a223bd1bd3c228c1cfc3f29794d069f824cf3e26be7d6c0775584033.patch - chromiumos/third_party/kernel-rebase-patches - Git at Google

 From 45a66bcc1ce4817b0b62cc7f0d7c3f551ac67959 Mon Sep 17 00:00:00 2001
 From: Stephen Boyd <swboyd@chromium.org>
 Date: Tue, 8 Mar 2022 18:40:43 -0800
 Subject: [PATCH] CHROMIUM: alt-syscall: Mark things const and __init

 Most of this code runs at init time and the tables in here are not
 modified, instead they're copied. Let's mark various tables as const
 (more RO data) and also add __init to functions that run during boot.
 This should reduce the amount of code resident after boot and allow data
 tables to be marked read only.

 BUG=None
 TEST=Run arc++ on trogdor-kernelnext

 Signed-off-by: Stephen Boyd <swboyd@chromium.org>
 Change-Id: I68935c75146be60556195fc4d98774b146ad739c
 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/3511418
 Reviewed-by: Micah Morton <mortonm@chromium.org>
 ---
  arch/arm64/kernel/alt-syscall.c                  |  2 +-
  kernel/alt-syscall.c                             |  3 +--
  security/chromiumos/alt-syscall.c                | 16 +++++++---------
  security/chromiumos/android_whitelists.h         |  4 ++--
  security/chromiumos/complete_whitelists.h        |  4 ++--
  security/chromiumos/read_write_test_whitelists.h |  4 ++--
  security/chromiumos/third_party_whitelists.h     |  4 ++--
  7 files changed, 17 insertions(+), 20 deletions(-)

 diff --git a/arch/arm64/kernel/alt-syscall.c b/arch/arm64/kernel/alt-syscall.c
 index 767c5371cf39..c6e30f7817e2 100644
 --- a/arch/arm64/kernel/alt-syscall.c
 +++ b/arch/arm64/kernel/alt-syscall.c
 @@ -15,7 +15,7 @@

  #include <asm/syscall.h>

 -int arch_dup_sys_call_table(struct alt_sys_call_table *entry)
 +int __init arch_dup_sys_call_table(struct alt_sys_call_table *entry)
  {
  	int err;

 diff --git a/kernel/alt-syscall.c b/kernel/alt-syscall.c
 index 99599e1506a1..bcf86ad635f7 100644
 --- a/kernel/alt-syscall.c
 +++ b/kernel/alt-syscall.c
 @@ -28,8 +28,7 @@
  static LIST_HEAD(alt_sys_call_tables);
  static DEFINE_SPINLOCK(alt_sys_call_tables_lock);

 -/* XXX: there is no "unregister" yet. */
 -int register_alt_sys_call_table(struct alt_sys_call_table *entry)
 +int __init register_alt_sys_call_table(struct alt_sys_call_table *entry)
  {
  	if (!entry)
  		return -EINVAL;
 diff --git a/security/chromiumos/alt-syscall.c b/security/chromiumos/alt-syscall.c
 index 93d410970fe3..41d225267a65 100644
 --- a/security/chromiumos/alt-syscall.c
 +++ b/security/chromiumos/alt-syscall.c
 @@ -412,7 +412,7 @@ android_compat_clock_adjtime(struct pt_regs *regs)
  }
  #endif /* CONFIG_COMPAT */

 -static struct syscall_whitelist whitelists[] = {
 +static const struct syscall_whitelist whitelists[] __initconst = {
  	SYSCALL_WHITELIST(read_write_test),
  	SYSCALL_WHITELIST(android),
  	PERMISSIVE_SYSCALL_WHITELIST(android),
 @@ -422,8 +422,8 @@ static struct syscall_whitelist whitelists[] = {
  	PERMISSIVE_SYSCALL_WHITELIST(complete)
  };

 -static int alt_syscall_apply_whitelist(const struct syscall_whitelist *wl,
 -				       struct alt_sys_call_table *t)
 +static int __init alt_syscall_apply_whitelist(const struct syscall_whitelist *wl,
 +					      struct alt_sys_call_table *t)
  {
  	unsigned int i;
  	unsigned long *whitelist = kcalloc(BITS_TO_LONGS(t->size),
 @@ -457,7 +457,7 @@ static int alt_syscall_apply_whitelist(const struct syscall_whitelist *wl,
  }

