diff options
| author | Laura Abbott <lauraa@codeaurora.org> | 2015-01-22 04:36:06 +0300 |
|---|---|---|
| committer | Catalin Marinas <catalin.marinas@arm.com> | 2015-01-22 17:54:29 +0300 |
| commit | da141706aea52c1a9fbd28cb8d289b78819f5436 (patch) | |
| tree | 6fb0fb5a11c98030393c5915802c9ec891b6df51 /arch/arm64/mm/init.c | |
| parent | 2f896d5866107e2926dcdec34a7d40bc56dd2951 (diff) | |
| download | linux-da141706aea52c1a9fbd28cb8d289b78819f5436.tar.xz | |
arm64: add better page protections to arm64
Add page protections for arm64 similar to those in arm.
This is for security reasons to prevent certain classes
of exploits. The current method:
- Map all memory as either RWX or RW. We round to the nearest
section to avoid creating page tables before everything is mapped
- Once everything is mapped, if either end of the RWX section should
not be X, we split the PMD and remap as necessary
- When initmem is to be freed, we change the permissions back to
RW (using stop machine if necessary to flush the TLB)
- If CONFIG_DEBUG_RODATA is set, the read only sections are set
read only.
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/mm/init.c')
| -rw-r--r-- | arch/arm64/mm/init.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 11c7b701b681..43cccb5101c0 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -344,6 +344,7 @@ void __init mem_init(void) void free_initmem(void) { + fixup_init(); free_initmem_default(0); free_alternatives_memory(); } |