Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 43e0bfd3 authored by Laura Abbott's avatar Laura Abbott Committed by Kees Cook
Browse files

UPSTREAM: arm64: add better page protections to arm64 



Add page protections for arm64 similar to those in arm.
This is for security reasons to prevent certain classes
of exploits. The current method:

- Map all memory as either RWX or RW. We round to the nearest
  section to avoid creating page tables before everything is mapped
- Once everything is mapped, if either end of the RWX section should
  not be X, we split the PMD and remap as necessary
- When initmem is to be freed, we change the permissions back to
  RW (using stop machine if necessary to flush the TLB)
- If CONFIG_DEBUG_RODATA is set, the read only sections are set
  read only.

Acked-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarLaura Abbott <lauraa@codeaurora.org>
Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>

(cherry picked from commit da141706aea52c1a9fbd28cb8d289b78819f5436)
Signed-off-by: default avatarTomasz Figa <tfiga@chromium.org>

Bug: 24475017

Change-Id: I9e3f9cfa42f0adb0a06da20d62f9ea39dc3a4bef
Signed-off-by: default avatarKees Cook <keescook@google.com>
parent beeab2a4
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment