On Mon, Dec 7, 2015 at 1:52 PM, Ard Biesheuvel <[email protected]> wrote: > On 7 December 2015 at 21:54, Kees Cook <[email protected]> wrote: >> When rodata is large enough that it crosses a section boundary after the >> kernel text, mark the rest NX. This is as close to full NX of rodata as >> we can get without splitting page tables or doing section alignment via >> CONFIG_DEBUG_ALIGN_RODATA. >> >> Signed-off-by: Kees Cook <[email protected]> >> --- >> I am baffled why I can't put the ALIGN in the ".start = " initializer. >> GCC seems to think it's non-static, but only because of the "&" operator. >> Does anyone see a way to do this that doesn't require the runtime ALIGN? > > Yes, but you need to move the ALIGN() expression to the linker script > as the value of a new symbol
I didn't see a way to do this without actually bumping the alignment (CONFIG_DEBUG_ALIGN_RODATA already does that, I want the other case). Do you have an example anywhere I could look at? -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
