diff options
| author | Laura Abbott <lauraa@codeaurora.org> | 2015-01-21 17:36:06 -0800 |
|---|---|---|
| committer | Catalin Marinas <catalin.marinas@arm.com> | 2015-01-22 14:54:29 +0000 |
| commit | da141706aea52c1a9fbd28cb8d289b78819f5436 (patch) | |
| tree | 6fb0fb5a11c98030393c5915802c9ec891b6df51 /arch/arm64/mm/init.c | |
| parent | 2f896d5866107e2926dcdec34a7d40bc56dd2951 (diff) | |
| download | op-kernel-dev-da141706aea52c1a9fbd28cb8d289b78819f5436.zip op-kernel-dev-da141706aea52c1a9fbd28cb8d289b78819f5436.tar.gz | |
arm64: add better page protections to arm64
Add page protections for arm64 similar to those in arm.
This is for security reasons to prevent certain classes
of exploits. The current method:
- Map all memory as either RWX or RW. We round to the nearest
section to avoid creating page tables before everything is mapped
- Once everything is mapped, if either end of the RWX section should
not be X, we split the PMD and remap as necessary
- When initmem is to be freed, we change the permissions back to
RW (using stop machine if necessary to flush the TLB)
- If CONFIG_DEBUG_RODATA is set, the read only sections are set
read only.
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/mm/init.c')
| -rw-r--r-- | arch/arm64/mm/init.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 11c7b70..43cccb5 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -344,6 +344,7 @@ void __init mem_init(void) void free_initmem(void) { + fixup_init(); free_initmem_default(0); free_alternatives_memory(); } |
