mirror of
https://github.com/torvalds/linux.git
synced 2024-09-21 15:33:19 +00:00
19a0086902
Currently, .init.text & .init.data are intermixed which makes it impossible apply different permissions to them. .init.data shouldn't need exec permissions while .init.text shouldn't have write permission. Moreover, the strict permission are only enforced /init starts. This leaves the kernel vulnerable from possible buggy built-in modules. Keep .init.text & .data in separate sections so that different permissions are applied to each section. Apply permissions to individual sections as early as possible. This improves the kernel protection under CONFIG_STRICT_KERNEL_RWX. We also need to restore the permissions for the entire _init section after it is freed so that those pages can be used for other purpose. Signed-off-by: Atish Patra <atish.patra@wdc.com> Tested-by: Greentime Hu <greentime.hu@sifive.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com> |
||
|---|---|---|
| .. | ||
| boot | ||
| configs | ||
| include | ||
| kernel | ||
| lib | ||
| mm | ||
| net | ||
| Kbuild | ||
| Kconfig | ||
| Kconfig.debug | ||
| Kconfig.socs | ||
| Makefile | ||