 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: just replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/kernel

[PATCH 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 12b3d7d5e9e4

[PATCH 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 0d86fc8e88d5..18a732597112 100644

[PATCH 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

This finishes renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +-

[PATCH 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file c

[PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

changes are treewide, I'd love to get architecture-maintainer Acks and either have this live in x86 -tip or in my own tree, however people think it should go. Thanks! -Kees Kees Cook (29): powerpc: Rename "notes" PT_NOTE to "note" powerpc: Remove PT_NOTE workaround po

[PATCH 07/29] x86: Restore "text" Program Header with dummy section

Instead of depending on markings in the section following NOTES to restore the associated Program Header, use a dummy section, as done in other architectures. This is preparation for moving NOTES into the RO_DATA macro. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3 ++- 1 file

[PATCH 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c1..7341964722ae

[PATCH 29/29] x86: Use INT3 instead of NOP for linker fill bytes

810001ee: cc int3 810001ef: cc int3 810001f0 <__startup_64>: ... Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arc

[PATCH 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..72303827bcb4

[PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that needs only to be read-only. As such, it should live in RO_DATA. This creates a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 12

[PATCH 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, this provides a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S

[PATCH 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..9a09aab63ab3

[PATCH 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, the Program Header assignment restoration needs to be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3

[PATCH 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 4e7cec088c8b

[PATCH 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed

[PATCH 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, it can live in the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 -- arch/arm/kernel/vmlinux

[PATCH 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/arm64/kernel/vmlinux.lds.S | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 81d94e371c95

[PATCH 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook --- ar

[PATCH 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, this moves RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-

[PATCH 02/29] powerpc: Remove PT_NOTE workaround

The kernel requires gcc 4.6 now, so this PT_NOTE workaround can be removed in preparation for moving NOTES into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/powerpc

[PATCH 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

This renames RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +- arch/

[PATCH 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

The EXCEPTION_TABLE is read-only, so collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe0..aba90398b774

[PATCH 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, this renames the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH 28/29] x86/mm: Report actual image regions in /proc/iomem

0-035f : Kernel bss Signed-off-by: Kees Cook --- arch/x86/kernel/setup.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index bbe35bf879f5..0bc71ee3a9c3 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kern

[PATCH 27/29] x86/mm: Report which part of kernel image is freed

/rodata gap) memory: 2040K [2.336927] Freeing unused kernel image (rodata/data gap) memory: 172K Signed-off-by: Kees Cook --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 8 arch/x86/mm/init_64.c| 6 -- 3 files changed, 9 insertions(+), 7

[PATCH 26/29] x86/mm: Remove redundant on addresses

The on addresses are redundant and are better removed to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

I'm fine with that. I would prefer to do it as a separate step, just to minimize the logical steps each patch takes. Shall I spin a v3 with the Acks added and a final rename for this? -- Kees Cook

Re: [PATCH 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

On Thu, Oct 10, 2019 at 08:03:31PM +0200, Borislav Petkov wrote: > On Thu, Sep 26, 2019 at 10:55:33AM -0700, Kees Cook wrote: > > This series works to move the linker sections for NOTES and > > EXCEPTION_TABLE into the RO_DATA area, where they belong on most > > (all?) archi

[PATCH v2 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA

Many architectures have an EXCEPTION_TABLE that only needs to be readable. As such, it should live in RO_DATA. Create a macro to identify this case for the architectures that can move EXCEPTION_TABLE into RO_DATA. Signed-off-by: Kees Cook Acked-by: Will Deacon --- include/asm-generic

[PATCH v2 18/29] arm64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Also removes the redundant ALIGN, which is already present at the end of the RO_DATA macro. Signed-off-by: Kees Cook Acked-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 7 --- 1 file changed, 4 insertions(+), 3

[PATCH v2 29/29] x86: Use INT3 instead of NOP for linker fill bytes

810001ee: cc int3 810001ef: cc int3 810001f0 <__startup_64>: ... Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arc

[PATCH v2 27/29] x86/mm: Report which part of kernel image is freed

/rodata gap) memory: 2040K [2.336927] Freeing unused kernel image (rodata/data gap) memory: 172K Signed-off-by: Kees Cook --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 8 arch/x86/mm/init_64.c| 6 -- 3 files changed, 9 insertions(+), 7

