linux/arch/arm/kernel/vmlinux.lds.S

353 lines
7.2 KiB
ArmAsm
Raw Normal View History

/* ld script to make ARM Linux kernel
* taken from the i386 version by Russell King
* Written by Martin Mares <mj@atrey.karlin.mff.cuni.cz>
*/
#ifdef CONFIG_XIP_KERNEL
#include "vmlinux-xip.lds.S"
#else
#include <asm-generic/vmlinux.lds.h>
#include <asm/cache.h>
#include <asm/thread_info.h>
#include <asm/memory.h>
#include <asm/page.h>
#include <asm/pgtable.h>
#define PROC_INFO \
. = ALIGN(4); \
VMLINUX_SYMBOL(__proc_info_begin) = .; \
*(.proc.info.init) \
VMLINUX_SYMBOL(__proc_info_end) = .;
#define HYPERVISOR_TEXT \
VMLINUX_SYMBOL(__hyp_text_start) = .; \
*(.hyp.text) \
VMLINUX_SYMBOL(__hyp_text_end) = .;
#define IDMAP_TEXT \
ALIGN_FUNCTION(); \
VMLINUX_SYMBOL(__idmap_text_start) = .; \
*(.idmap.text) \
VMLINUX_SYMBOL(__idmap_text_end) = .; \
. = ALIGN(PAGE_SIZE); \
VMLINUX_SYMBOL(__hyp_idmap_text_start) = .; \
*(.hyp.idmap.text) \
VMLINUX_SYMBOL(__hyp_idmap_text_end) = .;
#ifdef CONFIG_HOTPLUG_CPU
#define ARM_CPU_DISCARD(x)
#define ARM_CPU_KEEP(x) x
#else
#define ARM_CPU_DISCARD(x) x
#define ARM_CPU_KEEP(x)
#endif
ARM: 7017/1: Use generic BUG() handler ARM uses its own BUG() handler which makes its output slightly different from other archtectures. One of the problems is that the ARM implementation doesn't report the function with the BUG() in it, but always reports the PC being in __bug(). The generic implementation doesn't have this problem. Currently we get something like: kernel BUG at fs/proc/breakme.c:35! Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... PC is at __bug+0x20/0x2c With this patch it displays: kernel BUG at fs/proc/breakme.c:35! Internal error: Oops - undefined instruction: 0 [#1] PREEMPT SMP ... PC is at write_breakme+0xd0/0x1b4 This implementation uses an undefined instruction to implement BUG, and sets up a bug table containing the relevant information. Many versions of gcc do not support %c properly for ARM (inserting a # when they shouldn't) so we work around this using distasteful macro magic. v1: Initial version to replace existing ARM BUG() implementation with something more similar to other architectures. v2: Add Thumb support, remove backtrace whitespace output changes. Change to use macros instead of requiring the asm %d flag to work (thanks to Dave Martin <dave.martin@linaro.org>) v3: Remove old BUG() implementation in favor of this one. Remove the Backtrace: message (will submit this separately). Use ARM_EXIT_KEEP() so that some architectures can dump exit text at link time thanks to Stephen Boyd <sboyd@codeaurora.org> (although since we always define GENERIC_BUG this might be academic.) Rebase to linux-2.6.git master. v4: Allow BUGS in modules (these were not reported correctly in v3) (thanks to Stephen Boyd <sboyd@codeaurora.org> for suggesting that.) Remove __bug() as this is no longer needed. v5: Add %progbits as the section flags. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stephen Boyd <sboyd@codeaurora.org> Tested-by: Stephen Boyd <sboyd@codeaurora.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-08-17 06:44:26 +08:00
#if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
defined(CONFIG_GENERIC_BUG)
#define ARM_EXIT_KEEP(x) x
ARM: fix vmlinux.lds.S discarding sections We are seeing linker errors caused by sections being discarded, despite the linker script trying to keep them. The result is (eg): `.exit.text' referenced in section `.alt.smp.init' of drivers/built-in.o: defined in discarded section `.exit.text' of drivers/built-in.o `.exit.text' referenced in section `.alt.smp.init' of net/built-in.o: defined in discarded section `.exit.text' of net/built-in.o This is the relevent part of the linker script (reformatted to make it clearer): | SECTIONS | { | /* | * unwind exit sections must be discarded before the rest of the | * unwind sections get included. | */ | /DISCARD/ : { | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | } | ... | .exit.text : { | *(.exit.text) | *(.memexit.text) | } | ... | /DISCARD/ : { | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | } | } Now, this is what the linker manual says about discarded output sections: | The special output section name `/DISCARD/' may be used to discard | input sections. Any input sections which are assigned to an output | section named `/DISCARD/' are not included in the output file. No questions, no exceptions. It doesn't say "unless they are listed before the /DISCARD/ section." Now, this is what asn-generic/vmlinux.lds.S says: | /* | * Default discarded sections. | * | * Some archs want to discard exit text/data at runtime rather than | * link time due to cross-section references such as alt instructions, | * bug table, eh_frame, etc. DISCARDS must be the last of output | * section definitions so that such archs put those in earlier section | * definitions. | */ And guess what - the list _always_ includes .exit.text etc. Now, what's actually happening is that the linker is reading the script, and it finds the first /DISCARD/ output section at the beginning of the script. It continues reading the script, and finds the 'DISCARD' macro at the end, which having been postprocessed results in another /DISCARD/ output section. As the linker already contains the earlier /DISCARD/ output section, it adds it to that existing section, so it effectively is placed at the start. This can be seen by using the -M option to ld: | Linker script and memory map | | 0xc037c080 jiffies = jiffies_64 | | /DISCARD/ | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | | 0xc0008000 . = 0xc0008000 | | .head.text 0xc0008000 0x1d0 | 0xc0008000 _text = . | *(.head.text) | .head.text 0xc0008000 0x1d0 arch/arm/kernel/head.o | 0xc0008000 stext | | .text 0xc0008200 0x2d78d0 | 0xc0008200 _stext = . | 0xc0008200 __exception_text_start = . | *(.exception.text) | .exception.text | ... As you can see, all the discarded sections are grouped together - and as a result of it being the first output section, they all appear before any other section. The result is that not only is the unwind information discarded (as intended), but also the .exit.text, despite us wanting to have the .exit.text preserved. We can't move the unwind information elsewhere, because it'll then be included even when we do actually discard the .exit.text (and similar) sections. So, work around this by avoiding the generic DISCARDS macro, and instead conditionalize the sections to be discarded ourselves. This avoids the ambiguity in how the linker assigns input sections to output sections, making our script less dependent on undocumented linker behaviour. Reported-by: Rob Herring <robherring2@gmail.com> Tested-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-09-21 06:35:15 +08:00
#define ARM_EXIT_DISCARD(x)
#else
#define ARM_EXIT_KEEP(x)
