On Mon, Nov 14, 2016 at 01:12:05PM -0800, Kees Cook wrote: > At some point here, I want to collect all the arch maintainers and > discuss the options for correctly reflecting the three data > memory-protection needs we have: > > - always read-only > - read-only after init > - read-only except during rare updates > > (The latter one doesn't exist all yet...) > > x86, arm, and arm64 use mark_rodata_ro() after init finishes, so they > don't technically implement "always read-only". parisc, tile, powerpc, > others have "always read-only", but disable read-only-after-init since > they don't use mark_rodata_ro(). I think s390 has recently implemented > both, but I have to double-check...
Yes, s390 has both: an early always read-only support, which is effective as soon as paging_init() has set up and enabled page tables. Our mark_rodata_ro() implementation only makes the ro_after_init section read-only.