  #ifdef CONFIG_COMPAT
 -static int
 +static int __init
  alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
  				   struct alt_sys_call_table *t)
  {
 @@ -492,7 +492,7 @@ alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
  	return 0;
  }
  #else
 -static inline int
 +static inline int __init
  alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
  				   struct alt_sys_call_table *t)
  {
 @@ -500,7 +500,7 @@ alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
  }
  #endif /* CONFIG_COMPAT */

 -static int alt_syscall_init_one(const struct syscall_whitelist *wl)
 +static int __init alt_syscall_init_one(const struct syscall_whitelist *wl)
  {
  	struct alt_sys_call_table *t;
  	int err;
 @@ -528,10 +528,8 @@ static int alt_syscall_init_one(const struct syscall_whitelist *wl)
   * Register an alternate syscall table for each whitelist.  Note that the
   * lack of a module_exit() is intentional - once a syscall table is registered
   * it cannot be unregistered.
 - *
 - * TODO(abrestic) Support unregistering syscall tables?
   */
 -static int chromiumos_alt_syscall_init(void)
 +static int __init chromiumos_alt_syscall_init(void)
  {
  	unsigned int i;
  	int err;
 diff --git a/security/chromiumos/android_whitelists.h b/security/chromiumos/android_whitelists.h
 index 2a17bf124776..e1cb938620a3 100644
 --- a/security/chromiumos/android_whitelists.h
 +++ b/security/chromiumos/android_whitelists.h
 @@ -55,7 +55,7 @@ static asmlinkage long android_compat_adjtimex(struct pt_regs *regs);
  static asmlinkage long android_compat_clock_adjtime(struct pt_regs *regs);
  #endif /* CONFIG_COMPAT */

 -static struct syscall_whitelist_entry android_whitelist[] = {
 +static const struct syscall_whitelist_entry android_whitelist[] __initconst = {
  	SYSCALL_ENTRY(accept),
  	SYSCALL_ENTRY(accept4),
  	SYSCALL_ENTRY_ALT(adjtimex, android_adjtimex),
 @@ -328,7 +328,7 @@ static struct syscall_whitelist_entry android_whitelist[] = {
  }; /* end android_whitelist */

  #ifdef CONFIG_COMPAT
 -static struct syscall_whitelist_entry android_compat_whitelist[] = {
 +static const struct syscall_whitelist_entry android_compat_whitelist[] __initconst = {
  	COMPAT_SYSCALL_ENTRY(access),
  	COMPAT_SYSCALL_ENTRY_ALT(adjtimex, android_compat_adjtimex),
  	COMPAT_SYSCALL_ENTRY(brk),
 diff --git a/security/chromiumos/complete_whitelists.h b/security/chromiumos/complete_whitelists.h
 index 224a5d3c6920..493d7ab41d89 100644
 --- a/security/chromiumos/complete_whitelists.h
 +++ b/security/chromiumos/complete_whitelists.h
 @@ -27,7 +27,7 @@

  #include "alt-syscall.h"

 -static struct syscall_whitelist_entry complete_whitelist[] = {
 +static const struct syscall_whitelist_entry complete_whitelist[] __initconst = {
  	/* Syscalls wired up on ARM32/ARM64 and x86_64. */
  	SYSCALL_ENTRY(accept),
  	SYSCALL_ENTRY(accept4),
 @@ -367,7 +367,7 @@ static struct syscall_whitelist_entry complete_whitelist[] = {
   * block_syscall() (unless the permissive mode is used in which case the call
   * will be redirected to warn_compat_syscall()).
   */
 -static struct syscall_whitelist_entry complete_compat_whitelist[] = {};
 +static const struct syscall_whitelist_entry complete_compat_whitelist[] __initconst = {};
  #endif /* CONFIG_COMPAT */

  #endif /* COMPLETE_WHITELISTS_H */
 diff --git a/security/chromiumos/read_write_test_whitelists.h b/security/chromiumos/read_write_test_whitelists.h
 index 5aa7370af4fc..abe939bdb111 100644
 --- a/security/chromiumos/read_write_test_whitelists.h
 +++ b/security/chromiumos/read_write_test_whitelists.h
 @@ -27,7 +27,7 @@