ARM: fix vmlinux.lds.S discarding sections We are seeing linker errors caused by sections being discarded, despite the linker script trying to keep them. The result is (eg): `.exit.text' referenced in section `.alt.smp.init' of drivers/built-in.o: defined in discarded section `.exit.text' of drivers/built-in.o `.exit.text' referenced in section `.alt.smp.init' of net/built-in.o: defined in discarded section `.exit.text' of net/built-in.o This is the relevent part of the linker script (reformatted to make it clearer): | SECTIONS | { | /* | * unwind exit sections must be discarded before the rest of the | * unwind sections get included. | */ | /DISCARD/ : { | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | } | ... | .exit.text : { | *(.exit.text) | *(.memexit.text) | } | ... | /DISCARD/ : { | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | } | } Now, this is what the linker manual says about discarded output sections: | The special output section name `/DISCARD/' may be used to discard | input sections. Any input sections which are assigned to an output | section named `/DISCARD/' are not included in the output file. No questions, no exceptions. It doesn't say "unless they are listed before the /DISCARD/ section." Now, this is what asn-generic/vmlinux.lds.S says: | /* | * Default discarded sections. | * | * Some archs want to discard exit text/data at runtime rather than | * link time due to cross-section references such as alt instructions, | * bug table, eh_frame, etc. DISCARDS must be the last of output | * section definitions so that such archs put those in earlier section | * definitions. | */ And guess what - the list _always_ includes .exit.text etc. Now, what's actually happening is that the linker is reading the script, and it finds the first /DISCARD/ output section at the beginning of the script. It continues reading the script, and finds the 'DISCARD' macro at the end, which having been postprocessed results in another /DISCARD/ output section. As the linker already contains the earlier /DISCARD/ output section, it adds it to that existing section, so it effectively is placed at the start. This can be seen by using the -M option to ld: | Linker script and memory map | | 0xc037c080 jiffies = jiffies_64 | | /DISCARD/ | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | | 0xc0008000 . = 0xc0008000 | | .head.text 0xc0008000 0x1d0 | 0xc0008000 _text = . | *(.head.text) | .head.text 0xc0008000 0x1d0 arch/arm/kernel/head.o | 0xc0008000 stext | | .text 0xc0008200 0x2d78d0 | 0xc0008200 _stext = . | 0xc0008200 __exception_text_start = . | *(.exception.text) | .exception.text | ... As you can see, all the discarded sections are grouped together - and as a result of it being the first output section, they all appear before any other section. The result is that not only is the unwind information discarded (as intended), but also the .exit.text, despite us wanting to have the .exit.text preserved. We can't move the unwind information elsewhere, because it'll then be included even when we do actually discard the .exit.text (and similar) sections. So, work around this by avoiding the generic DISCARDS macro, and instead conditionalize the sections to be discarded ourselves. This avoids the ambiguity in how the linker assigns input sections to output sections, making our script less dependent on undocumented linker behaviour. Reported-by: Rob Herring <robherring2@gmail.com> Tested-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-09-21 06:35:15 +08:00
#define ARM_EXIT_DISCARD(x) x
#endif
OUTPUT_ARCH(arm)
ENTRY(stext)
#ifndef __ARMEB__
jiffies = jiffies_64;
#else
jiffies = jiffies_64 + 4;
#endif
SECTIONS
{
/*
ARM: fix vmlinux.lds.S discarding sections We are seeing linker errors caused by sections being discarded, despite the linker script trying to keep them. The result is (eg): `.exit.text' referenced in section `.alt.smp.init' of drivers/built-in.o: defined in discarded section `.exit.text' of drivers/built-in.o `.exit.text' referenced in section `.alt.smp.init' of net/built-in.o: defined in discarded section `.exit.text' of net/built-in.o This is the relevent part of the linker script (reformatted to make it clearer): | SECTIONS | { | /* | * unwind exit sections must be discarded before the rest of the | * unwind sections get included. | */ | /DISCARD/ : { | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | } | ... | .exit.text : { | *(.exit.text) | *(.memexit.text) | } | ... | /DISCARD/ : { | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | } | } Now, this is what the linker manual says about discarded output sections: | The special output section name `/DISCARD/' may be used to discard | input sections. Any input sections which are assigned to an output | section named `/DISCARD/' are not included in the output file. No questions, no exceptions. It doesn't say "unless they are listed before the /DISCARD/ section." Now, this is what asn-generic/vmlinux.lds.S says: | /* | * Default discarded sections. | * | * Some archs want to discard exit text/data at runtime rather than | * link time due to cross-section references such as alt instructions, | * bug table, eh_frame, etc. DISCARDS must be the last of output | * section definitions so that such archs put those in earlier section | * definitions. | */ And guess what - the list _always_ includes .exit.text etc. Now, what's actually happening is that the linker is reading the script, and it finds the first /DISCARD/ output section at the beginning of the script. It continues reading the script, and finds the 'DISCARD' macro at the end, which having been postprocessed results in another /DISCARD/ output section. As the linker already contains the earlier /DISCARD/ output section, it adds it to that existing section, so it effectively is placed at the start. This can be seen by using the -M option to ld: | Linker script and memory map | | 0xc037c080 jiffies = jiffies_64 | | /DISCARD/ | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | | 0xc0008000 . = 0xc0008000 | | .head.text 0xc0008000 0x1d0 | 0xc0008000 _text = . | *(.head.text) | .head.text 0xc0008000 0x1d0 arch/arm/kernel/head.o | 0xc0008000 stext | | .text 0xc0008200 0x2d78d0 | 0xc0008200 _stext = . | 0xc0008200 __exception_text_start = . | *(.exception.text) | .exception.text | ... As you can see, all the discarded sections are grouped together - and as a result of it being the first output section, they all appear before any other section. The result is that not only is the unwind information discarded (as intended), but also the .exit.text, despite us wanting to have the .exit.text preserved. We can't move the unwind information elsewhere, because it'll then be included even when we do actually discard the .exit.text (and similar) sections. So, work around this by avoiding the generic DISCARDS macro, and instead conditionalize the sections to be discarded ourselves. This avoids the ambiguity in how the linker assigns input sections to output sections, making our script less dependent on undocumented linker behaviour. Reported-by: Rob Herring <robherring2@gmail.com> Tested-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-09-21 06:35:15 +08:00
* XXX: The linker does not define how output sections are
* assigned to input sections when there are multiple statements
* matching the same input section name. There is no documented
* order of matching.
*
* unwind exit sections must be discarded before the rest of the
* unwind sections get included.
*/
/DISCARD/ : {
*(.ARM.exidx.exit.text)
*(.ARM.extab.exit.text)
ARM_CPU_DISCARD(*(.ARM.exidx.cpuexit.text))
ARM_CPU_DISCARD(*(.ARM.extab.cpuexit.text))
ARM: fix vmlinux.lds.S discarding sections We are seeing linker errors caused by sections being discarded, despite the linker script trying to keep them. The result is (eg): `.exit.text' referenced in section `.alt.smp.init' of drivers/built-in.o: defined in discarded section `.exit.text' of drivers/built-in.o `.exit.text' referenced in section `.alt.smp.init' of net/built-in.o: defined in discarded section `.exit.text' of net/built-in.o This is the relevent part of the linker script (reformatted to make it clearer): | SECTIONS | { | /* | * unwind exit sections must be discarded before the rest of the | * unwind sections get included. | */ | /DISCARD/ : { | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | } | ... | .exit.text : { | *(.exit.text) | *(.memexit.text) | } | ... | /DISCARD/ : { | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | } | } Now, this is what the linker manual says about discarded output sections: | The special output section name `/DISCARD/' may be used to discard | input sections. Any input sections which are assigned to an output | section named `/DISCARD/' are not included in the output file. No questions, no exceptions. It doesn't say "unless they are listed before the /DISCARD/ section." Now, this is what asn-generic/vmlinux.lds.S says: | /* | * Default discarded sections. | * | * Some archs want to discard exit text/data at runtime rather than | * link time due to cross-section references such as alt instructions, | * bug table, eh_frame, etc. DISCARDS must be the last of output | * section definitions so that such archs put those in earlier section | * definitions. | */ And guess what - the list _always_ includes .exit.text etc. Now, what's actually happening is that the linker is reading the script, and it finds the first /DISCARD/ output section at the beginning of the script. It continues reading the script, and finds the 'DISCARD' macro at the end, which having been postprocessed results in another /DISCARD/ output section. As the linker already contains the earlier /DISCARD/ output section, it adds it to that existing section, so it effectively is placed at the start. This can be seen by using the -M option to ld: | Linker script and memory map | | 0xc037c080 jiffies = jiffies_64 | | /DISCARD/ | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | | 0xc0008000 . = 0xc0008000 | | .head.text 0xc0008000 0x1d0 | 0xc0008000 _text = . | *(.head.text) | .head.text 0xc0008000 0x1d0 arch/arm/kernel/head.o | 0xc0008000 stext | | .text 0xc0008200 0x2d78d0 | 0xc0008200 _stext = . | 0xc0008200 __exception_text_start = . | *(.exception.text) | .exception.text | ... As you can see, all the discarded sections are grouped together - and as a result of it being the first output section, they all appear before any other section. The result is that not only is the unwind information discarded (as intended), but also the .exit.text, despite us wanting to have the .exit.text preserved. We can't move the unwind information elsewhere, because it'll then be included even when we do actually discard the .exit.text (and similar) sections. So, work around this by avoiding the generic DISCARDS macro, and instead conditionalize the sections to be discarded ourselves. This avoids the ambiguity in how the linker assigns input sections to output sections, making our script less dependent on undocumented linker behaviour. Reported-by: Rob Herring <robherring2@gmail.com> Tested-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-09-21 06:35:15 +08:00
ARM_EXIT_DISCARD(EXIT_TEXT)
ARM_EXIT_DISCARD(EXIT_DATA)
EXIT_CALL
#ifndef CONFIG_MMU
*(.text.fixup)
*(__ex_table)
#endif
#ifndef CONFIG_SMP_ON_UP
*(.alt.smp.init)
#endif
ARM: fix vmlinux.lds.S discarding sections We are seeing linker errors caused by sections being discarded, despite the linker script trying to keep them. The result is (eg): `.exit.text' referenced in section `.alt.smp.init' of drivers/built-in.o: defined in discarded section `.exit.text' of drivers/built-in.o `.exit.text' referenced in section `.alt.smp.init' of net/built-in.o: defined in discarded section `.exit.text' of net/built-in.o This is the relevent part of the linker script (reformatted to make it clearer): | SECTIONS | { | /* | * unwind exit sections must be discarded before the rest of the | * unwind sections get included. | */ | /DISCARD/ : { | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | } | ... | .exit.text : { | *(.exit.text) | *(.memexit.text) | } | ... | /DISCARD/ : { | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | } | } Now, this is what the linker manual says about discarded output sections: | The special output section name `/DISCARD/' may be used to discard | input sections. Any input sections which are assigned to an output | section named `/DISCARD/' are not included in the output file. No questions, no exceptions. It doesn't say "unless they are listed before the /DISCARD/ section." Now, this is what asn-generic/vmlinux.lds.S says: | /* | * Default discarded sections. | * | * Some archs want to discard exit text/data at runtime rather than | * link time due to cross-section references such as alt instructions, | * bug table, eh_frame, etc. DISCARDS must be the last of output | * section definitions so that such archs put those in earlier section | * definitions. | */ And guess what - the list _always_ includes .exit.text etc. Now, what's actually happening is that the linker is reading the script, and it finds the first /DISCARD/ output section at the beginning of the script. It continues reading the script, and finds the 'DISCARD' macro at the end, which having been postprocessed results in another /DISCARD/ output section. As the linker already contains the earlier /DISCARD/ output section, it adds it to that existing section, so it effectively is placed at the start. This can be seen by using the -M option to ld: | Linker script and memory map | | 0xc037c080 jiffies = jiffies_64 | | /DISCARD/ | *(.ARM.exidx.exit.text) | *(.ARM.extab.exit.text) | *(.exit.text) | *(.memexit.text) | *(.exit.data) | *(.memexit.data) | *(.memexit.rodata) | *(.exitcall.exit) | *(.discard) | *(.discard.*) | | 0xc0008000 . = 0xc0008000 | | .head.text 0xc0008000 0x1d0 | 0xc0008000 _text = . | *(.head.text) | .head.text 0xc0008000 0x1d0 arch/arm/kernel/head.o | 0xc0008000 stext | | .text 0xc0008200 0x2d78d0 | 0xc0008200 _stext = . | 0xc0008200 __exception_text_start = . | *(.exception.text) | .exception.text | ... As you can see, all the discarded sections are grouped together - and as a result of it being the first output section, they all appear before any other section. The result is that not only is the unwind information discarded (as intended), but also the .exit.text, despite us wanting to have the .exit.text preserved. We can't move the unwind information elsewhere, because it'll then be included even when we do actually discard the .exit.text (and similar) sections. So, work around this by avoiding the generic DISCARDS macro, and instead conditionalize the sections to be discarded ourselves. This avoids the ambiguity in how the linker assigns input sections to output sections, making our script less dependent on undocumented linker behaviour. Reported-by: Rob Herring <robherring2@gmail.com> Tested-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-09-21 06:35:15 +08:00
*(.discard)
*(.discard.*)
}
. = PAGE_OFFSET + TEXT_OFFSET;
.head.text : {
_text = .;
HEAD_TEXT
}
ARM: 8501/1: mm: flip priority of CONFIG_DEBUG_RODATA The use of CONFIG_DEBUG_RODATA is generally seen as an essential part of kernel self-protection: http://www.openwall.com/lists/kernel-hardening/2015/11/30/13 Additionally, its name has grown to mean things beyond just rodata. To get ARM closer to this, we ought to rearrange the names of the configs that control how the kernel protects its memory. What was called CONFIG_ARM_KERNMEM_PERMS is realy doing the work that other architectures call CONFIG_DEBUG_RODATA. This redefines CONFIG_DEBUG_RODATA to actually do the bulk of the ROing (and NXing). In the place of the old CONFIG_DEBUG_RODATA, use CONFIG_DEBUG_ALIGN_RODATA, since that's what the option does: adds section alignment for making rodata explicitly NX, as arm does not split the page tables like arm64 does without _ALIGN_RODATA. Also adds human readable names to the sections so I could more easily debug my typos, and makes CONFIG_DEBUG_RODATA default "y" for CPU_V7. Results in /sys/kernel/debug/kernel_page_tables for each config state: # CONFIG_DEBUG_RODATA is not set # CONFIG_DEBUG_ALIGN_RODATA is not set ---[ Kernel Mapping ]--- 0x80000000-0x80900000 9M RW x SHD 0x80900000-0xa0000000 503M RW NX SHD CONFIG_DEBUG_RODATA=y CONFIG_DEBUG_ALIGN_RODATA=y ---[ Kernel Mapping ]--- 0x80000000-0x80100000 1M RW NX SHD 0x80100000-0x80700000 6M ro x SHD 0x80700000-0x80a00000 3M ro NX SHD 0x80a00000-0xa0000000 502M RW NX SHD CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_ALIGN_RODATA is not set ---[ Kernel Mapping ]--- 0x80000000-0x80100000 1M RW NX SHD 0x80100000-0x80a00000 9M ro x SHD 0x80a00000-0xa0000000 502M RW NX SHD Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Laura Abbott <labbott@fedoraproject.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-01-26 08:19:36 +08:00
#ifdef CONFIG_DEBUG_RODATA
. = ALIGN(1<<SECTION_SHIFT);
#endif
.text : { /* Real text segment */
_stext = .; /* Text and read-only data */
IDMAP_TEXT
__exception_text_start = .;
*(.exception.text)
__exception_text_end = .;
IRQENTRY_TEXT
SOFTIRQENTRY_TEXT
TEXT_TEXT
SCHED_TEXT
LOCK_TEXT
HYPERVISOR_TEXT
KPROBES_TEXT
*(.gnu.warning)
*(.glue_7)
*(.glue_7t)
. = ALIGN(4);
*(.got) /* Global offset table */
ARM_CPU_KEEP(PROC_INFO)
}
ARM: 8501/1: mm: flip priority of CONFIG_DEBUG_RODATA The use of CONFIG_DEBUG_RODATA is generally seen as an essential part of kernel self-protection: http://www.openwall.com/lists/kernel-hardening/2015/11/30/13 Additionally, its name has grown to mean things beyond just rodata. To get ARM closer to this, we ought to rearrange the names of the configs that control how the kernel protects its memory. What was called CONFIG_ARM_KERNMEM_PERMS is realy doing the work that other architectures call CONFIG_DEBUG_RODATA. This redefines CONFIG_DEBUG_RODATA to actually do the bulk of the ROing (and NXing). In the place of the old CONFIG_DEBUG_RODATA, use CONFIG_DEBUG_ALIGN_RODATA, since that's what the option does: adds section alignment for making rodata explicitly NX, as arm does not split the page tables like arm64 does without _ALIGN_RODATA. Also adds human readable names to the sections so I could more easily debug my typos, and makes CONFIG_DEBUG_RODATA default "y" for CPU_V7. Results in /sys/kernel/debug/kernel_page_tables for each config state: # CONFIG_DEBUG_RODATA is not set # CONFIG_DEBUG_ALIGN_RODATA is not set ---[ Kernel Mapping ]--- 0x80000000-0x80900000 9M RW x SHD 0x80900000-0xa0000000 503M RW NX SHD CONFIG_DEBUG_RODATA=y CONFIG_DEBUG_ALIGN_RODATA=y ---[ Kernel Mapping ]--- 0x80000000-0x80100000 1M RW NX SHD 0x80100000-0x80700000 6M ro x SHD 0x80700000-0x80a00000 3M ro NX SHD 0x80a00000-0xa0000000 502M RW NX SHD CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_ALIGN_RODATA is not set ---[ Kernel Mapping ]--- 0x80000000-0x80100000 1M RW NX SHD 0x80100000-0x80a00000 9M ro x SHD 0x80a00000-0xa0000000 502M RW NX SHD Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Laura Abbott <labbott@fedoraproject.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-01-26 08:19:36 +08:00
#ifdef CONFIG_DEBUG_ALIGN_RODATA
. = ALIGN(1<<SECTION_SHIFT);
#endif
RO_DATA(PAGE_SIZE)
. = ALIGN(4);
__ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) {
__start___ex_table = .;
#ifdef CONFIG_MMU
*(__ex_table)
#endif
__stop___ex_table = .;
}
#ifdef CONFIG_ARM_UNWIND
/*
* Stack unwinding tables
*/
. = ALIGN(8);
.ARM.unwind_idx : {
__start_unwind_idx = .;
*(.ARM.exidx*)
__stop_unwind_idx = .;
}
.ARM.unwind_tab : {
__start_unwind_tab = .;
*(.ARM.extab*)
__stop_unwind_tab = .;
}
#endif
NOTES
_etext = .; /* End of text and rodata section */
#ifdef CONFIG_DEBUG_RODATA
. = ALIGN(1<<SECTION_SHIFT);
#else
. = ALIGN(PAGE_SIZE);
#endif
__init_begin = .;
/*
* The vectors and stubs are relocatable code, and the
* only thing that matters is their relative offsets
*/
__vectors_start = .;
ARM: 8515/2: move .vectors and .stubs sections back into the kernel VMA Commit b9b32bf70f2f ("ARM: use linker magic for vectors and vector stubs") updated the linker script to emit the .vectors and .stubs sections into a VMA range that is zero based and disjoint from the normal static kernel region. The reason for that was that this way, the sections can be placed exactly 4 KB apart, while the payload of the .vectors section is only 32 bytes. Since the symbols that are part of the .stubs section are emitted into the kallsyms table, they appear with zero based addresses as well, e.g., 00001004 t vector_rst 00001020 t vector_irq 000010a0 t vector_dabt 00001120 t vector_pabt 000011a0 t vector_und 00001220 t vector_addrexcptn 00001240 t vector_fiq 00001240 T vector_fiq_offset As this confuses perf when it accesses the kallsyms tables, commit 7122c3e9154b ("scripts/link-vmlinux.sh: only filter kernel symbols for arm") implemented a somewhat ugly special case for ARM, where the value of CONFIG_PAGE_OFFSET is passed to scripts/kallsyms, and symbols whose addresses are below it are filtered out. Note that this special case only applies to CONFIG_XIP_KERNEL=n, not because the issue the patch addresses exists only in that case, but because finding a limit below which to apply the filtering is not entirely straightforward. Since the .vectors and .stubs sections contain position independent code that is never executed in place, we can emit it at its most likely runtime VMA (for more recent CPUs), which is 0xffff0000 for the vector table and 0xffff1000 for the stubs. Not only does this fix the perf issue with kallsyms, allowing us to drop the special case in scripts/kallsyms entirely, it also gives debuggers a more realistic view of the address space, and setting breakpoints or single stepping through code in the vector table or the stubs is more likely to work as expected on CPUs that use a high vector address. E.g., 00001240 A vector_fiq_offset ... c0c35000 T __init_begin c0c35000 T __vectors_start c0c35020 T __stubs_start c0c35020 T __vectors_end c0c352e0 T _sinittext c0c352e0 T __stubs_end ... ffff1004 t vector_rst ffff1020 t vector_irq ffff10a0 t vector_dabt ffff1120 t vector_pabt ffff11a0 t vector_und ffff1220 t vector_addrexcptn ffff1240 T vector_fiq (Note that vector_fiq_offset is now an absolute symbol, which kallsyms already ignores by default) The LMA footprint is identical with or without this change, only the VMAs are different: Before: Idx Name Size VMA LMA File off Algn ... 14 .notes 00000024 c0c34020 c0c34020 00a34020 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .vectors 00000020 00000000 c0c35000 00a40000 2**1 CONTENTS, ALLOC, LOAD, READONLY, CODE 16 .stubs 000002c0 00001000 c0c35020 00a41000 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE 17 .init.text 0006b1b8 c0c352e0 c0c352e0 00a452e0 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE ... After: Idx Name Size VMA LMA File off Algn ... 14 .notes 00000024 c0c34020 c0c34020 00a34020 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .vectors 00000020 ffff0000 c0c35000 00a40000 2**1 CONTENTS, ALLOC, LOAD, READONLY, CODE 16 .stubs 000002c0 ffff1000 c0c35020 00a41000 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE 17 .init.text 0006b1b8 c0c352e0 c0c352e0 00a452e0 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE ... Acked-by: Nicolas Pitre <nico@linaro.org> Acked-by: Chris Brandt <chris.brandt@renesas.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-02-10 18:41:08 +08:00
.vectors 0xffff0000 : AT(__vectors_start) {
*(.vectors)
}
. = __vectors_start + SIZEOF(.vectors);
__vectors_end = .;
__stubs_start = .;
ARM: 8515/2: move .vectors and .stubs sections back into the kernel VMA Commit b9b32bf70f2f ("ARM: use linker magic for vectors and vector stubs") updated the linker script to emit the .vectors and .stubs sections into a VMA range that is zero based and disjoint from the normal static kernel region. The reason for that was that this way, the sections can be placed exactly 4 KB apart, while the payload of the .vectors section is only 32 bytes. Since the symbols that are part of the .stubs section are emitted into the kallsyms table, they appear with zero based addresses as well, e.g., 00001004 t vector_rst 00001020 t vector_irq 000010a0 t vector_dabt 00001120 t vector_pabt 000011a0 t vector_und 00001220 t vector_addrexcptn 00001240 t vector_fiq 00001240 T vector_fiq_offset As this confuses perf when it accesses the kallsyms tables, commit 7122c3e9154b ("scripts/link-vmlinux.sh: only filter kernel symbols for arm") implemented a somewhat ugly special case for ARM, where the value of CONFIG_PAGE_OFFSET is passed to scripts/kallsyms, and symbols whose addresses are below it are filtered out. Note that this special case only applies to CONFIG_XIP_KERNEL=n, not because the issue the patch addresses exists only in that case, but because finding a limit below which to apply the filtering is not entirely straightforward. Since the .vectors and .stubs sections contain position independent code that is never executed in place, we can emit it at its most likely runtime VMA (for more recent CPUs), which is 0xffff0000 for the vector table and 0xffff1000 for the stubs. Not only does this fix the perf issue with kallsyms, allowing us to drop the special case in scripts/kallsyms entirely, it also gives debuggers a more realistic view of the address space, and setting breakpoints or single stepping through code in the vector table or the stubs is more likely to work as expected on CPUs that use a high vector address. E.g., 00001240 A vector_fiq_offset ... c0c35000 T __init_begin c0c35000 T __vectors_start c0c35020 T __stubs_start c0c35020 T __vectors_end c0c352e0 T _sinittext c0c352e0 T __stubs_end ... ffff1004 t vector_rst ffff1020 t vector_irq ffff10a0 t vector_dabt ffff1120 t vector_pabt ffff11a0 t vector_und ffff1220 t vector_addrexcptn ffff1240 T vector_fiq (Note that vector_fiq_offset is now an absolute symbol, which kallsyms already ignores by default) The LMA footprint is identical with or without this change, only the VMAs are different: Before: Idx Name Size VMA LMA File off Algn ... 