提交 404f6aac 编写于 作者: K Kees Cook 提交者: Ingo Molnar

x86: Apply more __ro_after_init and const

Guided by grsecurity's analogous __read_only markings in arch/x86,
this applies several uses of __ro_after_init to structures that are
only updated during __init, and const for some structures that are
never updated.  Additionally extends __init markings to some functions
that are only used during __init, and cleans up some missing C99 style
static initializers.
Signed-off-by: NKees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brad Spengler <spender@grsecurity.net>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Brown <david.brown@linaro.org>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Emese Revfy <re.emese@gmail.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mathias Krause <minipli@googlemail.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: PaX Team <pageexec@freemail.hu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kernel-hardening@lists.openwall.com
Link: http://lkml.kernel.org/r/20160808232906.GA29731@www.outflux.netSigned-off-by: NIngo Molnar <mingo@kernel.org>
上级 fb754f95
...@@ -36,7 +36,7 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in ...@@ -36,7 +36,7 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in
extern struct desc_ptr idt_descr; extern struct desc_ptr idt_descr;
extern gate_desc idt_table[]; extern gate_desc idt_table[];
extern struct desc_ptr debug_idt_descr; extern const struct desc_ptr debug_idt_descr;
extern gate_desc debug_idt_table[]; extern gate_desc debug_idt_table[];
struct gdt_page { struct gdt_page {
......
...@@ -45,7 +45,8 @@ ...@@ -45,7 +45,8 @@
extern u64 xfeatures_mask; extern u64 xfeatures_mask;
extern u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; extern u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
extern void update_regset_xstate_info(unsigned int size, u64 xstate_mask); extern void __init update_regset_xstate_info(unsigned int size,
u64 xstate_mask);
void fpu__xstate_clear_all_cpu_caps(void); void fpu__xstate_clear_all_cpu_caps(void);
void *get_xsave_addr(struct xregs_state *xsave, int xstate); void *get_xsave_addr(struct xregs_state *xsave, int xstate);
......
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
static struct apic apic_physflat; static struct apic apic_physflat;
static struct apic apic_flat; static struct apic apic_flat;
struct apic __read_mostly *apic = &apic_flat; struct apic *apic __ro_after_init = &apic_flat;
EXPORT_SYMBOL_GPL(apic); EXPORT_SYMBOL_GPL(apic);
static int flat_acpi_madt_oem_check(char *oem_id, char *oem_table_id) static int flat_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
...@@ -154,7 +154,7 @@ static int flat_probe(void) ...@@ -154,7 +154,7 @@ static int flat_probe(void)
return 1; return 1;
} }
static struct apic apic_flat = { static struct apic apic_flat __ro_after_init = {
.name = "flat", .name = "flat",
.probe = flat_probe, .probe = flat_probe,
.acpi_madt_oem_check = flat_acpi_madt_oem_check, .acpi_madt_oem_check = flat_acpi_madt_oem_check,
...@@ -248,7 +248,7 @@ static int physflat_probe(void) ...@@ -248,7 +248,7 @@ static int physflat_probe(void)
return 0; return 0;
} }
static struct apic apic_physflat = { static struct apic apic_physflat __ro_after_init = {
.name = "physical flat", .name = "physical flat",
.probe = physflat_probe, .probe = physflat_probe,
......
...@@ -108,7 +108,7 @@ static void noop_apic_write(u32 reg, u32 v) ...@@ -108,7 +108,7 @@ static void noop_apic_write(u32 reg, u32 v)
WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_APIC) && !disable_apic); WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_APIC) && !disable_apic);
} }
struct apic apic_noop = { struct apic apic_noop __ro_after_init = {
.name = "noop", .name = "noop",
.probe = noop_probe, .probe = noop_probe,
.acpi_madt_oem_check = NULL, .acpi_madt_oem_check = NULL,
......
...@@ -142,7 +142,7 @@ static int probe_bigsmp(void) ...@@ -142,7 +142,7 @@ static int probe_bigsmp(void)
return dmi_bigsmp; return dmi_bigsmp;
} }
static struct apic apic_bigsmp = { static struct apic apic_bigsmp __ro_after_init = {
.name = "bigsmp", .name = "bigsmp",
.probe = probe_bigsmp, .probe = probe_bigsmp,
......
...@@ -269,7 +269,7 @@ static void hpet_msi_write_msg(struct irq_data *data, struct msi_msg *msg) ...@@ -269,7 +269,7 @@ static void hpet_msi_write_msg(struct irq_data *data, struct msi_msg *msg)
hpet_msi_write(irq_data_get_irq_handler_data(data), msg); hpet_msi_write(irq_data_get_irq_handler_data(data), msg);
} }
static struct irq_chip hpet_msi_controller = { static struct irq_chip hpet_msi_controller __ro_after_init = {
.name = "HPET-MSI", .name = "HPET-MSI",
.irq_unmask = hpet_msi_unmask, .irq_unmask = hpet_msi_unmask,
.irq_mask = hpet_msi_mask, .irq_mask = hpet_msi_mask,
......
...@@ -72,7 +72,7 @@ static int probe_default(void) ...@@ -72,7 +72,7 @@ static int probe_default(void)
return 1; return 1;
} }
static struct apic apic_default = { static struct apic apic_default __ro_after_init = {
.name = "default", .name = "default",
.probe = probe_default, .probe = probe_default,
...@@ -126,7 +126,7 @@ static struct apic apic_default = { ...@@ -126,7 +126,7 @@ static struct apic apic_default = {
apic_driver(apic_default); apic_driver(apic_default);
struct apic *apic = &apic_default; struct apic *apic __ro_after_init = &apic_default;
EXPORT_SYMBOL_GPL(apic); EXPORT_SYMBOL_GPL(apic);
static int cmdline_apic __initdata; static int cmdline_apic __initdata;
......
...@@ -222,7 +222,7 @@ static void cluster_vector_allocation_domain(int cpu, struct cpumask *retmask, ...@@ -222,7 +222,7 @@ static void cluster_vector_allocation_domain(int cpu, struct cpumask *retmask,
cpumask_and(retmask, mask, per_cpu(cpus_in_cluster, cpu)); cpumask_and(retmask, mask, per_cpu(cpus_in_cluster, cpu));
} }
static struct apic apic_x2apic_cluster = { static struct apic apic_x2apic_cluster __ro_after_init = {
.name = "cluster x2apic", .name = "cluster x2apic",
.probe = x2apic_cluster_probe, .probe = x2apic_cluster_probe,
......
...@@ -98,7 +98,7 @@ static int x2apic_phys_probe(void) ...@@ -98,7 +98,7 @@ static int x2apic_phys_probe(void)
return apic == &apic_x2apic_phys; return apic == &apic_x2apic_phys;
} }
static struct apic apic_x2apic_phys = { static struct apic apic_x2apic_phys __ro_after_init = {
.name = "physical x2apic", .name = "physical x2apic",
.probe = x2apic_phys_probe, .probe = x2apic_phys_probe,
......
...@@ -554,7 +554,7 @@ static int uv_probe(void) ...@@ -554,7 +554,7 @@ static int uv_probe(void)
return apic == &apic_x2apic_uv_x; return apic == &apic_x2apic_uv_x;
} }
static struct apic __refdata apic_x2apic_uv_x = { static struct apic apic_x2apic_uv_x __ro_after_init = {
.name = "UV large system", .name = "UV large system",
.probe = uv_probe, .probe = uv_probe,
......
...@@ -1265,9 +1265,14 @@ static __init int setup_disablecpuid(char *arg) ...@@ -1265,9 +1265,14 @@ static __init int setup_disablecpuid(char *arg)
__setup("clearcpuid=", setup_disablecpuid); __setup("clearcpuid=", setup_disablecpuid);
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table }; struct desc_ptr idt_descr __ro_after_init = {
struct desc_ptr debug_idt_descr = { NR_VECTORS * 16 - 1, .size = NR_VECTORS * 16 - 1,
(unsigned long) debug_idt_table }; .address = (unsigned long) idt_table,
};
const struct desc_ptr debug_idt_descr = {
.size = NR_VECTORS * 16 - 1,
.address = (unsigned long) debug_idt_table,
};
DEFINE_PER_CPU_FIRST(union irq_stack_union, DEFINE_PER_CPU_FIRST(union irq_stack_union,
irq_stack_union) __aligned(PAGE_SIZE) __visible; irq_stack_union) __aligned(PAGE_SIZE) __visible;
......
...@@ -72,14 +72,14 @@ static DEFINE_MUTEX(mtrr_mutex); ...@@ -72,14 +72,14 @@ static DEFINE_MUTEX(mtrr_mutex);
u64 size_or_mask, size_and_mask; u64 size_or_mask, size_and_mask;
static bool mtrr_aps_delayed_init; static bool mtrr_aps_delayed_init;
static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM]; static const struct mtrr_ops *mtrr_ops[X86_VENDOR_NUM] __ro_after_init;
const struct mtrr_ops *mtrr_if; const struct mtrr_ops *mtrr_if;
static void set_mtrr(unsigned int reg, unsigned long base, static void set_mtrr(unsigned int reg, unsigned long base,
unsigned long size, mtrr_type type); unsigned long size, mtrr_type type);
void set_mtrr_ops(const struct mtrr_ops *ops) void __init set_mtrr_ops(const struct mtrr_ops *ops)
{ {
if (ops->vendor && ops->vendor < X86_VENDOR_NUM) if (ops->vendor && ops->vendor < X86_VENDOR_NUM)
mtrr_ops[ops->vendor] = ops; mtrr_ops[ops->vendor] = ops;
......
...@@ -54,7 +54,7 @@ void fill_mtrr_var_range(unsigned int index, ...@@ -54,7 +54,7 @@ void fill_mtrr_var_range(unsigned int index,
bool get_mtrr_state(void); bool get_mtrr_state(void);
void mtrr_bp_pat_init(void); void mtrr_bp_pat_init(void);
extern void set_mtrr_ops(const struct mtrr_ops *ops); extern void __init set_mtrr_ops(const struct mtrr_ops *ops);
extern u64 size_or_mask, size_and_mask; extern u64 size_or_mask, size_and_mask;
extern const struct mtrr_ops *mtrr_if; extern const struct mtrr_ops *mtrr_if;
......
...@@ -184,7 +184,7 @@ static ssize_t setup_data_data_read(struct file *fp, ...@@ -184,7 +184,7 @@ static ssize_t setup_data_data_read(struct file *fp,
static struct kobj_attribute type_attr = __ATTR_RO(type); static struct kobj_attribute type_attr = __ATTR_RO(type);
static struct bin_attribute data_attr = { static struct bin_attribute data_attr __ro_after_init = {
.attr = { .attr = {
.name = "data", .name = "data",
.mode = S_IRUGO, .mode = S_IRUGO,
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
#include <asm/x86_init.h> #include <asm/x86_init.h>
#include <asm/reboot.h> #include <asm/reboot.h>
static int kvmclock = 1; static int kvmclock __ro_after_init = 1;
static int msr_kvm_system_time = MSR_KVM_SYSTEM_TIME; static int msr_kvm_system_time = MSR_KVM_SYSTEM_TIME;
static int msr_kvm_wall_clock = MSR_KVM_WALL_CLOCK; static int msr_kvm_wall_clock = MSR_KVM_WALL_CLOCK;
static cycle_t kvm_sched_clock_offset; static cycle_t kvm_sched_clock_offset;
......
...@@ -389,7 +389,7 @@ NOKPROBE_SYMBOL(native_load_idt); ...@@ -389,7 +389,7 @@ NOKPROBE_SYMBOL(native_load_idt);
#define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64) #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64)
#endif #endif
struct pv_mmu_ops pv_mmu_ops = { struct pv_mmu_ops pv_mmu_ops __ro_after_init = {
.read_cr2 = native_read_cr2, .read_cr2 = native_read_cr2,
.write_cr2 = native_write_cr2, .write_cr2 = native_write_cr2,
......
...@@ -1250,7 +1250,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, ...@@ -1250,7 +1250,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
static struct user_regset x86_64_regsets[] __read_mostly = { static struct user_regset x86_64_regsets[] __ro_after_init = {
[REGSET_GENERAL] = { [REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS, .core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct) / sizeof(long), .n = sizeof(struct user_regs_struct) / sizeof(long),
...@@ -1291,7 +1291,7 @@ static const struct user_regset_view user_x86_64_view = { ...@@ -1291,7 +1291,7 @@ static const struct user_regset_view user_x86_64_view = {
#endif /* CONFIG_X86_64 */ #endif /* CONFIG_X86_64 */
#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
static struct user_regset x86_32_regsets[] __read_mostly = { static struct user_regset x86_32_regsets[] __ro_after_init = {
[REGSET_GENERAL] = { [REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS, .core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct32) / sizeof(u32), .n = sizeof(struct user_regs_struct32) / sizeof(u32),
...@@ -1344,7 +1344,7 @@ static const struct user_regset_view user_x86_32_view = { ...@@ -1344,7 +1344,7 @@ static const struct user_regset_view user_x86_32_view = {
*/ */
u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
void update_regset_xstate_info(unsigned int size, u64 xstate_mask) void __init update_regset_xstate_info(unsigned int size, u64 xstate_mask)
{ {
#ifdef CONFIG_X86_64 #ifdef CONFIG_X86_64
x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
......
...@@ -705,7 +705,7 @@ static void native_machine_power_off(void) ...@@ -705,7 +705,7 @@ static void native_machine_power_off(void)
tboot_shutdown(TB_SHUTDOWN_HALT); tboot_shutdown(TB_SHUTDOWN_HALT);
} }
struct machine_ops machine_ops = { struct machine_ops machine_ops __ro_after_init = {
.power_off = native_machine_power_off, .power_off = native_machine_power_off,
.shutdown = native_machine_shutdown, .shutdown = native_machine_shutdown,
.emergency_restart = native_machine_emergency_restart, .emergency_restart = native_machine_emergency_restart,
......
...@@ -210,9 +210,9 @@ EXPORT_SYMBOL(boot_cpu_data); ...@@ -210,9 +210,9 @@ EXPORT_SYMBOL(boot_cpu_data);
#if !defined(CONFIG_X86_PAE) || defined(CONFIG_X86_64) #if !defined(CONFIG_X86_PAE) || defined(CONFIG_X86_64)
__visible unsigned long mmu_cr4_features; __visible unsigned long mmu_cr4_features __ro_after_init;
#else #else
__visible unsigned long mmu_cr4_features = X86_CR4_PAE; __visible unsigned long mmu_cr4_features __ro_after_init = X86_CR4_PAE;
#endif #endif
/* Boot loader ID and version as integers, for the benefit of proc_dointvec */ /* Boot loader ID and version as integers, for the benefit of proc_dointvec */
......
...@@ -33,7 +33,7 @@ EXPORT_PER_CPU_SYMBOL(cpu_number); ...@@ -33,7 +33,7 @@ EXPORT_PER_CPU_SYMBOL(cpu_number);
DEFINE_PER_CPU_READ_MOSTLY(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET; DEFINE_PER_CPU_READ_MOSTLY(unsigned long, this_cpu_off) = BOOT_PERCPU_OFFSET;
EXPORT_PER_CPU_SYMBOL(this_cpu_off); EXPORT_PER_CPU_SYMBOL(this_cpu_off);
unsigned long __per_cpu_offset[NR_CPUS] __read_mostly = { unsigned long __per_cpu_offset[NR_CPUS] __ro_after_init = {
[0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET, [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
}; };
EXPORT_SYMBOL(__per_cpu_offset); EXPORT_SYMBOL(__per_cpu_offset);
......
...@@ -91,7 +91,7 @@ struct x86_cpuinit_ops x86_cpuinit = { ...@@ -91,7 +91,7 @@ struct x86_cpuinit_ops x86_cpuinit = {
static void default_nmi_init(void) { }; static void default_nmi_init(void) { };
static int default_i8042_detect(void) { return 1; }; static int default_i8042_detect(void) { return 1; };
struct x86_platform_ops x86_platform = { struct x86_platform_ops x86_platform __ro_after_init = {
.calibrate_cpu = native_calibrate_cpu, .calibrate_cpu = native_calibrate_cpu,
.calibrate_tsc = native_calibrate_tsc, .calibrate_tsc = native_calibrate_tsc,
.get_wallclock = mach_get_cmos_time, .get_wallclock = mach_get_cmos_time,
...@@ -108,7 +108,7 @@ struct x86_platform_ops x86_platform = { ...@@ -108,7 +108,7 @@ struct x86_platform_ops x86_platform = {
EXPORT_SYMBOL_GPL(x86_platform); EXPORT_SYMBOL_GPL(x86_platform);
#if defined(CONFIG_PCI_MSI) #if defined(CONFIG_PCI_MSI)
struct x86_msi_ops x86_msi = { struct x86_msi_ops x86_msi __ro_after_init = {
.setup_msi_irqs = native_setup_msi_irqs, .setup_msi_irqs = native_setup_msi_irqs,
.teardown_msi_irq = native_teardown_msi_irq, .teardown_msi_irq = native_teardown_msi_irq,
.teardown_msi_irqs = default_teardown_msi_irqs, .teardown_msi_irqs = default_teardown_msi_irqs,
...@@ -137,7 +137,7 @@ void arch_restore_msi_irqs(struct pci_dev *dev) ...@@ -137,7 +137,7 @@ void arch_restore_msi_irqs(struct pci_dev *dev)
} }
#endif #endif
struct x86_io_apic_ops x86_io_apic_ops = { struct x86_io_apic_ops x86_io_apic_ops __ro_after_init = {
.read = native_io_apic_read, .read = native_io_apic_read,
.disable = native_disable_io_apic, .disable = native_disable_io_apic,
}; };
...@@ -4961,7 +4961,7 @@ static inline void avic_post_state_restore(struct kvm_vcpu *vcpu) ...@@ -4961,7 +4961,7 @@ static inline void avic_post_state_restore(struct kvm_vcpu *vcpu)
avic_handle_ldr_update(vcpu); avic_handle_ldr_update(vcpu);
} }
static struct kvm_x86_ops svm_x86_ops = { static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm, .cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled, .disabled_by_bios = is_disabled,
.hardware_setup = svm_hardware_setup, .hardware_setup = svm_hardware_setup,
......
...@@ -11175,7 +11175,7 @@ static void vmx_setup_mce(struct kvm_vcpu *vcpu) ...@@ -11175,7 +11175,7 @@ static void vmx_setup_mce(struct kvm_vcpu *vcpu)
~FEATURE_CONTROL_LMCE; ~FEATURE_CONTROL_LMCE;
} }
static struct kvm_x86_ops vmx_x86_ops = { static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support, .cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios, .disabled_by_bios = vmx_disabled_by_bios,
.hardware_setup = hardware_setup, .hardware_setup = hardware_setup,
......
...@@ -120,9 +120,12 @@ static unsigned long __init bios32_service(unsigned long service) ...@@ -120,9 +120,12 @@ static unsigned long __init bios32_service(unsigned long service)
static struct { static struct {
unsigned long address; unsigned long address;
unsigned short segment; unsigned short segment;
} pci_indirect = { 0, __KERNEL_CS }; } pci_indirect __ro_after_init = {
.address = 0,
.segment = __KERNEL_CS,
};
static int pci_bios_present; static int pci_bios_present __ro_after_init;
static int __init check_pcibios(void) static int __init check_pcibios(void)
{ {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册