Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp4158121pxb; Mon, 27 Sep 2021 10:34:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwVz4Y9RNGx9tp+oICEaxvAjAQkqdy4BeMQK4jjbo8mKauCXUylO6sOm4RqHkh4m2ceuVOq X-Received: by 2002:a17:90a:8912:: with SMTP id u18mr281762pjn.69.1632764050247; Mon, 27 Sep 2021 10:34:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632764050; cv=none; d=google.com; s=arc-20160816; b=vKE/vDzKd16/VUZSFN5LT9Dea+woWyV4FOL3wC6Ey2xPWqrq4miUCRMa5n/XiMBXLr OrwMjZvnVyM2ydRGLSek9or9PiTj/pybFmtJvSEpo1hdhN1eAzpCsOHUUFqiwv5UcqJ0 657Qqv1jcWOU0JC5zg2HRUBglbpv0ylLsasZ5zSr0cmKF3MXc3YKsEnU1B77+/qUPq25 JlIoOLl05ypR8osULXGquRCF+ZjX6wCurUJNHyYo/gNH/v9IudrsjYAzzsLEc9M87KeT k7N7E3fPC+x1HDZfrgZBtNQGWOkQtWvE/vOUsCnsRAW/imbUEs5bp1ESx703LpvBrT+O RgNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=O8oyYUkbDtm5x7/w6Srs7UXGrfgcGgzSGjKyBdCPnM4=; b=XZbn+b0LnKMbiv0LUtRIoLyevTx1jkFxBH++trJVXK0C9Wc2UiqGmSN7oiPT3yHdCg OORWWBy7+4mxvCB5gjS+Ki9SmuUZYSgRUg3W+AomZuDsWjQdL9D5rijhGsXNnI218brQ UCO4/huPnWFex1m6wXKWaL2D8Jj6656EHTvRRD9x8WBncz4EKQJZBMKanz+ZgCfztrrw cKm+BEVWeRT7BlOM7p5Wpd39sCa4tkoW1xgJxcDbkLcERYD1aQas+NPBaSOsCwWiL/LE XNyjTvvSXwONesdltvpFZC1Q2Z9G7kwv6gqR9Bjo35FxLWvcD2bqjYuRgg68jEJXviBV NbJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ed9530na; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z15si20706663plg.209.2021.09.27.10.33.52; Mon, 27 Sep 2021 10:34:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ed9530na; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237839AbhI0Rbb (ORCPT + 99 others); Mon, 27 Sep 2021 13:31:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:40804 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237720AbhI0R2J (ORCPT ); Mon, 27 Sep 2021 13:28:09 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 276F261452; Mon, 27 Sep 2021 17:17:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632763039; bh=XegQGG9ZyGt+uAqrWDY+lVQGoahIuijtmmNkCIEoCps=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ed9530naxf+mHyQRO+erGknfa2azynlPVAyvWVshLI4CrJSMpXqS56P3XB7wpwgy/ bg7TxTN+6SG5k7Eglh3bwOOpsY0aSYhs0XGbZwYqKj+oNlAgOu/dqAAXHHWTFRogic +cwUYEUqq9vwizvuHBRbjS7sW6Hy0OzAuJfUpL2I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Li , Mark Rutland , Catalin Marinas , Sasha Levin Subject: [PATCH 5.14 144/162] arm64: Mark __stack_chk_guard as __ro_after_init Date: Mon, 27 Sep 2021 19:03:10 +0200 Message-Id: <20210927170238.424364305@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210927170233.453060397@linuxfoundation.org> References: <20210927170233.453060397@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dan Li [ Upstream commit 9fcb2e93f41c07a400885325e7dbdfceba6efaec ] __stack_chk_guard is setup once while init stage and never changed after that. Although the modification of this variable at runtime will usually cause the kernel to crash (so does the attacker), it should be marked as __ro_after_init, and it should not affect performance if it is placed in the ro_after_init section. Signed-off-by: Dan Li Acked-by: Mark Rutland Link: https://lore.kernel.org/r/1631612642-102881-1-git-send-email-ashimida@linux.alibaba.com Signed-off-by: Catalin Marinas Signed-off-by: Sasha Levin --- arch/arm64/kernel/process.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index c8989b999250..c858b857c1ec 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -60,7 +60,7 @@ #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include -unsigned long __stack_chk_guard __read_mostly; +unsigned long __stack_chk_guard __ro_after_init; EXPORT_SYMBOL(__stack_chk_guard); #endif -- 2.33.0