From: Petr Pavlu <petr.pavlu@suse.com>
Date: Thu, 6 Mar 2025 13:13:54 +0000 (+0100)
Subject: module: Make .static_call_sites read-only after init
X-Git-Tag: v6.16-rc1~72^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=60b57b9cb002df575a54635da1c55f361533deb7;p=thirdparty%2Fkernel%2Flinux.git

module: Make .static_call_sites read-only after init

Section .static_call_sites holds data structures that need to be sorted and
processed only at module load time. This initial processing happens in
static_call_add_module(), which is invoked as a callback to the
MODULE_STATE_COMING notification from prepare_coming_module().

The section is never modified afterwards. Make it therefore read-only after
module initialization to avoid any (non-)accidental modifications.

Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20250306131430.7016-4-petr.pavlu@suse.com
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
---

diff --git a/kernel/module/strict_rwx.c b/kernel/module/strict_rwx.c
index 7aab6a524eccc..8fd438529fbc0 100644
--- a/kernel/module/strict_rwx.c
+++ b/kernel/module/strict_rwx.c
@@ -121,6 +121,15 @@ static const char *const ro_after_init[] = {
 	 * section, which are marked as such at module load time.
 	 */
 	"__jump_table",
+
+#ifdef CONFIG_HAVE_STATIC_CALL_INLINE
+	/*
+	 * Section .static_call_sites holds data structures that need to be
+	 * sorted and processed at module load time but are never modified
+	 * afterwards.
+	 */
+	".static_call_sites",
+#endif
 };
 
 void module_mark_ro_after_init(const Elf_Ehdr *hdr, Elf_Shdr *sechdrs,