On Sat Nov 9, 2024 at 11:35 AM CET, Christophe Leroy wrote: > To be on the safe side, try to set ro_after_init data section readonly > at the same time as rodata. If it fails it will likely fail again > later so let's cancel module loading while we still can do it. > If it doesn't fail, put it back to read-only, continue module loading I think you mean put it back to rw? > and cross fingers so that it still works after module init. Then it > should in principle never fail so add a WARN_ON_ONCE() to get a big > fat warning in case it happens anyway. I agree this is the best we can do. But I don't think there's any guarantee that we won't fail on the second try? > > Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx> > --- > kernel/module/main.c | 2 +- > kernel/module/strict_rwx.c | 5 ++++- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/kernel/module/main.c b/kernel/module/main.c > index 1bf4b0db291b..b603c9647e73 100644 > --- a/kernel/module/main.c > +++ b/kernel/module/main.c > @@ -2582,7 +2582,7 @@ static noinline int do_init_module(struct module *mod) > rcu_assign_pointer(mod->kallsyms, &mod->core_kallsyms); > #endif > ret = module_enable_rodata_ro_after_init(mod); > - if (ret) > + if (WARN_ON_ONCE(ret)) > pr_warn("%s: %s() returned %d, ro_after_init data might still be writable\n", > mod->name, __func__, ret); > > diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c > index f68c59974ae2..329afd43f06b 100644 > --- a/kernel/module/strict_rwx.c > +++ b/kernel/module/strict_rwx.c > @@ -58,7 +58,10 @@ int module_enable_rodata_ro(const struct module *mod) > if (ret) > return ret; > > - return 0; > + ret = module_set_memory(mod, MOD_RO_AFTER_INIT, set_memory_ro); > + if (ret) > + return ret; > + return module_set_memory(mod, MOD_RO_AFTER_INIT, set_memory_rw); > } > > int module_enable_rodata_ro_after_init(const struct module *mod)