Re: [PATCH v2 3/3] module: Make .static_call_sites read-only after init
From: Christophe Leroy
Date: Thu Mar 06 2025 - 12:50:13 EST
Le 06/03/2025 à 14:13, Petr Pavlu a écrit :
Section .static_call_sites holds data structures that need to be sorted and
processed only at module load time. This initial processing happens in
static_call_add_module(), which is invoked as a callback to the
MODULE_STATE_COMING notification from prepare_coming_module().
The section is never modified afterwards. Make it therefore read-only after
module initialization to avoid any (non-)accidental modifications.
Maybe this suggestion is stupid, I didn't investigate the feasability
but: why don't we group everything that is ro_after_init in a single
section just like we do in vmlinux ? That would avoid having to add
every new possible section in the C code.
Like we have in asm-generic/vmlinux.lds.h:
#define RO_AFTER_INIT_DATA \
. = ALIGN(8); \
__start_ro_after_init = .; \
*(.data..ro_after_init) \
JUMP_TABLE_DATA \
STATIC_CALL_DATA \
__end_ro_after_init = .;
Signed-off-by: Petr Pavlu <petr.pavlu@xxxxxxxx>
---
kernel/module/strict_rwx.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c
index fa701dad4ed1..a3fc8d603750 100644
--- a/kernel/module/strict_rwx.c
+++ b/kernel/module/strict_rwx.c
@@ -120,6 +120,15 @@ static const char *const ro_after_init[] = {
* section, which are marked as such at module load time.
*/
"__jump_table",
+
+#ifdef CONFIG_HAVE_STATIC_CALL_INLINE
+ /*
+ * Section .static_call_sites holds data structures that need to be
+ * sorted and processed at module load time but are never modified
+ * afterwards.
+ */
+ ".static_call_sites",
+#endif
};
void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs,