On Thu, Jan 28, 2016 at 3:06 AM, Mark Rutland <mark.rutl...@arm.com> wrote: > One thing I would like to do is to avoid the need for fixup_executable > entirely, by mapping the kernel text RO from the outset. However, that > requires rework of the alternatives patching (to use a temporary RW > alias), and I haven't had the time to look into that yet.
This makes perfect sense for the rodata section, but the (future) postinit_rodata section we'll still want to mark RO after init finishes. x86 and ARM cheat by marking both RO after init, and they don't have to pad sections. parisc will need to solve this too. -Kees -- Kees Cook Chrome OS & Brillo Security
