Commit 6ee3cf6a authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Catalin Marinas

arm64: lds: move special code sections out of kernel exec segment

There are a few code sections that are emitted into the kernel's
executable .text segment simply because they contain code, but are
actually never executed via this mapping, so they can happily live in a
region that gets mapped without executable permissions, reducing the
risk of being gadgetized.

Note that the kexec and hibernate region contents are always copied into
a fresh page, and so there is no need to align them as long as the
overall size of each is below 4 KiB.
Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/20220429131347.3621090-2-ardb@kernel.orgSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
parent bc5dfb4f
...@@ -93,7 +93,6 @@ jiffies = jiffies_64; ...@@ -93,7 +93,6 @@ jiffies = jiffies_64;
#ifdef CONFIG_HIBERNATION #ifdef CONFIG_HIBERNATION
#define HIBERNATE_TEXT \ #define HIBERNATE_TEXT \
. = ALIGN(SZ_4K); \
__hibernate_exit_text_start = .; \ __hibernate_exit_text_start = .; \
*(.hibernate_exit.text) \ *(.hibernate_exit.text) \
__hibernate_exit_text_end = .; __hibernate_exit_text_end = .;
...@@ -103,7 +102,6 @@ jiffies = jiffies_64; ...@@ -103,7 +102,6 @@ jiffies = jiffies_64;
#ifdef CONFIG_KEXEC_CORE #ifdef CONFIG_KEXEC_CORE
#define KEXEC_TEXT \ #define KEXEC_TEXT \
. = ALIGN(SZ_4K); \
__relocate_new_kernel_start = .; \ __relocate_new_kernel_start = .; \
*(.kexec_relocate.text) \ *(.kexec_relocate.text) \
__relocate_new_kernel_end = .; __relocate_new_kernel_end = .;
...@@ -170,9 +168,6 @@ SECTIONS ...@@ -170,9 +168,6 @@ SECTIONS
KPROBES_TEXT KPROBES_TEXT
HYPERVISOR_TEXT HYPERVISOR_TEXT
IDMAP_TEXT IDMAP_TEXT
HIBERNATE_TEXT
KEXEC_TEXT
TRAMP_TEXT
*(.gnu.warning) *(.gnu.warning)
. = ALIGN(16); . = ALIGN(16);
*(.got) /* Global offset table */ *(.got) /* Global offset table */
...@@ -194,6 +189,14 @@ SECTIONS ...@@ -194,6 +189,14 @@ SECTIONS
HYPERVISOR_DATA_SECTIONS HYPERVISOR_DATA_SECTIONS
/* code sections that are never executed via the kernel mapping */
.rodata.text : {
TRAMP_TEXT
HIBERNATE_TEXT
KEXEC_TEXT
. = ALIGN(PAGE_SIZE);
}
idmap_pg_dir = .; idmap_pg_dir = .;
. += IDMAP_DIR_SIZE; . += IDMAP_DIR_SIZE;
idmap_pg_end = .; idmap_pg_end = .;
...@@ -337,8 +340,8 @@ ASSERT(__hyp_idmap_text_end - __hyp_idmap_text_start <= PAGE_SIZE, ...@@ -337,8 +340,8 @@ ASSERT(__hyp_idmap_text_end - __hyp_idmap_text_start <= PAGE_SIZE,
ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K, ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K,
"ID map text too big or misaligned") "ID map text too big or misaligned")
#ifdef CONFIG_HIBERNATION #ifdef CONFIG_HIBERNATION
ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) ASSERT(__hibernate_exit_text_end - __hibernate_exit_text_start <= SZ_4K,
<= SZ_4K, "Hibernate exit text too big or misaligned") "Hibernate exit text is bigger than 4 KiB")
#endif #endif
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) <= 3*PAGE_SIZE, ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) <= 3*PAGE_SIZE,
...@@ -362,7 +365,7 @@ ASSERT(swapper_pg_dir - tramp_pg_dir == TRAMP_SWAPPER_OFFSET, ...@@ -362,7 +365,7 @@ ASSERT(swapper_pg_dir - tramp_pg_dir == TRAMP_SWAPPER_OFFSET,
#ifdef CONFIG_KEXEC_CORE #ifdef CONFIG_KEXEC_CORE
/* kexec relocation code should fit into one KEXEC_CONTROL_PAGE_SIZE */ /* kexec relocation code should fit into one KEXEC_CONTROL_PAGE_SIZE */
ASSERT(__relocate_new_kernel_end - (__relocate_new_kernel_start & ~(SZ_4K - 1)) ASSERT(__relocate_new_kernel_end - __relocate_new_kernel_start <= SZ_4K,
<= SZ_4K, "kexec relocation code is too big or misaligned") "kexec relocation code is bigger than 4 KiB")
ASSERT(KEXEC_CONTROL_PAGE_SIZE >= SZ_4K, "KEXEC_CONTROL_PAGE_SIZE is broken") ASSERT(KEXEC_CONTROL_PAGE_SIZE >= SZ_4K, "KEXEC_CONTROL_PAGE_SIZE is broken")
#endif #endif
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment