Re: [PATCH 14/29] vmlinux.lds.h: Allow EXCEPTION_TABLE to live in RO_DATA
From: Kees Cook
Date: Thu Oct 10 2019 - 12:47:29 EST
On Thu, Oct 10, 2019 at 05:25:16PM +0200, Borislav Petkov wrote:
> On Thu, Sep 26, 2019 at 10:55:47AM -0700, Kees Cook wrote:
> > Many architectures have an EXCEPTION_TABLE that needs only to be
> > read-only. As such, it should live in RO_DATA. This creates a macro to
> > identify this case for the architectures that can move EXCEPTION_TABLE
> > into RO_DATA.
> >
> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> > ---
> > include/asm-generic/vmlinux.lds.h | 12 ++++++++++++
> > 1 file changed, 12 insertions(+)
> >
> > diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
> > index d57a28786bb8..35a6cba39d9f 100644
> > --- a/include/asm-generic/vmlinux.lds.h
> > +++ b/include/asm-generic/vmlinux.lds.h
> > @@ -69,6 +69,17 @@
> > #define NOTES_HEADERS_RESTORE
> > #endif
> >
> > +/*
> > + * Some architectures have non-executable read-only exception tables.
> > + * They can be added to the RO_DATA segment by specifying their desired
> > + * alignment.
> > + */
> > +#ifdef RO_DATA_EXCEPTION_TABLE_ALIGN
> > +#define RO_DATA_EXCEPTION_TABLE EXCEPTION_TABLE(RO_DATA_EXCEPTION_TABLE_ALIGN)
> > +#else
> > +#define RO_DATA_EXCEPTION_TABLE
> > +#endif
> > +
> > /* Align . to a 8 byte boundary equals to maximum function alignment. */
> > #define ALIGN_FUNCTION() . = ALIGN(8)
> >
> > @@ -508,6 +519,7 @@
> > __stop___modver = .; \
> > } \
> > \
> > + RO_DATA_EXCEPTION_TABLE \
> > NOTES \
> > \
> > . = ALIGN((align)); \
> > --
>
> I think you can drop the "DATA" from the names as it is kinda clear
> where the exception table lands:
>
> RO_EXCEPTION_TABLE_ALIGN
> RO_EXCEPTION_TABLE
>
> The "read-only" part is the important one.
Excellent point; I was not loving the how long the name was either. :)
--
Kees Cook