This is a note to let you know that I've just added the patch titled arm64: Mark __stack_chk_guard as __ro_after_init to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: arm64-mark-__stack_chk_guard-as-__ro_after_init.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit f9566caa50a9eb0a6dd2bef7597b706eb21d1649 Author: Dan Li <ashimida@xxxxxxxxxxxxxxxxx> Date: Tue Sep 14 17:44:02 2021 +0800 arm64: Mark __stack_chk_guard as __ro_after_init [ Upstream commit 9fcb2e93f41c07a400885325e7dbdfceba6efaec ] __stack_chk_guard is setup once while init stage and never changed after that. Although the modification of this variable at runtime will usually cause the kernel to crash (so does the attacker), it should be marked as __ro_after_init, and it should not affect performance if it is placed in the ro_after_init section. Signed-off-by: Dan Li <ashimida@xxxxxxxxxxxxxxxxx> Acked-by: Mark Rutland <mark.rutland@xxxxxxx> Link: https://lore.kernel.org/r/1631612642-102881-1-git-send-email-ashimida@xxxxxxxxxxxxxxxxx Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index ed919f633ed8..4999caff3281 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -60,7 +60,7 @@ #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include <linux/stackprotector.h> -unsigned long __stack_chk_guard __read_mostly; +unsigned long __stack_chk_guard __ro_after_init; EXPORT_SYMBOL(__stack_chk_guard); #endif