linux/arch/arm64/mm
Ard Biesheuvel c55191e96c arm64: mm: apply r/o permissions of VM areas to its linear alias as well
On arm64, we use block mappings and contiguous hints to map the linear
region, to minimize the TLB footprint. However, this means that the
entire region is mapped using read/write permissions, which we cannot
modify at page granularity without having to take intrusive measures to
prevent TLB conflicts.

This means the linear aliases of pages belonging to read-only mappings
(executable or otherwise) in the vmalloc region are also mapped read/write,
and could potentially be abused to modify things like module code, bpf JIT
code or other read-only data.

So let's fix this, by extending the set_memory_ro/rw routines to take
the linear alias into account. The consequence of enabling this is
that we can no longer use block mappings or contiguous hints, so in
cases where the TLB footprint of the linear region is a bottleneck,
performance may be affected.

Therefore, allow this feature to be runtime en/disabled, by setting
rodata=full (or 'on' to disable just this enhancement, or 'off' to
disable read-only mappings for code and r/o data entirely) on the
kernel command line. Also, allow the default value to be set via a
Kconfig option.

Tested-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-11-20 11:38:26 +00:00
..
cache.S arm64: IPI each CPU after invalidating the I-cache for kernel mappings 2018-07-05 17:24:36 +01:00
context.c arm64: mm: Drop the unused cpu parameter 2018-10-09 17:17:23 +01:00
copypage.c
dma-mapping.c arm64: fix warnings without CONFIG_IOMMU_DMA 2018-11-02 19:27:22 +01:00
dump.c arm64: dump: Use consistent capitalisation for page-table dumps 2018-09-10 16:15:23 +01:00
extable.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fault.c Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2018-10-24 11:22:39 +01:00
flush.c arm64: mm: Export __sync_icache_dcache() for xen-privcmd 2018-07-27 13:12:15 +01:00
hugetlbpage.c arm64: hugetlb: Avoid unnecessary clearing in huge_ptep_set_access_flags 2018-09-24 17:51:50 +01:00
init.c arm64: memblock: don't permit memblock resizing until linear mapping is up 2018-11-08 17:54:03 +00:00
ioremap.c arm64: use is_vmalloc_addr 2017-02-09 13:47:56 +00:00
kasan_init.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mmap.c exec: pass stack rlimit into mm layout functions 2018-04-11 10:28:37 -07:00
mmu.c arm64: mm: apply r/o permissions of VM areas to its linear alias as well 2018-11-20 11:38:26 +00:00
numa.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
pageattr.c arm64: mm: apply r/o permissions of VM areas to its linear alias as well 2018-11-20 11:38:26 +00:00
pgd.c arm64: handle 52-bit addresses in TTBR 2017-12-22 17:35:21 +00:00
physaddr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
proc.S arm64: mm: Support Common Not Private translations 2018-09-18 12:02:27 +01:00
ptdump_debugfs.c ARM64: dump: Convert to use DEFINE_SHOW_ATTRIBUTE macro 2018-07-02 10:36:37 +01:00