[PATCH v2 25/29] xtensa: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/xtensa/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index bdbd7c4056c1

[PATCH v2 06/29] s390: Move RO_DATA into "text" PT_LOAD Program Header

In preparation for moving NOTES into RO_DATA, move RO_DATA back into the "text" PT_LOAD Program Header, as done with other architectures. The "data" PT_LOAD now starts with the writable data section. Signed-off-by: Kees Cook --- arch/s390/kernel/vmlinux.lds.S | 4 ++-

[PATCH v2 10/29] vmlinux.lds.h: Move NOTES into RO_DATA

The .notes section should be non-executable read-only data. As such, move it to the RO_DATA macro instead of being per-architecture defined. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 -- arch/arc/kernel/vmlinux.lds.S| 2 -- arch/arm/kernel/vmlinux-xip.lds.S

[PATCH v2 15/29] x86: Actually use _etext for end of text segment

Various calculations are using the end of the exception table (which does not need to be executable) as the end of the text segment. Instead, in preparation for moving the exception table into RO_DATA, move _etext after the exception table and update the calculations. Signed-off-by: Kees Cook

[PATCH v2 00/29] vmlinux.lds.h: Refactor EXCEPTION_TABLE and NOTES

lear - clean up some x86-specific reporting of kernel memory resources - switch x86 linker fill byte from x90 (NOP) to 0xcc (INT3), just because I finally realized what that trailing ": 0x9090" meant -- and we should trap, not slide, if execution lands in section padding Thanks! -K

[PATCH v2 09/29] vmlinux.lds.h: Move Program Header restoration into NOTES macro

In preparation for moving NOTES into RO_DATA, make the Program Header assignment restoration be part of the NOTES macro itself. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 5 + arch/ia64/kernel/vmlinux.lds.S| 4 +--- arch/mips/kernel/vmlinux.lds.S| 3

[PATCH v2 28/29] x86/mm: Report actual image regions in /proc/iomem

rnel data 02a95000-035f : Kernel bss Signed-off-by: Kees Cook --- arch/x86/kernel/setup.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 77ea96b794bd..591e885a852e 100644 --- a/arch/x86/kernel/setup.c +

[PATCH v2 08/29] vmlinux.lds.h: Provide EMIT_PT_NOTE to indicate export of .notes

In preparation for moving NOTES into RO_DATA, provide a mechanism for architectures that want to emit a PT_NOTE Program Header to do so. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 3 +++ arch/ia64/kernel/vmlinux.lds.S| 2 ++ arch/mips/kernel/vmlinux.lds.S| 12

[PATCH v2 03/29] powerpc: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 12 ++-- 1 file changed

[PATCH v2 11/29] vmlinux.lds.h: Replace RODATA with RO_DATA

There's no reason to keep the RODATA macro: replace the callers with the expected RO_DATA macro. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/ia64/kernel/vmlinux.lds.S | 2 +- arch/microblaze/kernel/vmlinux.lds.S | 2 +- arch/mips/kernel/vmlinux.lds.S

[PATCH v2 13/29] vmlinux.lds.h: Replace RW_DATA_SECTION with RW_DATA

Rename RW_DATA_SECTION to RW_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- arch/arc/kernel/vmlinux.lds.S| 2 +- arch/arm/kern

[PATCH v2 12/29] vmlinux.lds.h: Replace RO_DATA_SECTION with RO_DATA

Finish renaming RO_DATA_SECTION to RO_DATA. (Calling this a "section" is a lie, since it's multiple sections and section flags cannot be applied to the macro.) Signed-off-by: Kees Cook --- arch/arc/kernel/vmlinux.lds.S | 2 +- arch/c6x/kernel/vmlinux.lds.S | 2 +- arch/c

[PATCH v2 20/29] h8300: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/h8300/kernel/vmlinux.lds.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 2ac7bdcd2fe0

[PATCH v2 16/29] x86: Move EXCEPTION_TABLE to RO_DATA segment

The exception table was needlessly marked executable. In preparation for execute-only memory, move the table into the RO_DATA segment via the new macro that can be used by any architectures that want to make a similar consolidation. Signed-off-by: Kees Cook --- arch/x86/kernel/vmlinux.lds.S | 3

