diff options
author | Kees Cook <keescook@chromium.org> | 2014-04-03 17:28:11 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2014-10-16 14:38:54 -0700 |
commit | 1e6b48116a95046ec51f3d40f83aff8b006674d7 (patch) | |
tree | 1c18e08416613ef84513cb2cd52679e7af6d4d7c /arch/arm/mm/Kconfig | |
parent | 23a4e4050ba9c98ab67db0980a9fb20e5096d9ea (diff) | |
download | linux-1e6b48116a95046ec51f3d40f83aff8b006674d7.tar.bz2 |
ARM: mm: allow non-text sections to be non-executable
Adds CONFIG_ARM_KERNMEM_PERMS to separate the kernel memory regions
into section-sized areas that can have different permisions. Performs
the NX permission changes during free_initmem, so that init memory can be
reclaimed.
This uses section size instead of PMD size to reduce memory lost to
padding on non-LPAE systems.
Based on work by Brad Spengler, Larry Bassel, and Laura Abbott.
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Laura Abbott <lauraa@codeaurora.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Diffstat (limited to 'arch/arm/mm/Kconfig')
-rw-r--r-- | arch/arm/mm/Kconfig | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig index ae69809a9e47..7a0756df91a2 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -1008,3 +1008,12 @@ config ARCH_SUPPORTS_BIG_ENDIAN help This option specifies the architecture can support big endian operation. + +config ARM_KERNMEM_PERMS + bool "Restrict kernel memory permissions" + help + If this is set, kernel memory other than kernel text (and rodata) + will be made non-executable. The tradeoff is that each region is + padded to section-size (1MiB) boundaries (because their permissions + are different and splitting the 1M pages into 4K ones causes TLB + performance problems), wasting memory. |