Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4625733ybp; Mon, 14 Oct 2019 07:35:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqzvBxY3zHtnaEE2H/RRooYRzx0PJRvo1s4uDETGFCQJWgkbQd2y1u9yWi4+FdKOQ/OY67zQ X-Received: by 2002:a17:906:85c5:: with SMTP id i5mr28685882ejy.222.1571063717535; Mon, 14 Oct 2019 07:35:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571063717; cv=none; d=google.com; s=arc-20160816; b=UCVKk8QLSVqC6vvwrGn9mpYodlLWYunonK1d4eUF8oRSMt/ST/Wt/VQ0n4esk6yynh 22EWJJbqTvuvk67k+Q4uAtzJBv0odiTULmQoxbRJWSyiFCZeKglScGv1kpDp/Usta9oa N3R0BUiVBOzrkV8Kzh9EMsklKCTgQ8gWyP0VEdLSgda+BHdJG7s88hDIdKCibyNNeakb MO6IEe8MbQ1rQDfCYwOVuhzAmoLZJPVieeZidZh+yi+Spok8tXBUeCnXCmSAP1SfC52x QJ3FyD5Y8wNyNY7DiSM6Ix5m3B90MgWjBGWDlFK7jojPPDNL9HZ3U34Za2W5yxAHCdwo 76EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=iisGcKJhp2CEjly+Lb2vsDUwuENHZ11lPV/aDXvBhNs=; b=z9p67RbcV3UktyDhq6lljgNy/PdBazA84nnjLMBBt6aLscBFV5+q+Shmwwcv22/pCZ A3EtI1+Uko82JxeopCxOTxfh98MIQq69dg8k+as+kXwAIA3M4uIrpMOs64t6kx9582gc JkMocJ5sNc2bNUbFiKhCzHGRkcSAOd/TWb9tPucXojbIy0tetO0tXlOkZ5fXuerCYLeg S6dL8ZnYO6tZiMq6N4UscpiHHfcf4vfPXyNxwruwo3tQSCAOuhszgEngoR8++Hqeactw 6YbE6t5EDjC4NsIaKGKrtERII5JfqZPElGWFJDRbc1ztK+fEWgZtUCimjCh1mSehs80B ZMeA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h28si13270474edh.278.2019.10.14.07.34.54; Mon, 14 Oct 2019 07:35:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732850AbfJNOdp (ORCPT + 99 others); Mon, 14 Oct 2019 10:33:45 -0400 Received: from foss.arm.com ([217.140.110.172]:45792 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731121AbfJNOdp (ORCPT ); Mon, 14 Oct 2019 10:33:45 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 078EC337; Mon, 14 Oct 2019 07:33:45 -0700 (PDT) Received: from [10.1.197.57] (e110467-lin.cambridge.arm.com [10.1.197.57]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D0E113F68E; Mon, 14 Oct 2019 07:33:43 -0700 (PDT) Subject: Re: [PATCH] kernel: dma: Make CMA boot parameters __ro_after_init To: Shyam Saini , kernel-hardening@lists.openwall.com Cc: Kees Cook , linux-kernel@vger.kernel.org, Matthew Wilcox , linux-mm@kvack.org, iommu@lists.linux-foundation.org, Christopher Lameter , Christoph Hellwig References: <20191012122918.8066-1-mayhs11saini@gmail.com> From: Robin Murphy Message-ID: <95842b81-c751-abed-dd3f-258b9fd70393@arm.com> Date: Mon, 14 Oct 2019 15:33:42 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20191012122918.8066-1-mayhs11saini@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/10/2019 13:29, Shyam Saini wrote: > This parameters are not changed after early boot. > By making them __ro_after_init will reduce any attack surface in the > kernel. At a glance, it looks like these are only referenced by a couple of __init functions, so couldn't they just be __initdata/__initconst? Robin. > Link: https://lwn.net/Articles/676145/ > Cc: Christoph Hellwig > Cc: Marek Szyprowski > Cc: Robin Murphy > Cc: Matthew Wilcox > Cc: Christopher Lameter > Cc: Kees Cook > Signed-off-by: Shyam Saini > --- > kernel/dma/contiguous.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/kernel/dma/contiguous.c b/kernel/dma/contiguous.c > index 69cfb4345388..1b689b1303cd 100644 > --- a/kernel/dma/contiguous.c > +++ b/kernel/dma/contiguous.c > @@ -42,10 +42,10 @@ struct cma *dma_contiguous_default_area; > * Users, who want to set the size of global CMA area for their system > * should use cma= kernel parameter. > */ > -static const phys_addr_t size_bytes = (phys_addr_t)CMA_SIZE_MBYTES * SZ_1M; > -static phys_addr_t size_cmdline = -1; > -static phys_addr_t base_cmdline; > -static phys_addr_t limit_cmdline; > +static const phys_addr_t __ro_after_init size_bytes = (phys_addr_t)CMA_SIZE_MBYTES * SZ_1M; > +static phys_addr_t __ro_after_init size_cmdline = -1; > +static phys_addr_t __ro_after_init base_cmdline; > +static phys_addr_t __ro_after_init limit_cmdline; > > static int __init early_cma(char *p) > { >