diff options
| author | Kees Cook <keescook@chromium.org> | 2014-11-14 14:47:37 -0500 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2014-11-18 12:32:24 -0500 |
| commit | 45e2a9d4701d8c624d4a4bcdd1084eae31e92f58 (patch) | |
| tree | bfce1948694bf8fabbc2c6dd79ddfe7ced1321e3 | |
| parent | fb86b97300d930b57471068720c52bfa8622eab7 (diff) | |
x86, mm: Set NX across entire PMD at boot
When setting up permissions on kernel memory at boot, the end of the
PMD that was split from bss remained executable. It should be NX like
the rest. This performs a PMD alignment instead of a PAGE alignment to
get the correct span of memory.
Before:
---[ High Kernel Mapping ]---
...
0xffffffff8202d000-0xffffffff82200000 1868K RW GLB NX pte
0xffffffff82200000-0xffffffff82c00000 10M RW PSE GLB NX pmd
0xffffffff82c00000-0xffffffff82df5000 2004K RW GLB NX pte
0xffffffff82df5000-0xffffffff82e00000 44K RW GLB x pte
0xffffffff82e00000-0xffffffffc0000000 978M pmd
After:
---[ High Kernel Mapping ]---
...
0xffffffff8202d000-0xffffffff82200000 1868K RW GLB NX pte
0xffffffff82200000-0xffffffff82e00000 12M RW PSE GLB NX pmd
0xffffffff82e00000-0xffffffffc0000000 978M pmd
[ tglx: Changed it to roundup(_brk_end, PMD_SIZE) and added a comment.
We really should unmap the reminder along with the holes
caused by init,initdata etc. but thats a different issue ]
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20141114194737.GA3091@www.outflux.net
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
| -rw-r--r-- | arch/x86/mm/init_64.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 4cb8763868fc..4e5dfec750fc 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c | |||
| @@ -1123,7 +1123,7 @@ void mark_rodata_ro(void) | |||
| 1123 | unsigned long end = (unsigned long) &__end_rodata_hpage_align; | 1123 | unsigned long end = (unsigned long) &__end_rodata_hpage_align; |
| 1124 | unsigned long text_end = PFN_ALIGN(&__stop___ex_table); | 1124 | unsigned long text_end = PFN_ALIGN(&__stop___ex_table); |
| 1125 | unsigned long rodata_end = PFN_ALIGN(&__end_rodata); | 1125 | unsigned long rodata_end = PFN_ALIGN(&__end_rodata); |
| 1126 | unsigned long all_end = PFN_ALIGN(&_end); | 1126 | unsigned long all_end; |
| 1127 | 1127 | ||
| 1128 | printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", | 1128 | printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", |
| 1129 | (end - start) >> 10); | 1129 | (end - start) >> 10); |
| @@ -1134,7 +1134,16 @@ void mark_rodata_ro(void) | |||
| 1134 | /* | 1134 | /* |
| 1135 | * The rodata/data/bss/brk section (but not the kernel text!) | 1135 | * The rodata/data/bss/brk section (but not the kernel text!) |
| 1136 | * should also be not-executable. | 1136 | * should also be not-executable. |
| 1137 | * | ||
| 1138 | * We align all_end to PMD_SIZE because the existing mapping | ||
| 1139 | * is a full PMD. If we would align _brk_end to PAGE_SIZE we | ||
| 1140 | * split the PMD and the reminder between _brk_end and the end | ||
| 1141 | * of the PMD will remain mapped executable. | ||
| 1142 | * | ||
| 1143 | * Any PMD which was setup after the one which covers _brk_end | ||
| 1144 | * has been zapped already via cleanup_highmem(). | ||
| 1137 | */ | 1145 | */ |
| 1146 | all_end = roundup((unsigned long)_brk_end, PMD_SIZE); | ||
| 1138 | set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT); | 1147 | set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT); |
| 1139 | 1148 | ||
| 1140 | rodata_test(); | 1149 | rodata_test(); |