[PATCH 1/3] module: Use set_memory_rox()

Christophe Leroy <christophe.leroy@xxxxxxxxxx> · Thu, 21 Dec 2023 08:24:23 +0100

A couple of architectures seem concerned about calling set_memory_ro()
and set_memory_x() too frequently and have implemented a version of
set_memory_rox(), see commit 60463628c9e0 ("x86/mm: Implement native
set_memory_rox()") and commit 22e99fa56443 ("s390/mm: implement
set_memory_rox()")

Use set_memory_rox() in modules when STRICT_MODULES_RWX is set.

Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx>
---
 kernel/module/internal.h   |  2 +-
 kernel/module/main.c       |  2 +-
 kernel/module/strict_rwx.c | 12 +++++++-----
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/kernel/module/internal.h b/kernel/module/internal.h
index c8b7b4dcf782..a647ab17193d 100644
--- a/kernel/module/internal.h
+++ b/kernel/module/internal.h
@@ -324,7 +324,7 @@ static inline struct module *mod_find(unsigned long addr, struct mod_tree_root *
 
 void module_enable_ro(const struct module *mod, bool after_init);
 void module_enable_nx(const struct module *mod);
-void module_enable_x(const struct module *mod);
+void module_enable_rox(const struct module *mod);
 int module_enforce_rwx_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
 				char *secstrings, struct module *mod);
 
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 98fedfdb8db5..1c8f328ca015 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2735,7 +2735,7 @@ static int complete_formation(struct module *mod, struct load_info *info)
 
 	module_enable_ro(mod, false);
 	module_enable_nx(mod);
-	module_enable_x(mod);
+	module_enable_rox(mod);
 
 	/*
 	 * Mark state as coming so strong_try_module_get() ignores us,
diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c
index a2b656b4e3d2..9345b09f28a5 100644
--- a/kernel/module/strict_rwx.c
+++ b/kernel/module/strict_rwx.c
@@ -26,10 +26,14 @@ static void module_set_memory(const struct module *mod, enum mod_mem_type type,
  * CONFIG_STRICT_MODULE_RWX because they are needed regardless of whether we
  * are strict.
  */
-void module_enable_x(const struct module *mod)
+void module_enable_rox(const struct module *mod)
 {
-	for_class_mod_mem_type(type, text)
-		module_set_memory(mod, type, set_memory_x);
+	for_class_mod_mem_type(type, text) {
+		if (IS_ENABLED(CONFIG_STRICT_MODULE_RWX))
+			module_set_memory(mod, type, set_memory_rox);
+		else
+			module_set_memory(mod, type, set_memory_x);
+	}
 }
 
 void module_enable_ro(const struct module *mod, bool after_init)
@@ -41,8 +45,6 @@ void module_enable_ro(const struct module *mod, bool after_init)
 		return;
 #endif
 
-	module_set_memory(mod, MOD_TEXT, set_memory_ro);
-	module_set_memory(mod, MOD_INIT_TEXT, set_memory_ro);
 	module_set_memory(mod, MOD_RODATA, set_memory_ro);
 	module_set_memory(mod, MOD_INIT_RODATA, set_memory_ro);
 
-- 
2.41.0








