Re: [RFC PATCH 1/6] kvm: arm64: Set up .hyp.rodata ELF section

From: Ard Biesheuvel
Date: Tue Nov 24 2020 - 08:36:23 EST


On Thu, 19 Nov 2020 at 17:25, David Brazdil <dbrazdil@xxxxxxxxxx> wrote:
>
> We will need to recognize pointers in .rodata specific to hyp,

Why?

> so
> establish a .hyp.rodata ELF section. Merge it with the existing
> .hyp.data..ro_after_init as they are treated the same at runtime.
>

Does this mean HYP .text, .rodata etc are all writable some time after
the kernel .text/.rodata have been mapped read-only? That is not a
problem per se, but it deserves being called out.


> Signed-off-by: David Brazdil <dbrazdil@xxxxxxxxxx>
> ---
> arch/arm64/include/asm/sections.h | 2 +-
> arch/arm64/kernel/vmlinux.lds.S | 7 ++++---
> arch/arm64/kvm/arm.c | 7 +++----
> arch/arm64/kvm/hyp/nvhe/hyp.lds.S | 1 +
> 4 files changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/arch/arm64/include/asm/sections.h b/arch/arm64/include/asm/sections.h
> index 8ff579361731..a6f3557d1ab2 100644
> --- a/arch/arm64/include/asm/sections.h
> +++ b/arch/arm64/include/asm/sections.h
> @@ -11,7 +11,7 @@ extern char __alt_instructions[], __alt_instructions_end[];
> extern char __hibernate_exit_text_start[], __hibernate_exit_text_end[];
> extern char __hyp_idmap_text_start[], __hyp_idmap_text_end[];
> extern char __hyp_text_start[], __hyp_text_end[];
> -extern char __hyp_data_ro_after_init_start[], __hyp_data_ro_after_init_end[];
> +extern char __hyp_rodata_start[], __hyp_rodata_end[];
> extern char __idmap_text_start[], __idmap_text_end[];
> extern char __initdata_begin[], __initdata_end[];
> extern char __inittext_begin[], __inittext_end[];
> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
> index 4382b5d0645d..6f2fd9734d63 100644
> --- a/arch/arm64/kernel/vmlinux.lds.S
> +++ b/arch/arm64/kernel/vmlinux.lds.S
> @@ -31,10 +31,11 @@ jiffies = jiffies_64;
> __stop___kvm_ex_table = .;
>
> #define HYPERVISOR_DATA_SECTIONS \
> - HYP_SECTION_NAME(.data..ro_after_init) : { \
> - __hyp_data_ro_after_init_start = .; \
> + HYP_SECTION_NAME(.rodata) : { \
> + __hyp_rodata_start = .; \
> *(HYP_SECTION_NAME(.data..ro_after_init)) \
> - __hyp_data_ro_after_init_end = .; \
> + *(HYP_SECTION_NAME(.rodata)) \
> + __hyp_rodata_end = .; \
> }
>
> #define HYPERVISOR_PERCPU_SECTION \
> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> index d6d5211653b7..119c97e8900a 100644
> --- a/arch/arm64/kvm/arm.c
> +++ b/arch/arm64/kvm/arm.c
> @@ -1688,11 +1688,10 @@ static int init_hyp_mode(void)
> goto out_err;
> }
>
> - err = create_hyp_mappings(kvm_ksym_ref(__hyp_data_ro_after_init_start),
> - kvm_ksym_ref(__hyp_data_ro_after_init_end),
> - PAGE_HYP_RO);
> + err = create_hyp_mappings(kvm_ksym_ref(__hyp_rodata_start),
> + kvm_ksym_ref(__hyp_rodata_end), PAGE_HYP_RO);
> if (err) {
> - kvm_err("Cannot map .hyp.data..ro_after_init section\n");
> + kvm_err("Cannot map .hyp.rodata section\n");
> goto out_err;
> }
>
> diff --git a/arch/arm64/kvm/hyp/nvhe/hyp.lds.S b/arch/arm64/kvm/hyp/nvhe/hyp.lds.S
> index 5d76ff2ba63e..b0789183d49d 100644
> --- a/arch/arm64/kvm/hyp/nvhe/hyp.lds.S
> +++ b/arch/arm64/kvm/hyp/nvhe/hyp.lds.S
> @@ -17,4 +17,5 @@ SECTIONS {
> PERCPU_INPUT(L1_CACHE_BYTES)
> }
> HYP_SECTION(.data..ro_after_init)
> + HYP_SECTION(.rodata)
> }
> --
> 2.29.2.299.gdc1121823c-goog
>