diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2020-10-01 12:12:29 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-10-01 12:51:29 +0200 |
| commit | 1170210d9cb103aa346ce7260db1c1819cb3c41f (patch) | |
| tree | b1c9caca0907c1dd2bec27165c33a0c1cc9fa498 /pkg/build/linux_generated.go | |
| parent | c1ff9c10cf949b3fe952f6d4e86016b2f837d941 (diff) | |
tools/create-gce-image.sh: drop rodata=n
There is suspicion that the random programs corrupt .text segment:
https://groups.google.com/g/syzkaller-bugs/c/d5GC1V8S34k/m/6LTarP8mBAAJ
which leads to a number of assorted confusing crashes:
https://syzkaller.appspot.com/bug?extid=ce179bc99e64377c24bc
Turns out we disable text ro protection with rodata=n.
The comment says that's because it's slow with KASAN,
but most likely what was slow is actually additional
debug checking due to CONFIG_DEBUG_WX.
If we don't enable CONFIG_DEBUG_WX (which we don't),
rodata itself should be fine and desirable.
My experiment with the latest kernel does not show
any noticable slowdown without rodata=n:
[ 11.985152][ T1] Freeing unused kernel image (initmem) memory: 3432K
[ 11.986129][ T1] Write protecting the kernel read-only data: 147456k
[ 11.990863][ T1] Freeing unused kernel image (text/rodata gap) memory: 2012K
[ 11.992797][ T1] Freeing unused kernel image (rodata/data gap) memory: 1324K
[ 11.993895][ T1] Run /sbin/init as init process
[ 11.910396][ T1] Freeing unused kernel image (initmem) memory: 3432K
[ 11.911277][ T1] Kernel memory protection disabled.
[ 11.911984][ T1] Run /sbin/init as init process
Diffstat (limited to 'pkg/build/linux_generated.go')
| -rw-r--r-- | pkg/build/linux_generated.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/build/linux_generated.go b/pkg/build/linux_generated.go index f576a9f97..e35428f18 100644 --- a/pkg/build/linux_generated.go +++ b/pkg/build/linux_generated.go @@ -140,7 +140,7 @@ menuentry 'linux' --class gnu-linux --class gnu --class os { insmod part_msdos insmod ext2 set root='(hd0,1)' - linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 $CMDLINE + linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 $CMDLINE } EOF sudo grub-install --target=i386-pc --boot-directory=disk.mnt/boot --no-floppy $DISKDEV @@ -155,14 +155,14 @@ menuentry 'linux' --class gnu-linux --class gnu --class os { insmod part_gpt insmod ext2 set root='(ieee1275/disk,gpt2)' - linux /vmlinuz root=/dev/sda2 console=ttyS0 earlyprintk=serial rodata=n oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 $CMDLINE + linux /vmlinuz root=/dev/sda2 console=ttyS0 earlyprintk=serial oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 $CMDLINE } EOF sudo grub-install --target=powerpc-ieee1275 --boot-directory=disk.mnt/boot $DISKDEV"p1" ;; s390x) sudo zipl -V -t disk.mnt/boot -i disk.mnt/vmlinuz \ - -P "root=/dev/vda1 console=ttyS0 earlyprintk=serial rodata=n oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 net.ifnames=0 biosdevname=0 $CMDLINE" \ + -P "root=/dev/vda1 console=ttyS0 earlyprintk=serial oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 net.ifnames=0 biosdevname=0 $CMDLINE" \ --targetbase=$DISKDEV --targettype=SCSI --targetblocksize=512 --targetoffset=2048 ;; esac |