[v3] arm64: Unmap linear alias of kernel data/bss

[PATCH v3 07/13] arm64: mm: Use hierarchical XN mapping for the fixmap

Posted by Ard Biesheuvel 1 week, 6 days ago

From: Ard Biesheuvel <ardb@kernel.org>

Nothing in the fixmap or in its vicinity requires executable
permissions, and given that it is placed at exactly 1 GiB from the end
of the virtual address space, we can safely set the hierarchical XN
attributes on the level 2 table entries covering the fixmap, without
running the risk of inadvertently taking away the executable permissions
on an adjacent mappings.

This is a hardening measure that reduces the risk of the fixmap being
abused to create executable mappings in the kernel address space.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/fixmap.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/mm/fixmap.c b/arch/arm64/mm/fixmap.c
index c5c5425791da..c3dd3c868cf5 100644
--- a/arch/arm64/mm/fixmap.c
+++ b/arch/arm64/mm/fixmap.c
@@ -48,7 +48,8 @@ static void __init early_fixmap_init_pte(pmd_t *pmdp, unsigned long addr)
 	if (pmd_none(pmd)) {
 		ptep = bm_pte[BM_PTE_TABLE_IDX(addr)];
 		__pmd_populate(pmdp, __pa_symbol(ptep),
-			       PMD_TYPE_TABLE | PMD_TABLE_AF);
+			       PMD_TYPE_TABLE | PMD_TABLE_AF |
+			       PMD_TABLE_PXN | PMD_TABLE_UXN);
 	}
 }
 
-- 
2.53.0.959.g497ff81fa9-goog