• Kees Cook's avatar
    ARM: 8502/1: mm: mark section-aligned portion of rodata NX · 64ac2e74
    Kees Cook authored
    When rodata is large enough that it crosses a section boundary after the
    kernel text, mark the rest NX. This is as close to full NX of rodata as
    we can get without splitting page tables or doing section alignment via
    CONFIG_DEBUG_ALIGN_RODATA.
    
    When the config is:
    
     CONFIG_DEBUG_RODATA=y
     # CONFIG_DEBUG_ALIGN_RODATA is not set
    
    Before:
    
    ---[ Kernel Mapping ]---
    0x80000000-0x80100000           1M     RW NX SHD
    0x80100000-0x80a00000           9M     ro x  SHD
    0x80a00000-0xa0000000         502M     RW NX SHD
    
    After:
    
    ---[ Kernel Mapping ]---
    0x80000000-0x80100000           1M     RW NX SHD
    0x80100000-0x80700000           6M     ro x  SHD
    0x80700000-0x80a00000           3M     ro NX SHD
    0x80a00000-0xa0000000         502M     RW NX SHD
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Reviewed-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
    64ac2e74
vmlinux.lds.S 7.04 KB