module: extend 'rodata=off' boot cmdline parameter to module mappings

The current "rodata=off" parameter disables read-only kernel mappings under CONFIG_DEBUG_RODATA: commit d2aa1acad22f ("mm/init: Add 'rodata=off' boot cmdline parameter to disable read-only kernel mappings") This patch is a logical extension to module mappings ie. read-only mappings at module loading can be disabled even if CONFIG_DEBUG_SET_MODULE_RONX (mainly for debug use). Please note, however, that it only affects RO/RW permissions, keeping NX set. This is the first step to make CONFIG_DEBUG_SET_MODULE_RONX mandatory (always-on) in the future as CONFIG_DEBUG_RODATA on x86 and arm64. Suggested-by: and Acked-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Link: http://lkml.kernel.org/r/20161114061505.15238-1-takahiro.akashi@linaro.org Signed-off-by: Jessica Yu <jeyu@redhat.com>
author: AKASHI Takahiro <takahiro.akashi@linaro.org> 2016-11-14 01:15:05 -0500
committer: Jessica Yu <jeyu@redhat.com> 2016-11-27 19:15:33 -0500
commit: 39290b389ea2654f9190e3b48c57d27b24def83e (patch)
tree: c56b3f6505001d9c4bf25d5588e79e79f2db0ea8 /kernel/module.c
parent: 71d9f5079358c148e71eba930e436a7a0cb35d95 (diff)
1 files changed, 17 insertions, 3 deletions
diff --git a/kernel/module.c b/kernel/module.c
index 6281c70683d3..039ce82803f7 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1902,6 +1902,9 @@ static void frob_writable_data(const struct module_layout *layout,
 /* livepatching wants to disable read-only so it can frob module. */
 void module_disable_ro(const struct module *mod)
 {
+        if (!rodata_enabled)
+                return;
        frob_text(&mod->core_layout, set_memory_rw);
        frob_rodata(&mod->core_layout, set_memory_rw);
        frob_ro_after_init(&mod->core_layout, set_memory_rw);
@@ -1911,6 +1914,9 @@ void module_disable_ro(const struct module *mod)
 void module_enable_ro(const struct module *mod, bool after_init)
 {
+        if (!rodata_enabled)
+                return;
        frob_text(&mod->core_layout, set_memory_ro);
        frob_rodata(&mod->core_layout, set_memory_ro);
        frob_text(&mod->init_layout, set_memory_ro);
@@ -1943,6 +1949,9 @@ void set_all_modules_text_rw(void)
 {
        struct module *mod;
+        if (!rodata_enabled)
+                return;
        mutex_lock(&module_mutex);
        list_for_each_entry_rcu(mod, &modules, list) {
                if (mod->state == MODULE_STATE_UNFORMED)
@@ -1959,6 +1968,9 @@ void set_all_modules_text_ro(void)
 {
        struct module *mod;
+        if (!rodata_enabled)
+                return;
        mutex_lock(&module_mutex);
        list_for_each_entry_rcu(mod, &modules, list) {
                /*
@@ -1978,10 +1990,12 @@ void set_all_modules_text_ro(void)
 static void disable_ro_nx(const struct module_layout *layout)
 {
-        frob_text(layout, set_memory_rw);
+        if (rodata_enabled) {
-        frob_rodata(layout, set_memory_rw);
+                frob_text(layout, set_memory_rw);
+                frob_rodata(layout, set_memory_rw);
+                frob_ro_after_init(layout, set_memory_rw);
+        }
        frob_rodata(layout, set_memory_x);
-        frob_ro_after_init(layout, set_memory_rw);
        frob_ro_after_init(layout, set_memory_x);
        frob_writable_data(layout, set_memory_x);
 }
author	AKASHI Takahiro <takahiro.akashi@linaro.org>	2016-11-14 01:15:05 -0500
committer	Jessica Yu <jeyu@redhat.com>	2016-11-27 19:15:33 -0500
commit	39290b389ea2654f9190e3b48c57d27b24def83e (patch)
tree	c56b3f6505001d9c4bf25d5588e79e79f2db0ea8 /kernel/module.c
parent	71d9f5079358c148e71eba930e436a7a0cb35d95 (diff)