• Jan Beulich's avatar
    [PATCH] x86: tighten kernel image page access rights · 6fb14755
    Jan Beulich authored
    On x86-64, kernel memory freed after init can be entirely unmapped instead
    of just getting 'poisoned' by overwriting with a debug pattern.
    
    On i386 and x86-64 (under CONFIG_DEBUG_RODATA), kernel text and bug table
    can also be write-protected.
    
    Compared to the first version, this one prevents re-creating deleted
    mappings in the kernel image range on x86-64, if those got removed
    previously. This, together with the original changes, prevents temporarily
    having inconsistent mappings when cacheability attributes are being
    changed on such pages (e.g. from AGP code). While on i386 such duplicate
    mappings don't exist, the same change is done there, too, both for
    consistency and because checking pte_present() before using various other
    pte_XXX functions is a requirement anyway. At once, i386 code gets
    adjusted to use pte_huge() instead of open coding this.
    
    AK: split out cpa() changes
    Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
    Signed-off-by: default avatarAndi Kleen <ak@suse.de>
    6fb14755
vmlinux.lds.S 6.1 KB