Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ca359208 authored by Laura Abbott's avatar Laura Abbott Committed by Rohit Vaswani
Browse files

arm64: add better page protections to arm64 



Add page protections for arm64 similar to those in arm.
This is for security reasons to prevent certain classes
of exploits. The current method:

- Map all memory as either RWX or RW. We round to the nearest
  section to avoid creating page tables before everything is mapped
- Once everything is mapped, if either end of the RWX section should
  not be X, we split the PMD and remap as necessary
- When initmem is to be freed, we change the permissions back to
  RW (using stop machine if necessary to flush the TLB)
- If CONFIG_DEBUG_RODATA is set, the read only sections are set
  read only.

Change-Id: I4f772643edbde1b91b3de79391e6490c2d3bec48
Acked-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarLaura Abbott <lauraa@codeaurora.org>
Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Git-commit: da141706aea52c1a9fbd28cb8d289b78819f5436
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


[rvaswani@codeaurora.org: fixed merge conflicts]
Signed-off-by: default avatarRohit Vaswani <rvaswani@codeaurora.org>
parent 00516964
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment