diff options
| -rw-r--r-- | arch/x86/mm/pti.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index f1fd52f449e0..ae3eb4f5d53b 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c | |||
| @@ -430,12 +430,24 @@ static inline bool pti_kernel_image_global_ok(void) | |||
| 430 | */ | 430 | */ |
| 431 | void pti_clone_kernel_text(void) | 431 | void pti_clone_kernel_text(void) |
| 432 | { | 432 | { |
| 433 | /* | ||
| 434 | * rodata is part of the kernel image and is normally | ||
| 435 | * readable on the filesystem or on the web. But, do not | ||
| 436 | * clone the areas past rodata, they might contain secrets. | ||
| 437 | */ | ||
| 433 | unsigned long start = PFN_ALIGN(_text); | 438 | unsigned long start = PFN_ALIGN(_text); |
| 434 | unsigned long end = ALIGN((unsigned long)_end, PMD_PAGE_SIZE); | 439 | unsigned long end = (unsigned long)__end_rodata_hpage_align; |
| 435 | 440 | ||
| 436 | if (!pti_kernel_image_global_ok()) | 441 | if (!pti_kernel_image_global_ok()) |
| 437 | return; | 442 | return; |
| 438 | 443 | ||
| 444 | pr_debug("mapping partial kernel image into user address space\n"); | ||
| 445 | |||
| 446 | /* | ||
| 447 | * Note that this will undo _some_ of the work that | ||
| 448 | * pti_set_kernel_image_nonglobal() did to clear the | ||
| 449 | * global bit. | ||
| 450 | */ | ||
| 439 | pti_clone_pmds(start, end, _PAGE_RW); | 451 | pti_clone_pmds(start, end, _PAGE_RW); |
| 440 | } | 452 | } |
| 441 | 453 | ||
| @@ -458,8 +470,6 @@ void pti_set_kernel_image_nonglobal(void) | |||
| 458 | if (pti_kernel_image_global_ok()) | 470 | if (pti_kernel_image_global_ok()) |
| 459 | return; | 471 | return; |
| 460 | 472 | ||
| 461 | pr_debug("set kernel image non-global\n"); | ||
| 462 | |||
| 463 | set_memory_nonglobal(start, (end - start) >> PAGE_SHIFT); | 473 | set_memory_nonglobal(start, (end - start) >> PAGE_SHIFT); |
| 464 | } | 474 | } |
| 465 | 475 | ||