• Kees Cook's avatar
    x86, mm: Set NX across entire PMD at boot · 45e2a9d4
    Kees Cook authored
    When setting up permissions on kernel memory at boot, the end of the
    PMD that was split from bss remained executable. It should be NX like
    the rest. This performs a PMD alignment instead of a PAGE alignment to
    get the correct span of memory.
    
    Before:
    ---[ High Kernel Mapping ]---
    ...
    0xffffffff8202d000-0xffffffff82200000  1868K     RW       GLB NX pte
    0xffffffff82200000-0xffffffff82c00000    10M     RW   PSE GLB NX pmd
    0xffffffff82c00000-0xffffffff82df5000  2004K     RW       GLB NX pte
    0xffffffff82df5000-0xffffffff82e00000    44K     RW       GLB x  pte
    0xffffffff82e00000-0xffffffffc0000000   978M                     pmd
    
    After:
    ---[ High Kernel Mapping ]---
    ...
    0xffffffff8202d000-0xffffffff82200000  1868K     RW       GLB NX pte
    0xffffffff82200000-0xffffffff82e00000    12M     RW   PSE GLB NX pmd
    0xffffffff82e00000-0xffffffffc0000000   978M                     pmd
    
    [ tglx: Changed it to roundup(_brk_end, PMD_SIZE) and added a comment.
            We really should unmap the reminder along with the holes
            caused by init,initdata etc. but thats a different issue ]
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Toshi Kani <toshi.kani@hp.com>
    Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
    Cc: David Vrabel <david.vrabel@citrix.com>
    Cc: Wang Nan <wangnan0@huawei.com>
    Cc: Yinghai Lu <yinghai@kernel.org>
    Cc: stable@vger.kernel.org
    Link: http://lkml.kernel.org/r/20141114194737.GA3091@www.outflux.netSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    45e2a9d4
init_64.c 34.3 KB