git.cascardo.info Git - cascardo/linux.git/commit

author	Laura Abbott <lauraa@codeaurora.org>
	Thu, 22 Jan 2015 01:36:06 +0000 (17:36 -0800)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Thu, 22 Jan 2015 14:54:29 +0000 (14:54 +0000)
commit	da141706aea52c1a9fbd28cb8d289b78819f5436
tree	6fb0fb5a11c98030393c5915802c9ec891b6df51	tree \| snapshot
parent	2f896d5866107e2926dcdec34a7d40bc56dd2951	commit \| diff

arm64: add better page protections to arm64

Add page protections for arm64 similar to those in arm.
This is for security reasons to prevent certain classes
of exploits. The current method:

- Map all memory as either RWX or RW. We round to the nearest
  section to avoid creating page tables before everything is mapped
- Once everything is mapped, if either end of the RWX section should
  not be X, we split the PMD and remap as necessary
- When initmem is to be freed, we change the permissions back to
  RW (using stop machine if necessary to flush the TLB)
- If CONFIG_DEBUG_RODATA is set, the read only sections are set
  read only.

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

arch/arm64/Kconfig.debug		diff \| blob \| history
arch/arm64/include/asm/cacheflush.h		diff \| blob \| history
arch/arm64/kernel/vmlinux.lds.S		diff \| blob \| history
arch/arm64/mm/init.c		diff \| blob \| history
arch/arm64/mm/mm.h		diff \| blob \| history
arch/arm64/mm/mmu.c		diff \| blob \| history