On Wed, Sep 30, 2020 at 6:23 PM Dmitry Vyukov <dvyu...@google.com> wrote:
> > Hi,
> >
> > one more thing I just spotted. The default install of syzkaller here
> > runs the guest with this on the kernel command line:
> >
> > 2020/09/30 17:56:18 running command: qemu-system-x86_64 []string{"-m",
> > "2048",
> > "-smp", "2", "-display", ... "-append", "earlyprintk=serial oops=panic ...
> > nmi_watchdog=panic panic_on_warn=1 panic=1 ftrace_dump_on_oops=orig_cpu
> > rodata=n
> >
> > ^^^^^^^^^^
> >
> > which basically leaves guest kernel's memory RW and it gets caught
> > immediately on vm boot by CONFIG_DEBUG_WX.
> >
> > This pretty much explains why kernel text can get corrupted with a stray
> > pointer write or so. So what's the use case for rodata=n?
> >
> > [ 2.478136] Kernel memory protection disabled.
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> Ha!
>
> Here is the answer:
> https://github.com/google/syzkaller/blob/master/tools/create-gce-image.sh#L189
>
> # rodata=n: mark_rodata_ro becomes very slow with KASAN (lots of PGDs)
>
> I have some vague memory that there was some debug double checking
> that pages are indeed read-only and that debug check was slow, but it
> was always executed without rodata=n.
I don't see this is still the case. Diff between 2 boots:
[ 11.985152][ T1] Freeing unused kernel image (initmem) memory: 3432K
[ 11.986129][ T1] Write protecting the kernel read-only data: 147456k
[ 11.990863][ T1] Freeing unused kernel image (text/rodata gap)
memory: 2012K
[ 11.992797][ T1] Freeing unused kernel image (rodata/data gap)
memory: 1324K
[ 11.993895][ T1] Run /sbin/init as init process
[ 11.910396][ T1] Freeing unused kernel image (initmem) memory: 3432K
[ 11.911277][ T1] Kernel memory protection disabled.
[ 11.911984][ T1] Run /sbin/init as init process
Was it fixed at some point? Was it backported to stable?
