diff options
author | Catalin Marinas <catalin.marinas@arm.com> | 2014-05-16 19:44:32 +0400 |
---|---|---|
committer | Catalin Marinas <catalin.marinas@arm.com> | 2014-05-16 19:44:32 +0400 |
commit | 5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 (patch) | |
tree | 69ae10dd39df9e8de4edd1049d4dafe1436dd37e /arch/arm64/mm | |
parent | cf5c95db57ffa02e430c3840c08d1ee0403849d4 (diff) | |
download | linux-5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830.tar.xz |
Revert "arm64: Introduce execute-only page access permissions"
This reverts commit bc07c2c6e9ed125d362af0214b6313dca180cb08.
While the aim is increased security for --x memory maps, it does not
protect against kernel level reads. Until SECCOMP is implemented for
arm64, revert this patch to avoid giving a false idea of execute-only
mappings.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/mm')
-rw-r--r-- | arch/arm64/mm/fault.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 89c6763d5e7e..bcc965e2cce1 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -173,7 +173,8 @@ static int __do_page_fault(struct mm_struct *mm, unsigned long addr, good_area: /* * Check that the permissions on the VMA allow for the fault which - * occurred. + * occurred. If we encountered a write or exec fault, we must have + * appropriate permissions, otherwise we allow any permission. */ if (!(vma->vm_flags & vm_flags)) { fault = VM_FAULT_BADACCESS; @@ -195,7 +196,7 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, struct task_struct *tsk; struct mm_struct *mm; int fault, sig, code; - unsigned long vm_flags = VM_READ | VM_WRITE; + unsigned long vm_flags = VM_READ | VM_WRITE | VM_EXEC; unsigned int mm_flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; tsk = current; |