From: ard.biesheuvel@linaro.org (Ard Biesheuvel)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 0/5] arm64: mmu: avoid writeable-executable mappings
Date: Tue, 14 Feb 2017 20:52:33 +0000 [thread overview]
Message-ID: <1487105558-21897-1-git-send-email-ard.biesheuvel@linaro.org> (raw)
Having memory that is writable and executable at the same time is a
security hazard, and so we tend to avoid those when we can. However,
at boot time, we keep .text mapped writable during the entire init
phase, and the init region itself is mapped rwx as well.
Let's improve the situation by:
- making the alternatives patching use the linear mapping
- splitting the init region into separate text and data regions
This removes all RWX mappings except the really early one created
in head.S (which we could perhaps fix in the future as well)
Changes since v2:
- ensure that text mappings remain writable under rodata=off
- rename create_mapping_late() to update_mapping_prot()
- clarify commit log of #2
- add acks
Changes since v1:
- add patch to move TLB maintenance into create_mapping_late() and remove it
from its callers (#2)
- use the true address not the linear alias when patching branch instructions,
spotted by Suzuki (#3)
- mark mark_linear_text_alias_ro() __init (#3)
- move the .rela section back into __initdata: as it turns out, leaving a hole
between the segments results in a peculiar situation where other unrelated
allocations end up right in the middle of the kernel Image, which is
probably a bad idea (#5). See below for an example.
- add acks
Ard Biesheuvel (5):
arm: kvm: move kvm_vgic_global_state out of .text section
arm64: mmu: move TLB maintenance from callers to create_mapping_late()
arm64: alternatives: apply boot time fixups via the linear mapping
arm64: mmu: map .text as read-only from the outset
arm64: mmu: apply strict permissions to .init.text and .init.data
arch/arm64/include/asm/mmu.h | 1 +
arch/arm64/include/asm/sections.h | 3 +-
arch/arm64/kernel/alternative.c | 2 +-
arch/arm64/kernel/smp.c | 1 +
arch/arm64/kernel/vmlinux.lds.S | 25 +++++---
arch/arm64/mm/mmu.c | 61 +++++++++++++-------
virt/kvm/arm/vgic/vgic.c | 4 +-
7 files changed, 65 insertions(+), 32 deletions(-)
--
2.7.4
next reply other threads:[~2017-02-14 20:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-14 20:52 Ard Biesheuvel [this message]
2017-02-14 20:52 ` [PATCH v3 1/5] arm: kvm: move kvm_vgic_global_state out of .text section Ard Biesheuvel
2017-02-14 20:52 ` [PATCH v3 2/5] arm64: mmu: move TLB maintenance from callers to create_mapping_late() Ard Biesheuvel
2017-02-14 20:52 ` [PATCH v3 3/5] arm64: alternatives: apply boot time fixups via the linear mapping Ard Biesheuvel
2017-02-14 20:52 ` [PATCH v3 4/5] arm64: mmu: map .text as read-only from the outset Ard Biesheuvel
2017-02-14 20:52 ` [PATCH v3 5/5] arm64: mmu: apply strict permissions to .init.text and .init.data Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1487105558-21897-1-git-send-email-ard.biesheuvel@linaro.org \
--to=ard.biesheuvel@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).