[PATCH v2 05/29] ia64: Rename PT_LOAD identifier "code" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "code" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 14 +++--- 1 file changed

[PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

The Program Header identifiers are internal to the linker scripts. In preparation for moving the NOTES segment declaration into RO_DATA, standardize the identifier for the PT_NOTE entry to "note" as used by all other architectures that emit PT_NOTE. Signed-off-by: Kees Cook --- ar

[PATCH v2 04/29] alpha: Rename PT_LOAD identifier "kernel" to "text"

In preparation for moving NOTES into RO_DATA, rename the linker script internal identifier for the PT_LOAD Program Header from "kernel" to "text" to match other architectures. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 8 1 file changed, 4 insert

[PATCH v2 02/29] powerpc: Remove PT_NOTE workaround

In preparation for moving NOTES into RO_DATA, remove the PT_NOTE workaround since the kernel requires at least gcc 4.6 now. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 24 ++-- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/powerpc

[PATCH v2 22/29] microblaze: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/microblaze/kernel/vmlinux.lds.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index

[PATCH v2 24/29] powerpc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/powerpc/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 4e7cec088c8b

[PATCH v2 19/29] c6x: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/c6x/kernel/vmlinux.lds.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/c6x/kernel/vmlinux.lds.S b/arch/c6x/kernel/vmlinux.lds.S index a3547f9d415b..ac99ba0864bf

[PATCH v2 17/29] alpha: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/alpha/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/alpha/kernel/vmlinux.lds.S b/arch/alpha/kernel/vmlinux.lds.S index edc45f45523b..bc6f727278fd

[PATCH v2 23/29] parisc: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/parisc/kernel/vmlinux.lds.S | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S index 12b3d7d5e9e4

[PATCH v2 26/29] x86/mm: Remove redundant on addresses

The on addresses are redundant. Remove them to match all the other similar functions. Signed-off-by: Kees Cook --- arch/x86/mm/init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 26299e9ce6da..e67ddca8b7a8

[PATCH v2 21/29] ia64: Move EXCEPTION_TABLE to RO_DATA segment

Since the EXCEPTION_TABLE is read-only, collapse it into RO_DATA. Signed-off-by: Kees Cook --- arch/ia64/kernel/vmlinux.lds.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 11d5115bc44d..1ec6b703c5b4

Re: [PATCH v2 01/29] powerpc: Rename "notes" PT_NOTE to "note"

On Fri, Oct 11, 2019 at 03:25:19AM -0500, Segher Boessenkool wrote: > On Thu, Oct 10, 2019 at 05:05:41PM -0700, Kees Cook wrote: > > The Program Header identifiers are internal to the linker scripts. In > > preparation for moving the NOTES segment declaration into RO_DATA,

Re: [PATCH v2 5/9] mm: Initialize struct vm_unmapped_area_info

On Sat, Mar 02, 2024 at 12:47:08AM +, Edgecombe, Rick P wrote: > On Wed, 2024-02-28 at 09:21 -0800, Kees Cook wrote: > > I totally understand. If the "uninitialized" warnings were actually > > reliable, I would agree. I look at it this way: > > > > -

Re: [PATCH v2 5/9] mm: Initialize struct vm_unmapped_area_info

one cleanup that is possible from explicitly zero-initializing the whole structure would be dropping all the individual "= 0" assignments. :) -- Kees Cook

Re: [PATCH v2 5/9] mm: Initialize struct vm_unmapped_area_info

as a whole. Yes, individual cases maybe bad ("what uid should this be? root?!") but from a general memory safety perspective the value doesn't become potentially influenced by order of operations, leftover stack memory, etc. I'd agree, lifting everything into a static initializer does seem cleanest of all the choices. -Kees -- Kees Cook

Re: [PATCH v3 08/12] treewide: Use initializer for struct vm_unmapped_area_info

; statements that simply set members to zero. > > Signed-off-by: Rick Edgecombe Thanks! This looks to do exactly what it describes. :) Reviewed-by: Kees Cook -- Kees Cook