diff options
author | Laura Abbott <lauraa@codeaurora.org> | 2015-01-21 17:36:06 -0800 |
---|---|---|
committer | Kees Cook <keescook@google.com> | 2015-10-07 13:13:49 -0700 |
commit | 43e0bfd3b4401ab8d0598f01c2536becbdb68630 (patch) | |
tree | 8d354bfc54a21e487f6861386ed58afe4fb0112d /net/ipv6/addrconf.c | |
parent | beeab2a441619417a1cdbd06d922ea669eb92931 (diff) |
UPSTREAM: arm64: add better page protections to arm64
Add page protections for arm64 similar to those in arm.
This is for security reasons to prevent certain classes
of exploits. The current method:
- Map all memory as either RWX or RW. We round to the nearest
section to avoid creating page tables before everything is mapped
- Once everything is mapped, if either end of the RWX section should
not be X, we split the PMD and remap as necessary
- When initmem is to be freed, we change the permissions back to
RW (using stop machine if necessary to flush the TLB)
- If CONFIG_DEBUG_RODATA is set, the read only sections are set
read only.
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Kees Cook <keescook@chromium.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit da141706aea52c1a9fbd28cb8d289b78819f5436)
Signed-off-by: Tomasz Figa <tfiga@chromium.org>
Bug: 24475017
Change-Id: I9e3f9cfa42f0adb0a06da20d62f9ea39dc3a4bef
Signed-off-by: Kees Cook <keescook@google.com>
Diffstat (limited to 'net/ipv6/addrconf.c')
0 files changed, 0 insertions, 0 deletions