[PATCH 0/4] arm64: mmu: avoid writeable-executable mappings
Laura Abbott
labbott at redhat.com
Fri Feb 10 13:42:24 PST 2017
On 02/10/2017 09:16 AM, Ard Biesheuvel wrote:
> Having memory that is writable and executable at the same time is a
> security hazard, and so we tend to avoid those when we can. However,
> at boot time, we keep .text mapped writable during the entire init
> phase, and the init region itself is mapped rwx as well.
>
> Let's improve the situation by:
> - making the alternatives patching use the linear mapping
> - splitting the init region into separate text and data regions
>
> This removes all RWX mappings except the really early one created
> in head.S (which we could perhaps fix in the future as well)
>
> Ard Biesheuvel (4):
> arm: kvm: move kvm_vgic_global_state out of .text section
> arm64: alternatives: apply boot time fixups via the linear mapping
> arm64: mmu: map .text as read-only from the outset
> arm64: mmu: apply strict permissions to .init.text and .init.data
>
> arch/arm64/include/asm/mmu.h | 1 +
> arch/arm64/include/asm/sections.h | 3 +-
> arch/arm64/kernel/alternative.c | 6 +--
> arch/arm64/kernel/smp.c | 1 +
> arch/arm64/kernel/vmlinux.lds.S | 32 ++++++++++-----
> arch/arm64/mm/init.c | 3 +-
> arch/arm64/mm/mmu.c | 42 ++++++++++++++------
> virt/kvm/arm/vgic/vgic.c | 4 +-
> 8 files changed, 64 insertions(+), 28 deletions(-)
>
Reviewed-by: Laura Abbott <labbott at redhat.com>
More information about the linux-arm-kernel
mailing list