14 .notes 00000024 c0c34020 c0c34020 00a34020 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .vectors 00000020 00000000 c0c35000 00a40000 2**1 CONTENTS, ALLOC, LOAD, READONLY, CODE 16 .stubs 000002c0 00001000 c0c35020 00a41000 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE 17 .init.text 0006b1b8 c0c352e0 c0c352e0 00a452e0 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE ... After: Idx Name Size VMA LMA File off Algn ... 14 .notes 00000024 c0c34020 c0c34020 00a34020 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .vectors 00000020 ffff0000 c0c35000 00a40000 2**1 CONTENTS, ALLOC, LOAD, READONLY, CODE 16 .stubs 000002c0 ffff1000 c0c35020 00a41000 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE 17 .init.text 0006b1b8 c0c352e0 c0c352e0 00a452e0 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE ... Acked-by: Nicolas Pitre <nico@linaro.org> Acked-by: Chris Brandt <chris.brandt@renesas.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-02-10 18:41:08 +08:00
.stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) {
*(.stubs)
}
. = __stubs_start + SIZEOF(.stubs);
__stubs_end = .;
ARM: 8515/2: move .vectors and .stubs sections back into the kernel VMA Commit b9b32bf70f2f ("ARM: use linker magic for vectors and vector stubs") updated the linker script to emit the .vectors and .stubs sections into a VMA range that is zero based and disjoint from the normal static kernel region. The reason for that was that this way, the sections can be placed exactly 4 KB apart, while the payload of the .vectors section is only 32 bytes. Since the symbols that are part of the .stubs section are emitted into the kallsyms table, they appear with zero based addresses as well, e.g., 00001004 t vector_rst 00001020 t vector_irq 000010a0 t vector_dabt 00001120 t vector_pabt 000011a0 t vector_und 00001220 t vector_addrexcptn 00001240 t vector_fiq 00001240 T vector_fiq_offset As this confuses perf when it accesses the kallsyms tables, commit 7122c3e9154b ("scripts/link-vmlinux.sh: only filter kernel symbols for arm") implemented a somewhat ugly special case for ARM, where the value of CONFIG_PAGE_OFFSET is passed to scripts/kallsyms, and symbols whose addresses are below it are filtered out. Note that this special case only applies to CONFIG_XIP_KERNEL=n, not because the issue the patch addresses exists only in that case, but because finding a limit below which to apply the filtering is not entirely straightforward. Since the .vectors and .stubs sections contain position independent code that is never executed in place, we can emit it at its most likely runtime VMA (for more recent CPUs), which is 0xffff0000 for the vector table and 0xffff1000 for the stubs. Not only does this fix the perf issue with kallsyms, allowing us to drop the special case in scripts/kallsyms entirely, it also gives debuggers a more realistic view of the address space, and setting breakpoints or single stepping through code in the vector table or the stubs is more likely to work as expected on CPUs that use a high vector address. E.g., 00001240 A vector_fiq_offset ... c0c35000 T __init_begin c0c35000 T __vectors_start c0c35020 T __stubs_start c0c35020 T __vectors_end c0c352e0 T _sinittext c0c352e0 T __stubs_end ... ffff1004 t vector_rst ffff1020 t vector_irq ffff10a0 t vector_dabt ffff1120 t vector_pabt ffff11a0 t vector_und ffff1220 t vector_addrexcptn ffff1240 T vector_fiq (Note that vector_fiq_offset is now an absolute symbol, which kallsyms already ignores by default) The LMA footprint is identical with or without this change, only the VMAs are different: Before: Idx Name Size VMA LMA File off Algn ... 14 .notes 00000024 c0c34020 c0c34020 00a34020 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .vectors 00000020 00000000 c0c35000 00a40000 2**1 CONTENTS, ALLOC, LOAD, READONLY, CODE 16 .stubs 000002c0 00001000 c0c35020 00a41000 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE 17 .init.text 0006b1b8 c0c352e0 c0c352e0 00a452e0 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE ... After: Idx Name Size VMA LMA File off Algn ... 14 .notes 00000024 c0c34020 c0c34020 00a34020 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .vectors 00000020 ffff0000 c0c35000 00a40000 2**1 CONTENTS, ALLOC, LOAD, READONLY, CODE 16 .stubs 000002c0 ffff1000 c0c35020 00a41000 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE 17 .init.text 0006b1b8 c0c352e0 c0c352e0 00a452e0 2**5 CONTENTS, ALLOC, LOAD, READONLY, CODE ... Acked-by: Nicolas Pitre <nico@linaro.org> Acked-by: Chris Brandt <chris.brandt@renesas.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-02-10 18:41:08 +08:00
PROVIDE(vector_fiq_offset = vector_fiq - ADDR(.vectors));
INIT_TEXT_SECTION(8)
.exit.text : {
ARM_EXIT_KEEP(EXIT_TEXT)
}
.init.proc.info : {
ARM_CPU_DISCARD(PROC_INFO)
}
.init.arch.info : {
__arch_info_begin = .;
*(.arch.info.init)
__arch_info_end = .;
}
.init.tagtable : {
__tagtable_begin = .;
*(.taglist.init)
__tagtable_end = .;
}
#ifdef CONFIG_SMP_ON_UP
.init.smpalt : {
__smpalt_begin = .;
*(.alt.smp.init)
__smpalt_end = .;
}
#endif
.init.pv_table : {
ARM: P2V: introduce phys_to_virt/virt_to_phys runtime patching This idea came from Nicolas, Eric Miao produced an initial version, which was then rewritten into this. Patch the physical to virtual translations at runtime. As we modify the code, this makes it incompatible with XIP kernels, but allows us to achieve this with minimal loss of performance. As many translations are of the form: physical = virtual + (PHYS_OFFSET - PAGE_OFFSET) virtual = physical - (PHYS_OFFSET - PAGE_OFFSET) we generate an 'add' instruction for __virt_to_phys(), and a 'sub' instruction for __phys_to_virt(). We calculate at run time (PHYS_OFFSET - PAGE_OFFSET) by comparing the address prior to MMU initialization with where it should be once the MMU has been initialized, and place this constant into the above add/sub instructions. Once we have (PHYS_OFFSET - PAGE_OFFSET), we can calculate the real PHYS_OFFSET as PAGE_OFFSET is a build-time constant, and save this for the C-mode PHYS_OFFSET variable definition to use. At present, we are unable to support Realview with Sparsemem enabled as this uses a complex mapping function, and MSM as this requires a constant which will not fit in our math instruction. Add a module version magic string for this feature to prevent incompatible modules being loaded. Tested-by: Tony Lindgren <tony@atomide.com> Reviewed-by: Nicolas Pitre <nicolas.pitre@linaro.org> Tested-by: Nicolas Pitre <nicolas.pitre@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-01-05 03:09:43 +08:00
__pv_table_begin = .;
*(.pv_table)
ARM: P2V: introduce phys_to_virt/virt_to_phys runtime patching This idea came from Nicolas, Eric Miao produced an initial version, which was then rewritten into this. Patch the physical to virtual translations at runtime. As we modify the code, this makes it incompatible with XIP kernels, but allows us to achieve this with minimal loss of performance. As many translations are of the form: physical = virtual + (PHYS_OFFSET - PAGE_OFFSET) virtual = physical - (PHYS_OFFSET - PAGE_OFFSET) we generate an 'add' instruction for __virt_to_phys(), and a 'sub' instruction for __phys_to_virt(). We calculate at run time (PHYS_OFFSET - PAGE_OFFSET) by comparing the address prior to MMU initialization with where it should be once the MMU has been initialized, and place this constant into the above add/sub instructions. Once we have (PHYS_OFFSET - PAGE_OFFSET), we can calculate the real PHYS_OFFSET as PAGE_OFFSET is a build-time constant, and save this for the C-mode PHYS_OFFSET variable definition to use. At present, we are unable to support Realview with Sparsemem enabled as this uses a complex mapping function, and MSM as this requires a constant which will not fit in our math instruction. Add a module version magic string for this feature to prevent incompatible modules being loaded. Tested-by: Tony Lindgren <tony@atomide.com> Reviewed-by: Nicolas Pitre <nicolas.pitre@linaro.org> Tested-by: Nicolas Pitre <nicolas.pitre@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-01-05 03:09:43 +08:00
__pv_table_end = .;
}
.init.data : {
INIT_DATA
INIT_SETUP(16)
INIT_CALLS
CON_INITCALL
SECURITY_INITCALL
INIT_RAM_FS
}
.exit.data : {
ARM_EXIT_KEEP(EXIT_DATA)
}
ARM: 7428/1: Prevent KALLSYM size mismatch on ARM. ARM builds seem to be plagued by an occasional build error: Inconsistent kallsyms data This is a bug - please report about it Try "make KALLSYMS_EXTRA_PASS=1" as a workaround The problem has to do with alignment of some sections by the linker. The kallsyms data is built in two passes by first linking the kernel without it, and then linking the kernel again with the symbols included. Normally, this just shifts the symbols, without changing their order, and the compression used by the kallsyms gives the same result. On non SMP, the per CPU data is empty. Depending on the where the alignment ends up, it can come out as either: +-------------------+ | last text segment | +-------------------+ /* padding */ +-------------------+ <- L1_CACHE_BYTES alignemnt | per cpu (empty) | +-------------------+ __per_cpu_end: /* padding */ __data_loc: +-------------------+ <- THREAD_SIZE alignment | data | +-------------------+ or +-------------------+ | last text segment | +-------------------+ /* padding */ +-------------------+ <- L1_CACHE_BYTES alignemnt | per cpu (empty) | +-------------------+ __per_cpu_end: /* no padding */ __data_loc: +-------------------+ <- THREAD_SIZE alignment | data | +-------------------+ if the alignment satisfies both. Because symbols that have the same address are sorted by 'nm -n', the second case will be in a different order than the first case. This changes the compression, changing the size of the kallsym data, causing the build failure. The KALLSYMS_EXTRA_PASS=1 workaround usually works, but it is still possible to have the alignment change between the second and third pass. It's probably even possible for it to never reach a fixedpoint. The problem only occurs on non-SMP, when the per-cpu data is empty, and when the data segment has alignment (and immediately follows the text segments). Fix this by only including the per_cpu section on SMP, when it is not empty. Signed-off-by: David Brown <davidb@codeaurora.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2012-06-21 05:52:24 +08:00
#ifdef CONFIG_SMP
PERCPU_SECTION(L1_CACHE_BYTES)
