selinux: Relocate ss_initialized and selinux_enforcing to separate 4k

We need to relocate ss_initialized and selinux_enforcing to a separate 4k page to enable EL2 Hypervisor to monitor changes to this variable using ARM stage 2 MMU. We will avoid getting page faults from un-related data as the MMU granularity is configured to 4k. Change-Id: I870b50edf1a5d3e3b89d249a2eaac6ab6f3838ee Signed-off-by: Amareswar Reddy Valasa <avalasa@codeaurora.org>
2019-11-06 16:29:39 +05:30 · 2019-11-06 16:29:39 +05:30 · 50240fa841
commit 50240fa841
parent a0e0de0156
3 changed files with 11 additions and 1 deletions
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@ -68,6 +68,10 @@ jiffies = jiffies_64;
 #define TRAMP_TEXT
 #endif

+#define RTIC_BSS					\
+	. = ALIGN(PAGE_SIZE);				\
+	KEEP(*(.bss.rtic));			\
+	. = ALIGN(PAGE_SIZE);				\
 /*
 * The size of the PE/COFF section that covers the kernel image, which
 * runs from stext to _edata, must be a round multiple of the PE/COFF
@ -239,6 +243,10 @@ SECTIONS
 	STABS_DEBUG

 	HEAD_SYMBOLS
+
+	.bss : {			/* bss segment		*/
+         RTIC_BSS
+	}
 }

 /*
--- a/include/linux/init.h
+++ b/include/linux/init.h
@ -314,6 +314,8 @@ void __init parse_early_options(char *cmdline);
 /* Data marked not to be saved by software suspend */
 #define __nosavedata __section(.data..nosave)

+#define __rticdata  __attribute__((section(".bss.rtic")))
+
 #ifdef MODULE
 #define __exit_p(x) x
 #else
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@ -100,7 +100,7 @@
 #include "audit.h"
 #include "avc_ss.h"

-struct selinux_state selinux_state;
+struct selinux_state selinux_state __rticdata;

 /* SECMARK reference count */
 static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);