git.osdn.net Git - uclinux-h8/linux.git/commit

author	Atish Patra <atish.patra@wdc.com>
	Thu, 5 Nov 2020 00:04:38 +0000 (16:04 -0800)
committer	Palmer Dabbelt <palmerdabbelt@google.com>
	Thu, 26 Nov 2020 00:05:28 +0000 (16:05 -0800)
commit	19a00869028f4a28a36f90649166631dff6e3ccd
tree	ef4a68e11c94a44d7e9de3f6f83fe57877739ba9	tree \| snapshot
parent	b6566dc1acca38ce6ed845ce8a270fb181ff6d41	commit \| diff

RISC-V: Protect all kernel sections including init early

Currently, .init.text & .init.data are intermixed which makes it impossible
apply different permissions to them. .init.data shouldn't need exec
permissions while .init.text shouldn't have write permission. Moreover,
the strict permission are only enforced /init starts. This leaves the
kernel vulnerable from possible buggy built-in modules.

Keep .init.text & .data in separate sections so that different permissions
are applied to each section. Apply permissions to individual sections as
early as possible. This improves the kernel protection under
CONFIG_STRICT_KERNEL_RWX. We also need to restore the permissions for the
entire _init section after it is freed so that those pages can be used
for other purpose.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Tested-by: Greentime Hu <greentime.hu@sifive.com>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>

arch/riscv/include/asm/sections.h		diff \| blob \| history
arch/riscv/include/asm/set_memory.h		diff \| blob \| history
arch/riscv/kernel/setup.c		diff \| blob \| history
arch/riscv/kernel/vmlinux.lds.S		diff \| blob \| history
arch/riscv/mm/init.c		diff \| blob \| history
arch/riscv/mm/pageattr.c		diff \| blob \| history