git.baikalelectronics.ru Git - kernel.git/commit

author	Ard Biesheuvel <ard.biesheuvel@linaro.org>
	Thu, 9 Mar 2017 20:52:01 +0000 (21:52 +0100)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Thu, 23 Mar 2017 13:54:19 +0000 (13:54 +0000)
commit	6720ff6661c3f6271944d882f310d23316395f42
tree	5bc46cf0c5ff286e1a0c8c02ef3f5da9a27efda7	tree \| snapshot
parent	d874e04a797bf2328cc2c97807c9b0fb47391af2	commit \| diff

arm64: alternatives: apply boot time fixups via the linear mapping

One important rule of thumb when desiging a secure software system is
that memory should never be writable and executable at the same time.
We mostly adhere to this rule in the kernel, except at boot time, when
regions may be mapped RWX until after we are done applying alternatives
or making other one-off changes.

For the alternative patching, we can improve the situation by applying
the fixups via the linear mapping, which is never mapped with executable
permissions. So map the linear alias of .text with RW- permissions
initially, and remove the write permissions as soon as alternative
patching has completed.

Reviewed-by: Laura Abbott <labbott@redhat.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

arch/arm64/include/asm/mmu.h		diff \| blob \| history
arch/arm64/kernel/alternative.c		diff \| blob \| history
arch/arm64/kernel/smp.c		diff \| blob \| history
arch/arm64/mm/mmu.c		diff \| blob \| history