Commit 3abc9448 authored by Vineet Gupta's avatar Vineet Gupta

ARC: [mm] Make stack/heap Non-executable by default

1. For VM_EXEC based delayed dcache/icache flush, reduces the number of
   flushes.

2. Makes this security feature ON by default rather than OFF before.

3. Applications can use mprotect() to selectively override this.

4. ELF binaries have a GNU_STACK segment which can easily override the
   kernel default permissions.
   For nested-functions/trampolines, gcc already auto-enables executable
   stack in elf. Others needing this can use -Wl,-z,execstack option.
Signed-off-by: default avatarVineet Gupta <vgupta@synopsys.com>
parent 2ed21dae
...@@ -362,13 +362,6 @@ config ARC_MISALIGN_ACCESS ...@@ -362,13 +362,6 @@ config ARC_MISALIGN_ACCESS
Use ONLY-IF-ABS-NECESSARY as it will be very slow and also can hide Use ONLY-IF-ABS-NECESSARY as it will be very slow and also can hide
potential bugs in code potential bugs in code
config ARC_STACK_NONEXEC
bool "Make stack non-executable"
default n
help
To disable the execute permissions of stack/heap of processes
which are enabled by default.
config HZ config HZ
int "Timer Frequency" int "Timer Frequency"
default 100 default 100
......
...@@ -96,13 +96,8 @@ typedef unsigned long pgtable_t; ...@@ -96,13 +96,8 @@ typedef unsigned long pgtable_t;
#define virt_addr_valid(kaddr) pfn_valid(__pa(kaddr) >> PAGE_SHIFT) #define virt_addr_valid(kaddr) pfn_valid(__pa(kaddr) >> PAGE_SHIFT)
/* Default Permissions for page, used in mmap.c */ /* Default Permissions for stack/heaps pages (Non Executable) */
#ifdef CONFIG_ARC_STACK_NONEXEC
#define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE) #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE)
#else
#define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \
VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
#endif
#define WANT_PAGE_VIRTUAL 1 #define WANT_PAGE_VIRTUAL 1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment