x86, vmlinux.lds.S: Page align RO data for xo text

rpedgeco · rpedgeco · commit 428f889a5c52 · 2019-08-23T16:26:53.000-07:00
RO data starts right after the kernel text. If the kernel text doesn’t end
exactly on a 2MB page boundary, then the last page of text will share a page
with the RO data. This prevents all of the text being set as execute-only,
since it would make the RO data not readable.

So page align the start of the RO data when CONFIG_XO_TEXT so this does not
happen. This usually results in the last page of kernel text being a 4k page
instead of a 2MB one. The RO data could be 2MB aligned to avoid this, but at
the cost of extra memory usage. So have it be a 4k page, as it is the
compromise PTI used when setting some pages non-global.

Signed-off-by: Rick Edgecombe &lt;rick.p.edgecombe@intel.com&gt;
diff --git a/arch/Kconfig b/arch/Kconfig
@@ -872,6 +872,9 @@ config STRICT_MODULE_RWX
 	  and non-text memory will be made non-executable. This provides
 	  protection against certain security exploits (e.g. writing to text)
 
+config STRICT_KERNEL_NR
+	bool "Align kernel rodata so all kernel text can be set not readable"
+
 # select if the architecture provides an asm/dma-direct.h header
 config ARCH_HAS_PHYS_TO_DMA
 	bool
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
@@ -143,6 +143,14 @@ SECTIONS
 #endif
 	} :text = 0x9090
 
+	/*
+	 * If the kernel text is XO, make sure no data shares the page with the
+	 * kernel text.
+	 */
+#ifdef CONFIG_XO_TEXT
+ 	. = ALIGN(PAGE_SIZE);
+#endif
+
 	/* End of text section */
 	_etext = .;
 
