Section .static_call_sites holds data structures that need to be sorted and processed only at module load time. The section is never modified afterwards. Make it therefore read-only after module initialization to avoid any (non-)accidental modifications. Petr Pavlu (3): module: Constify parameters of module_enforce_rwx_sections() module: Add a separate function to mark sections as read-only after init module: Make .static_call_sites read-only after init kernel/module/internal.h | 7 ++++-- kernel/module/main.c | 18 +++------------ kernel/module/strict_rwx.c | 47 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 53 insertions(+), 19 deletions(-) base-commit: 4bbf9020becbfd8fc2c3da790855b7042fad455b -- 2.43.0