  #include "alt-syscall.h"

 -static struct syscall_whitelist_entry read_write_test_whitelist[] = {
 +static const struct syscall_whitelist_entry read_write_test_whitelist[] __initconst = {
  	SYSCALL_ENTRY(exit),
  	SYSCALL_ENTRY(openat),
  	SYSCALL_ENTRY(close),
 @@ -42,7 +42,7 @@ static struct syscall_whitelist_entry read_write_test_whitelist[] = {
  }; /* end read_write_test_whitelist */

  #ifdef CONFIG_COMPAT
 -static struct syscall_whitelist_entry read_write_test_compat_whitelist[] = {
 +static const struct syscall_whitelist_entry read_write_test_compat_whitelist[] __initconst = {
  	COMPAT_SYSCALL_ENTRY(exit),
  	COMPAT_SYSCALL_ENTRY(open),
  	COMPAT_SYSCALL_ENTRY(openat),
 diff --git a/security/chromiumos/third_party_whitelists.h b/security/chromiumos/third_party_whitelists.h
 index 7f2582b062bd..c04d2d739b48 100644
 --- a/security/chromiumos/third_party_whitelists.h
 +++ b/security/chromiumos/third_party_whitelists.h
 @@ -27,7 +27,7 @@

  #include "alt-syscall.h"

 -static struct syscall_whitelist_entry third_party_whitelist[] = {
 +static const struct syscall_whitelist_entry third_party_whitelist[] __initconst = {
  	SYSCALL_ENTRY(accept),
  	SYSCALL_ENTRY(bind),
  	SYSCALL_ENTRY(brk),
 @@ -142,7 +142,7 @@ static struct syscall_whitelist_entry third_party_whitelist[] = {
  }; /* end third_party_whitelist */

  #ifdef CONFIG_COMPAT
 -static struct syscall_whitelist_entry third_party_compat_whitelist[] = {
 +static const struct syscall_whitelist_entry third_party_compat_whitelist[] __initconst = {
  	COMPAT_SYSCALL_ENTRY(access),
  	COMPAT_SYSCALL_ENTRY(brk),
  	COMPAT_SYSCALL_ENTRY(chdir),
 --
 2.17.1
	From 45a66bcc1ce4817b0b62cc7f0d7c3f551ac67959 Mon Sep 17 00:00:00 2001
	From: Stephen Boyd <swboyd@chromium.org>
	Date: Tue, 8 Mar 2022 18:40:43 -0800
	Subject: [PATCH] CHROMIUM: alt-syscall: Mark things const and __init

	Most of this code runs at init time and the tables in here are not
	modified, instead they're copied. Let's mark various tables as const
	(more RO data) and also add __init to functions that run during boot.
	This should reduce the amount of code resident after boot and allow data
	tables to be marked read only.

	BUG=None
	TEST=Run arc++ on trogdor-kernelnext

	Signed-off-by: Stephen Boyd <swboyd@chromium.org>
	Change-Id: I68935c75146be60556195fc4d98774b146ad739c
	Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/3511418
	Reviewed-by: Micah Morton <mortonm@chromium.org>
	---
	arch/arm64/kernel/alt-syscall.c \| 2 +-
	kernel/alt-syscall.c \| 3 +--
	security/chromiumos/alt-syscall.c \| 16 +++++++---------
	security/chromiumos/android_whitelists.h \| 4 ++--
	security/chromiumos/complete_whitelists.h \| 4 ++--
	security/chromiumos/read_write_test_whitelists.h \| 4 ++--
	security/chromiumos/third_party_whitelists.h \| 4 ++--
	7 files changed, 17 insertions(+), 20 deletions(-)

	diff --git a/arch/arm64/kernel/alt-syscall.c b/arch/arm64/kernel/alt-syscall.c
	index 767c5371cf39..c6e30f7817e2 100644
	--- a/arch/arm64/kernel/alt-syscall.c
	+++ b/arch/arm64/kernel/alt-syscall.c
	@@ -15,7 +15,7 @@

	#include <asm/syscall.h>

	-int arch_dup_sys_call_table(struct alt_sys_call_table *entry)
	+int __init arch_dup_sys_call_table(struct alt_sys_call_table *entry)
	{
	int err;

	diff --git a/kernel/alt-syscall.c b/kernel/alt-syscall.c
	index 99599e1506a1..bcf86ad635f7 100644
	--- a/kernel/alt-syscall.c
	+++ b/kernel/alt-syscall.c
	@@ -28,8 +28,7 @@
	static LIST_HEAD(alt_sys_call_tables);
	static DEFINE_SPINLOCK(alt_sys_call_tables_lock);

	-/* XXX: there is no "unregister" yet. */
	-int register_alt_sys_call_table(struct alt_sys_call_table *entry)
	+int __init register_alt_sys_call_table(struct alt_sys_call_table *entry)
	{
	if (!entry)
	return -EINVAL;
	diff --git a/security/chromiumos/alt-syscall.c b/security/chromiumos/alt-syscall.c
	index 93d410970fe3..41d225267a65 100644
	--- a/security/chromiumos/alt-syscall.c
	+++ b/security/chromiumos/alt-syscall.c
	@@ -412,7 +412,7 @@ android_compat_clock_adjtime(struct pt_regs *regs)
	}
	#endif /* CONFIG_COMPAT */

	-static struct syscall_whitelist whitelists[] = {
	+static const struct syscall_whitelist whitelists[] __initconst = {
	SYSCALL_WHITELIST(read_write_test),
	SYSCALL_WHITELIST(android),
	PERMISSIVE_SYSCALL_WHITELIST(android),
	@@ -422,8 +422,8 @@ static struct syscall_whitelist whitelists[] = {
	PERMISSIVE_SYSCALL_WHITELIST(complete)
	};

	-static int alt_syscall_apply_whitelist(const struct syscall_whitelist *wl,
	- struct alt_sys_call_table *t)
	+static int __init alt_syscall_apply_whitelist(const struct syscall_whitelist *wl,
	+ struct alt_sys_call_table *t)
	{
	unsigned int i;
	unsigned long *whitelist = kcalloc(BITS_TO_LONGS(t->size),
	@@ -457,7 +457,7 @@ static int alt_syscall_apply_whitelist(const struct syscall_whitelist *wl,
	}

	#ifdef CONFIG_COMPAT
	-static int
	+static int __init
	alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
	struct alt_sys_call_table *t)
	{
	@@ -492,7 +492,7 @@ alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
	return 0;
	}
	#else
	-static inline int
	+static inline int __init
	alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
	struct alt_sys_call_table *t)
	{
	@@ -500,7 +500,7 @@ alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl,
	}
	#endif /* CONFIG_COMPAT */

	-static int alt_syscall_init_one(const struct syscall_whitelist *wl)
	+static int __init alt_syscall_init_one(const struct syscall_whitelist *wl)
	{
	struct alt_sys_call_table *t;
	int err;
	@@ -528,10 +528,8 @@ static int alt_syscall_init_one(const struct syscall_whitelist *wl)
	* Register an alternate syscall table for each whitelist. Note that the
	* lack of a module_exit() is intentional - once a syscall table is registered
	* it cannot be unregistered.
	- *
	- * TODO(abrestic) Support unregistering syscall tables?
	*/
	-static int chromiumos_alt_syscall_init(void)
	+static int __init chromiumos_alt_syscall_init(void)
	{
	unsigned int i;
	int err;
	diff --git a/security/chromiumos/android_whitelists.h b/security/chromiumos/android_whitelists.h
	index 2a17bf124776..e1cb938620a3 100644
	--- a/security/chromiumos/android_whitelists.h
	+++ b/security/chromiumos/android_whitelists.h
	@@ -55,7 +55,7 @@ static asmlinkage long android_compat_adjtimex(struct pt_regs *regs);
	static asmlinkage long android_compat_clock_adjtime(struct pt_regs *regs);
	#endif /* CONFIG_COMPAT */

	-static struct syscall_whitelist_entry android_whitelist[] = {
	+static const struct syscall_whitelist_entry android_whitelist[] __initconst = {
	SYSCALL_ENTRY(accept),
	SYSCALL_ENTRY(accept4),
	SYSCALL_ENTRY_ALT(adjtimex, android_adjtimex),
	@@ -328,7 +328,7 @@ static struct syscall_whitelist_entry android_whitelist[] = {
	}; /* end android_whitelist */

	#ifdef CONFIG_COMPAT
	-static struct syscall_whitelist_entry android_compat_whitelist[] = {
	+static const struct syscall_whitelist_entry android_compat_whitelist[] __initconst = {
	COMPAT_SYSCALL_ENTRY(access),
	COMPAT_SYSCALL_ENTRY_ALT(adjtimex, android_compat_adjtimex),
	COMPAT_SYSCALL_ENTRY(brk),
	diff --git a/security/chromiumos/complete_whitelists.h b/security/chromiumos/complete_whitelists.h
	index 224a5d3c6920..493d7ab41d89 100644
	--- a/security/chromiumos/complete_whitelists.h
	+++ b/security/chromiumos/complete_whitelists.h
	@@ -27,7 +27,7 @@

	#include "alt-syscall.h"

	-static struct syscall_whitelist_entry complete_whitelist[] = {
	+static const struct syscall_whitelist_entry complete_whitelist[] __initconst = {
	/* Syscalls wired up on ARM32/ARM64 and x86_64. */
	SYSCALL_ENTRY(accept),
	SYSCALL_ENTRY(accept4),
	@@ -367,7 +367,7 @@ static struct syscall_whitelist_entry complete_whitelist[] = {
	* block_syscall() (unless the permissive mode is used in which case the call
	* will be redirected to warn_compat_syscall()).
	*/
	-static struct syscall_whitelist_entry complete_compat_whitelist[] = {};
	+static const struct syscall_whitelist_entry complete_compat_whitelist[] __initconst = {};
	#endif /* CONFIG_COMPAT */

	#endif /* COMPLETE_WHITELISTS_H */
	diff --git a/security/chromiumos/read_write_test_whitelists.h b/security/chromiumos/read_write_test_whitelists.h
	index 5aa7370af4fc..abe939bdb111 100644
	--- a/security/chromiumos/read_write_test_whitelists.h
	+++ b/security/chromiumos/read_write_test_whitelists.h
	@@ -27,7 +27,7 @@

	#include "alt-syscall.h"

	-static struct syscall_whitelist_entry read_write_test_whitelist[] = {
	+static const struct syscall_whitelist_entry read_write_test_whitelist[] __initconst = {
	SYSCALL_ENTRY(exit),
	SYSCALL_ENTRY(openat),
	SYSCALL_ENTRY(close),
	@@ -42,7 +42,7 @@ static struct syscall_whitelist_entry read_write_test_whitelist[] = {
	}; /* end read_write_test_whitelist */

	#ifdef CONFIG_COMPAT
	-static struct syscall_whitelist_entry read_write_test_compat_whitelist[] = {
	+static const struct syscall_whitelist_entry read_write_test_compat_whitelist[] __initconst = {
	COMPAT_SYSCALL_ENTRY(exit),
	COMPAT_SYSCALL_ENTRY(open),
	COMPAT_SYSCALL_ENTRY(openat),
	diff --git a/security/chromiumos/third_party_whitelists.h b/security/chromiumos/third_party_whitelists.h
	index 7f2582b062bd..c04d2d739b48 100644
	--- a/security/chromiumos/third_party_whitelists.h
	+++ b/security/chromiumos/third_party_whitelists.h
	@@ -27,7 +27,7 @@

	#include "alt-syscall.h"

	-static struct syscall_whitelist_entry third_party_whitelist[] = {
	+static const struct syscall_whitelist_entry third_party_whitelist[] __initconst = {
	SYSCALL_ENTRY(accept),
	SYSCALL_ENTRY(bind),
	SYSCALL_ENTRY(brk),
	@@ -142,7 +142,7 @@ static struct syscall_whitelist_entry third_party_whitelist[] = {
	}; /* end third_party_whitelist */

	#ifdef CONFIG_COMPAT
	-static struct syscall_whitelist_entry third_party_compat_whitelist[] = {
	+static const struct syscall_whitelist_entry third_party_compat_whitelist[] __initconst = {
	COMPAT_SYSCALL_ENTRY(access),
	COMPAT_SYSCALL_ENTRY(brk),
	COMPAT_SYSCALL_ENTRY(chdir),
	--
	2.17.1