From: Arjan van de Ven x86 specific parts to make the .rodata section read only Signed-off-by: Arjan van de Ven Signed-off-by: Ingo Molnar Cc: Andi Kleen Signed-off-by: Andrew Morton --- arch/i386/Kconfig.debug | 10 ++++++++++ arch/i386/mm/init.c | 24 ++++++++++++++++++++++++ include/asm-i386/cacheflush.h | 2 ++ 3 files changed, 36 insertions(+) diff -puN arch/i386/Kconfig.debug~mark-rodata-section-read-only-x86-parts arch/i386/Kconfig.debug --- devel/arch/i386/Kconfig.debug~mark-rodata-section-read-only-x86-parts 2005-11-10 02:19:40.000000000 -0800 +++ devel-akpm/arch/i386/Kconfig.debug 2005-11-10 02:19:40.000000000 -0800 @@ -42,6 +42,16 @@ config DEBUG_PAGEALLOC This results in a large slowdown, but helps to find certain types of memory corruptions. +config DEBUG_RODATA + bool "Write protect kernel read-only data structures" + depends on DEBUG_KERNEL + help + Mark the kernel read-only data as write-protected in the pagetables, + in order to catch accidental (and incorrect) writes to such const + data. This option may have a slight performance impact because a + portion of the kernel code won't be covered by a 2MB TLB anymore. + If in doubt, say "N". + config 4KSTACKS bool "Use 4Kb for kernel stacks instead of 8Kb" depends on DEBUG_KERNEL diff -puN arch/i386/mm/init.c~mark-rodata-section-read-only-x86-parts arch/i386/mm/init.c --- devel/arch/i386/mm/init.c~mark-rodata-section-read-only-x86-parts 2005-11-10 02:19:40.000000000 -0800 +++ devel-akpm/arch/i386/mm/init.c 2005-11-10 02:19:40.000000000 -0800 @@ -735,6 +735,30 @@ void free_initmem(void) printk (KERN_INFO "Freeing unused kernel memory: %dk freed\n", (__init_end - __init_begin) >> 10); } +#ifdef CONFIG_DEBUG_RODATA + +extern char __start_rodata, __end_rodata; +void mark_rodata_ro(void) +{ + unsigned long addr = (unsigned long)&__start_rodata; + + for (; addr < (unsigned long)&__end_rodata; addr += PAGE_SIZE) + change_page_attr(virt_to_page(addr), 1, PAGE_KERNEL_RO); + + printk ("Write protecting the kernel read-only data: %luk\n", + (&__end_rodata - &__start_rodata) >> 10); + + /* + * change_page_attr() requires a global_flush_tlb() call after it. + * We do this after the printk so that if something went wrong in the + * change, the printk gets out at least to give a better debug hint + * of who is the culprit. + */ + global_flush_tlb(); +} +#endif + + #ifdef CONFIG_BLK_DEV_INITRD void free_initrd_mem(unsigned long start, unsigned long end) { diff -puN include/asm-i386/cacheflush.h~mark-rodata-section-read-only-x86-parts include/asm-i386/cacheflush.h --- devel/include/asm-i386/cacheflush.h~mark-rodata-section-read-only-x86-parts 2005-11-10 02:19:40.000000000 -0800 +++ devel-akpm/include/asm-i386/cacheflush.h 2005-11-10 02:19:40.000000000 -0800 @@ -31,4 +31,6 @@ int change_page_attr(struct page *page, void kernel_map_pages(struct page *page, int numpages, int enable); #endif +void mark_rodata_ro(void); + #endif /* _I386_CACHEFLUSH_H */ _