ARM: 7428/1: Prevent KALLSYM size mismatch on ARM. ARM builds seem to be plagued by an occasional build error: Inconsistent kallsyms data This is a bug - please report about it Try "make KALLSYMS_EXTRA_PASS=1" as a workaround The problem has to do with alignment of some sections by the linker. The kallsyms data is built in two passes by first linking the kernel without it, and then linking the kernel again with the symbols included. Normally, this just shifts the symbols, without changing their order, and the compression used by the kallsyms gives the same result. On non SMP, the per CPU data is empty. Depending on the where the alignment ends up, it can come out as either: +-------------------+ | last text segment | +-------------------+ /* padding */ +-------------------+ <- L1_CACHE_BYTES alignemnt | per cpu (empty) | +-------------------+ __per_cpu_end: /* padding */ __data_loc: +-------------------+ <- THREAD_SIZE alignment | data | +-------------------+ or +-------------------+ | last text segment | +-------------------+ /* padding */ +-------------------+ <- L1_CACHE_BYTES alignemnt | per cpu (empty) | +-------------------+ __per_cpu_end: /* no padding */ __data_loc: +-------------------+ <- THREAD_SIZE alignment | data | +-------------------+ if the alignment satisfies both. Because symbols that have the same address are sorted by 'nm -n', the second case will be in a different order than the first case. This changes the compression, changing the size of the kallsym data, causing the build failure. The KALLSYMS_EXTRA_PASS=1 workaround usually works, but it is still possible to have the alignment change between the second and third pass. It's probably even possible for it to never reach a fixedpoint. The problem only occurs on non-SMP, when the per-cpu data is empty, and when the data segment has alignment (and immediately follows the text segments). Fix this by only including the per_cpu section on SMP, when it is not empty. Signed-off-by: David Brown <davidb@codeaurora.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2012-06-21 05:52:24 +08:00
#endif
ARM: 8501/1: mm: flip priority of CONFIG_DEBUG_RODATA The use of CONFIG_DEBUG_RODATA is generally seen as an essential part of kernel self-protection: http://www.openwall.com/lists/kernel-hardening/2015/11/30/13 Additionally, its name has grown to mean things beyond just rodata. To get ARM closer to this, we ought to rearrange the names of the configs that control how the kernel protects its memory. What was called CONFIG_ARM_KERNMEM_PERMS is realy doing the work that other architectures call CONFIG_DEBUG_RODATA. This redefines CONFIG_DEBUG_RODATA to actually do the bulk of the ROing (and NXing). In the place of the old CONFIG_DEBUG_RODATA, use CONFIG_DEBUG_ALIGN_RODATA, since that's what the option does: adds section alignment for making rodata explicitly NX, as arm does not split the page tables like arm64 does without _ALIGN_RODATA. Also adds human readable names to the sections so I could more easily debug my typos, and makes CONFIG_DEBUG_RODATA default "y" for CPU_V7. Results in /sys/kernel/debug/kernel_page_tables for each config state: # CONFIG_DEBUG_RODATA is not set # CONFIG_DEBUG_ALIGN_RODATA is not set ---[ Kernel Mapping ]--- 0x80000000-0x80900000 9M RW x SHD 0x80900000-0xa0000000 503M RW NX SHD CONFIG_DEBUG_RODATA=y CONFIG_DEBUG_ALIGN_RODATA=y ---[ Kernel Mapping ]--- 0x80000000-0x80100000 1M RW NX SHD 0x80100000-0x80700000 6M ro x SHD 0x80700000-0x80a00000 3M ro NX SHD 0x80a00000-0xa0000000 502M RW NX SHD CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_ALIGN_RODATA is not set ---[ Kernel Mapping ]--- 0x80000000-0x80100000 1M RW NX SHD 0x80100000-0x80a00000 9M ro x SHD 0x80a00000-0xa0000000 502M RW NX SHD Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Laura Abbott <labbott@fedoraproject.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-01-26 08:19:36 +08:00
#ifdef CONFIG_DEBUG_RODATA
. = ALIGN(1<<SECTION_SHIFT);
#else
. = ALIGN(THREAD_SIZE);
#endif
__init_end = .;
__data_loc = .;
.data : AT(__data_loc) {
_data = .; /* address in memory */
_sdata = .;
/*
* first, the init task union, aligned
* to an 8192 byte boundary.
*/
INIT_TASK_DATA(THREAD_SIZE)
NOSAVE_DATA
CACHELINE_ALIGNED_DATA(L1_CACHE_BYTES)
READ_MOSTLY_DATA(L1_CACHE_BYTES)
/*
* and the usual data section
*/
DATA_DATA
CONSTRUCTORS
_edata = .;
}
_edata_loc = __data_loc + SIZEOF(.data);
#ifdef CONFIG_HAVE_TCM
/*
* We align everything to a page boundary so we can
* free it after init has commenced and TCM contents have
* been copied to its destination.
*/
.tcm_start : {
. = ALIGN(PAGE_SIZE);
__tcm_start = .;
__itcm_start = .;
}
/*
* Link these to the ITCM RAM
* Put VMA to the TCM address and LMA to the common RAM
* and we'll upload the contents from RAM to TCM and free
* the used RAM after that.
*/
.text_itcm ITCM_OFFSET : AT(__itcm_start)
{
__sitcm_text = .;
*(.tcm.text)
*(.tcm.rodata)
. = ALIGN(4);
__eitcm_text = .;
}
/*
* Reset the dot pointer, this is needed to create the
* relative __dtcm_start below (to be used as extern in code).
*/
. = ADDR(.tcm_start) + SIZEOF(.tcm_start) + SIZEOF(.text_itcm);
.dtcm_start : {
__dtcm_start = .;
}
/* TODO: add remainder of ITCM as well, that can be used for data! */
.data_dtcm DTCM_OFFSET : AT(__dtcm_start)
{
. = ALIGN(4);
__sdtcm_data = .;
*(.tcm.data)
. = ALIGN(4);
__edtcm_data = .;
}
/* Reset the dot pointer or the linker gets confused */
. = ADDR(.dtcm_start) + SIZEOF(.data_dtcm);
/* End marker for freeing TCM copy in linked object */
.tcm_end : AT(ADDR(.dtcm_start) + SIZEOF(.data_dtcm)){
. = ALIGN(PAGE_SIZE);
__tcm_end = .;
}
#endif
BSS_SECTION(0, 0, 0)
_end = .;
STABS_DEBUG
}
#ifdef CONFIG_DEBUG_RODATA
/*
* Without CONFIG_DEBUG_ALIGN_RODATA, __start_rodata_section_aligned will
* be the first section-aligned location after __start_rodata. Otherwise,
* it will be equal to __start_rodata.
*/
__start_rodata_section_aligned = ALIGN(__start_rodata, 1 << SECTION_SHIFT);
#endif
/*
* These must never be empty
* If you have to comment these two assert statements out, your
* binutils is too old (for other reasons as well)
*/
ASSERT((__proc_info_end - __proc_info_begin), "missing CPU support")
ASSERT((__arch_info_end - __arch_info_begin), "no machine record defined")
/*
* The HYP init code can't be more than a page long,
* and should not cross a page boundary.
* The above comment applies as well.
*/
ASSERT(__hyp_idmap_text_end - (__hyp_idmap_text_start & PAGE_MASK) <= PAGE_SIZE,
"HYP init code too big or misaligned")
#endif /* CONFIG_XIP_KERNEL */