Commit 33bd8d15 authored by Heiko Carstens's avatar Heiko Carstens Committed by Vasily Gorbik

s390: Keep inittext section writable

There is no added security by making the inittext section non-writable,
however it does split part of the kernel mapping into 4K mappings
instead of 1M mappings:

---[ Kernel Image Start ]---
0x000003ffe0000000-0x000003ffe0e00000        14M PMD RO X
0x000003ffe0e00000-0x000003ffe0ec7000       796K PTE RO X
0x000003ffe0ec7000-0x000003ffe0f00000       228K PTE RO NX
0x000003ffe0f00000-0x000003ffe1300000         4M PMD RO NX
0x000003ffe1300000-0x000003ffe1353000       332K PTE RO NX
0x000003ffe1353000-0x000003ffe1400000       692K PTE RW NX
0x000003ffe1400000-0x000003ffe1500000         1M PMD RW NX
0x000003ffe1500000-0x000003ffe1700000         2M PTE RW NX <---
0x000003ffe1700000-0x000003ffe1800000         1M PMD RW NX
0x000003ffe1800000-0x000003ffe187e000       504K PTE RW NX
---[ Kernel Image End ]---

Keep the inittext writable and enable instruction execution protection
(aka noexec) later to prevent this. This also allows to use the
generic free_initmem() implementation.

---[ Kernel Image Start ]---
0x000003ffe0000000-0x000003ffe0e00000        14M PMD RO X
0x000003ffe0e00000-0x000003ffe0ec7000       796K PTE RO X
0x000003ffe0ec7000-0x000003ffe0f00000       228K PTE RO NX
0x000003ffe0f00000-0x000003ffe1300000         4M PMD RO NX
0x000003ffe1300000-0x000003ffe1353000       332K PTE RO NX
0x000003ffe1353000-0x000003ffe1400000       692K PTE RW NX
0x000003ffe1400000-0x000003ffe1800000         4M PMD RW NX <---
0x000003ffe1800000-0x000003ffe187e000       504K PTE RW NX
---[ Kernel Image End ]---
Reviewed-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
parent 75c10d53
...@@ -108,6 +108,8 @@ void mark_rodata_ro(void) ...@@ -108,6 +108,8 @@ void mark_rodata_ro(void)
{ {
unsigned long size = __end_ro_after_init - __start_ro_after_init; unsigned long size = __end_ro_after_init - __start_ro_after_init;
if (MACHINE_HAS_NX)
system_ctl_set_bit(0, CR0_INSTRUCTION_EXEC_PROTECTION_BIT);
__set_memory_ro(__start_ro_after_init, __end_ro_after_init); __set_memory_ro(__start_ro_after_init, __end_ro_after_init);
pr_info("Write protected read-only-after-init data: %luk\n", size >> 10); pr_info("Write protected read-only-after-init data: %luk\n", size >> 10);
} }
...@@ -170,13 +172,6 @@ void __init mem_init(void) ...@@ -170,13 +172,6 @@ void __init mem_init(void)
setup_zero_pages(); /* Setup zeroed pages. */ setup_zero_pages(); /* Setup zeroed pages. */
} }
void free_initmem(void)
{
set_memory_rwnx((unsigned long)_sinittext,
(unsigned long)(_einittext - _sinittext) >> PAGE_SHIFT);
free_initmem_default(POISON_FREE_INITMEM);
}
unsigned long memory_block_size_bytes(void) unsigned long memory_block_size_bytes(void)
{ {
/* /*
......
...@@ -661,7 +661,6 @@ void __init vmem_map_init(void) ...@@ -661,7 +661,6 @@ void __init vmem_map_init(void)
{ {
__set_memory_rox(_stext, _etext); __set_memory_rox(_stext, _etext);
__set_memory_ro(_etext, __end_rodata); __set_memory_ro(_etext, __end_rodata);
__set_memory_rox(_sinittext, _einittext);
__set_memory_rox(__stext_amode31, __etext_amode31); __set_memory_rox(__stext_amode31, __etext_amode31);
/* /*
* If the BEAR-enhancement facility is not installed the first * If the BEAR-enhancement facility is not installed the first
...@@ -672,8 +671,6 @@ void __init vmem_map_init(void) ...@@ -672,8 +671,6 @@ void __init vmem_map_init(void)
set_memory_x(0, 1); set_memory_x(0, 1);
if (debug_pagealloc_enabled()) if (debug_pagealloc_enabled())
__set_memory_4k(__va(0), __va(0) + ident_map_size); __set_memory_4k(__va(0), __va(0) + ident_map_size);
if (MACHINE_HAS_NX)
system_ctl_set_bit(0, CR0_INSTRUCTION_EXEC_PROTECTION_BIT);
pr_info("Write protected kernel read-only data: %luk\n", pr_info("Write protected kernel read-only data: %luk\n",
(unsigned long)(__end_rodata - _stext) >> 10); (unsigned long)(__end_rodata - _stext) >> 10);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment