mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
19a0086902
Currently, .init.text & .init.data are intermixed which makes it impossible apply different permissions to them. .init.data shouldn't need exec permissions while .init.text shouldn't have write permission. Moreover, the strict permission are only enforced /init starts. This leaves the kernel vulnerable from possible buggy built-in modules. Keep .init.text & .data in separate sections so that different permissions are applied to each section. Apply permissions to individual sections as early as possible. This improves the kernel protection under CONFIG_STRICT_KERNEL_RWX. We also need to restore the permissions for the entire _init section after it is freed so that those pages can be used for other purpose. Signed-off-by: Atish Patra <atish.patra@wdc.com> Tested-by: Greentime Hu <greentime.hu@sifive.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
44 lines
1.4 KiB
C
44 lines
1.4 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright (C) 2019 SiFive
|
|
*/
|
|
|
|
#ifndef _ASM_RISCV_SET_MEMORY_H
|
|
#define _ASM_RISCV_SET_MEMORY_H
|
|
|
|
#ifndef __ASSEMBLY__
|
|
/*
|
|
* Functions to change memory attributes.
|
|
*/
|
|
#ifdef CONFIG_MMU
|
|
int set_memory_ro(unsigned long addr, int numpages);
|
|
int set_memory_rw(unsigned long addr, int numpages);
|
|
int set_memory_x(unsigned long addr, int numpages);
|
|
int set_memory_nx(unsigned long addr, int numpages);
|
|
int set_memory_rw_nx(unsigned long addr, int numpages);
|
|
void protect_kernel_text_data(void);
|
|
#else
|
|
static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; }
|
|
static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; }
|
|
static inline int set_memory_x(unsigned long addr, int numpages) { return 0; }
|
|
static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; }
|
|
static inline void protect_kernel_text_data(void) {};
|
|
static inline int set_memory_rw_nx(unsigned long addr, int numpages) { return 0; }
|
|
#endif
|
|
|
|
int set_direct_map_invalid_noflush(struct page *page);
|
|
int set_direct_map_default_noflush(struct page *page);
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
#ifdef CONFIG_ARCH_HAS_STRICT_KERNEL_RWX
|
|
#ifdef CONFIG_64BIT
|
|
#define SECTION_ALIGN (1 << 21)
|
|
#else
|
|
#define SECTION_ALIGN (1 << 22)
|
|
#endif
|
|
#else /* !CONFIG_ARCH_HAS_STRICT_KERNEL_RWX */
|
|
#define SECTION_ALIGN L1_CACHE_BYTES
|
|
#endif /* CONFIG_ARCH_HAS_STRICT_KERNEL_RWX */
|
|
|
|
#endif /* _ASM_RISCV_SET_MEMORY_H */
|