[PATCH 3/4] module: Use a list of strings for ro_after_init sections

Kees Cook <keescook@xxxxxxxxxxxx> · Wed, 1 Sep 2021 16:37:56 -0700

Instead of open-coding the section names, use a list for the sections that
need to be marked read-only after init. Unfortunately, it seems we can't
do normal section merging with scripts/module.lds.S as ld.bfd doesn't
correctly update symbol tables. For more details, see commit 6a3193cdd5e5
("kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG
is enabled").

Cc: Arnd Bergmann <arnd@xxxxxxxx>
Cc: Jessica Yu <jeyu@xxxxxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Cc: linux-arch@xxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
 include/asm-generic/vmlinux.lds.h |  4 +++-
 kernel/module.c                   | 28 ++++++++++++++++------------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 4781a8154254..d532baadaeae 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -418,7 +418,9 @@
 
 /*
  * Allow architectures to handle ro_after_init data on their
- * own by defining an empty RO_AFTER_INIT_DATA.
+ * own by defining an empty RO_AFTER_INIT_DATA. Any sections
+ * added here must be explicitly marked SHF_RO_AFTER_INIT
+ * via module_sections_ro_after_init[] in kernel/module.c.
  */
 #ifndef RO_AFTER_INIT_DATA
 #define RO_AFTER_INIT_DATA						\
diff --git a/kernel/module.c b/kernel/module.c
index ed13917ea5f3..b0ff82cc48fe 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3514,10 +3514,21 @@ static bool blacklisted(const char *module_name)
 }
 core_param(module_blacklist, module_blacklist, charp, 0400);
 
+/*
+ * List of sections to be marked read-only after init. This should match
+ * the RO_AFTER_INIT_DATA macro in include/asm-generic/vmlinux.lds.h.
+ */
+static const char * const module_sections_ro_after_init[] = {
+	".data..ro_after_init",
+	"__jump_table",
+	NULL
+};
+
 static struct module *layout_and_allocate(struct load_info *info, int flags)
 {
 	struct module *mod;
 	unsigned int ndx;
+	const char * const *section;
 	int err;
 
 	err = check_modinfo(info->mod, info, flags);
@@ -3543,18 +3554,11 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
 	 * layout_sections() can put it in the right place.
 	 * Note: ro_after_init sections also have SHF_{WRITE,ALLOC} set.
 	 */
-	ndx = find_sec(info, ".data..ro_after_init");
-	if (ndx)
-		info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT;
-	/*
-	 * Mark the __jump_table section as ro_after_init as well: these data
-	 * structures are never modified, with the exception of entries that
-	 * refer to code in the __init section, which are annotated as such
-	 * at module load time.
-	 */
-	ndx = find_sec(info, "__jump_table");
-	if (ndx)
-		info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT;
+	for (section = module_sections_ro_after_init; *section; section++) {
+		ndx = find_sec(info, *section);
+		if (ndx)
+			info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT;
+	}
 
 	/*
 	 * Determine total sizes, and put offsets in sh_entsize.  For now
-- 
2.30.2







