[PATCH 2/4] arm64: omit [_text, _stext) from permanent kernel mapping
Will Deacon
will at kernel.org
Wed Oct 28 10:10:48 EDT 2020
On Tue, Oct 27, 2020 at 08:32:07AM +0100, Ard Biesheuvel wrote:
> In a previous patch, we increased the size of the EFI PE/COFF header
> to 64 KB, which resulted in the _stext symbol to appear at a fixed
> offset of 64 KB into the image.
>
> Since 64 KB is also the largest page size we support, this completely
> removes the need to map the first 64 KB of the kernel image, given that
> it only contains the arm64 Image header and the EFI header, none of which
> we ever access again after booting the kernel. More importantly, we should
> avoid an executable mapping of non-executable and not entirely predictable
> data, in the unlikely event that we emitted something that looks like an
> opcode that could be used as a gadget for speculative execution.
>
> So let's limit the kernel mapping of .text to the [_stext, _etext) region,
> which matches the view of generic code (such as kallsyms) when it reasons
> about the boundaries of the kernel's .text section.
>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> ---
> arch/arm64/kernel/efi-header.S | 7 -------
> arch/arm64/kernel/setup.c | 4 ++--
> arch/arm64/kernel/vmlinux.lds.S | 2 +-
> arch/arm64/mm/init.c | 2 +-
> arch/arm64/mm/mmu.c | 10 +++++-----
> 5 files changed, 9 insertions(+), 16 deletions(-)
Acked-by: Will Deacon <will at kernel.org>
Will
More information about the linux-arm-kernel
mailing list