From 1170210d9cb103aa346ce7260db1c1819cb3c41f Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 1 Oct 2020 12:12:29 +0200
Subject: tools/create-gce-image.sh: drop rodata=n

There is suspicion that the random programs corrupt .text segment:
https://groups.google.com/g/syzkaller-bugs/c/d5GC1V8S34k/m/6LTarP8mBAAJ
which leads to a number of assorted confusing crashes:
https://syzkaller.appspot.com/bug?extid=ce179bc99e64377c24bc

Turns out we disable text ro protection with rodata=n.
The comment says that's because it's slow with KASAN,
but most likely what was slow is actually additional
debug checking due to CONFIG_DEBUG_WX.
If we don't enable CONFIG_DEBUG_WX (which we don't),
rodata itself should be fine and desirable.

My experiment with the latest kernel does not show
any noticable slowdown without rodata=n:

[   11.985152][    T1] Freeing unused kernel image (initmem) memory: 3432K
[   11.986129][    T1] Write protecting the kernel read-only data: 147456k
[   11.990863][    T1] Freeing unused kernel image (text/rodata gap) memory: 2012K
[   11.992797][    T1] Freeing unused kernel image (rodata/data gap) memory: 1324K
[   11.993895][    T1] Run /sbin/init as init process

[   11.910396][    T1] Freeing unused kernel image (initmem) memory: 3432K
[   11.911277][    T1] Kernel memory protection disabled.
[   11.911984][    T1] Run /sbin/init as init process
---
 pkg/build/linux_generated.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'pkg/build/linux_generated.go')

diff --git a/pkg/build/linux_generated.go b/pkg/build/linux_generated.go
index f576a9f97..e35428f18 100644
--- a/pkg/build/linux_generated.go
+++ b/pkg/build/linux_generated.go
@@ -140,7 +140,7 @@ menuentry 'linux' --class gnu-linux --class gnu --class os {
 	insmod part_msdos
 	insmod ext2
 	set root='(hd0,1)'
-	linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 $CMDLINE
+	linux /vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 $CMDLINE
 }
 EOF
 	sudo grub-install --target=i386-pc --boot-directory=disk.mnt/boot --no-floppy $DISKDEV
@@ -155,14 +155,14 @@ menuentry 'linux' --class gnu-linux --class gnu --class os {
 	insmod part_gpt
 	insmod ext2
 	set root='(ieee1275/disk,gpt2)'
-	linux /vmlinuz root=/dev/sda2 console=ttyS0 earlyprintk=serial rodata=n oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 $CMDLINE
+	linux /vmlinuz root=/dev/sda2 console=ttyS0 earlyprintk=serial oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 $CMDLINE
 }
 EOF
 	sudo grub-install --target=powerpc-ieee1275 --boot-directory=disk.mnt/boot $DISKDEV"p1"
 	;;
 s390x)
 	sudo zipl -V -t disk.mnt/boot -i disk.mnt/vmlinuz \
-	     -P "root=/dev/vda1 console=ttyS0 earlyprintk=serial rodata=n oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 net.ifnames=0 biosdevname=0 $CMDLINE" \
+	     -P "root=/dev/vda1 console=ttyS0 earlyprintk=serial oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 net.ifnames=0 biosdevname=0 $CMDLINE" \
 	     --targetbase=$DISKDEV --targettype=SCSI --targetblocksize=512 --targetoffset=2048
 	;;
 esac
-- 
cgit mrf-deployment