LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Ard Biesheuvel <ard.biesheuvel@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: marc.zyngier@arm.com, mark.rutland@arm.com,
	linux-kernel@vger.kernel.org,
	Ard Biesheuvel <ard.biesheuvel@arm.com>,
	Nadav Amit <namit@vmware.com>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Will Deacon <will.deacon@arm.com>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	James Morse <james.morse@arm.com>
Subject: [PATCH 1/4] arm64: module: create module allocations without exec permissions
Date: Thu, 23 May 2019 11:22:53 +0100	[thread overview]
Message-ID: <20190523102256.29168-2-ard.biesheuvel@arm.com> (raw)
In-Reply-To: <20190523102256.29168-1-ard.biesheuvel@arm.com>

Now that the core code manages the executable permissions of code
regions of modules explicitly, it is no longer necessary to create
the module vmalloc regions with RWX permissions, and we can create
them with RW- permissions instead, which is preferred from a
security perspective.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
---
 arch/arm64/kernel/module.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
index 2e4e3915b4d0..88f0ed31d9aa 100644
--- a/arch/arm64/kernel/module.c
+++ b/arch/arm64/kernel/module.c
@@ -41,7 +41,7 @@ void *module_alloc(unsigned long size)
 
 	p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
 				module_alloc_base + MODULES_VSIZE,
-				gfp_mask, PAGE_KERNEL_EXEC, 0,
+				gfp_mask, PAGE_KERNEL, 0,
 				NUMA_NO_NODE, __builtin_return_address(0));
 
 	if (!p && IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) &&
@@ -57,7 +57,7 @@ void *module_alloc(unsigned long size)
 		 */
 		p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
 				module_alloc_base + SZ_4G, GFP_KERNEL,
-				PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
+				PAGE_KERNEL, 0, NUMA_NO_NODE,
 				__builtin_return_address(0));
 
 	if (p && (kasan_module_alloc(p, size) < 0)) {
-- 
2.17.1


  reply	other threads:[~2019-05-23 10:24 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-23 10:22 [PATCH 0/4] arm64: wire up VM_FLUSH_RESET_PERMS Ard Biesheuvel
2019-05-23 10:22 ` Ard Biesheuvel [this message]
2019-05-28  5:35   ` [PATCH 1/4] arm64: module: create module allocations without exec permissions Anshuman Khandual
2019-05-28  6:24     ` Ard Biesheuvel
2019-05-23 10:22 ` [PATCH 2/4] arm64/mm: wire up CONFIG_ARCH_HAS_SET_DIRECT_MAP Ard Biesheuvel
2019-05-28  8:10   ` Anshuman Khandual
2019-05-28  8:20     ` Ard Biesheuvel
2019-05-28  8:41       ` Anshuman Khandual
2019-05-28  8:58         ` Ard Biesheuvel
2019-05-23 10:22 ` [PATCH 3/4] arm64/kprobes: set VM_FLUSH_RESET_PERMS on kprobe instruction pages Ard Biesheuvel
2019-05-28  8:20   ` Anshuman Khandual
2019-05-28  8:23     ` Ard Biesheuvel
2019-05-23 10:22 ` [PATCH 4/4] arm64: bpf: do not allocate executable memory Ard Biesheuvel
2019-05-28 10:04 ` [PATCH 0/4] arm64: wire up VM_FLUSH_RESET_PERMS Will Deacon
2019-05-28 10:29   ` Ard Biesheuvel
2019-06-24 11:16   ` Will Deacon
2019-06-24 11:22     ` Ard Biesheuvel
2019-06-24 14:29       ` Ard Biesheuvel
2019-06-24 17:14         ` Catalin Marinas
2019-06-24 17:15           ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190523102256.29168-2-ard.biesheuvel@arm.com \
    --to=ard.biesheuvel@arm.com \
    --cc=akpm@linux-foundation.org \
    --cc=james.morse@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marc.zyngier@arm.com \
    --cc=mark.rutland@arm.com \
    --cc=mhiramat@kernel.org \
    --cc=namit@vmware.com \
    --cc=peterz@infradead.org \
    --cc=rick.p.edgecombe@intel.com \
    --cc=will.deacon@arm.com \
    --subject='Re: [PATCH 1/4] arm64: module: create module allocations without exec permissions' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).