• Ard Biesheuvel's avatar
    arm64: mm: apply r/o permissions of VM areas to its linear alias as well · c55191e9
    Ard Biesheuvel authored
    On arm64, we use block mappings and contiguous hints to map the linear
    region, to minimize the TLB footprint. However, this means that the
    entire region is mapped using read/write permissions, which we cannot
    modify at page granularity without having to take intrusive measures to
    prevent TLB conflicts.
    
    This means the linear aliases of pages belonging to read-only mappings
    (executable or otherwise) in the vmalloc region are also mapped read/write,
    and could potentially be abused to modify things like module code, bpf JIT
    code or other read-only data.
    
    So let's fix this, by extending the set_memory_ro/rw routines to take
    the linear alias into account. The consequence of enabling this is
    that we can no longer use block mappings or contiguous hints, so in
    cases where the TLB footprint of the linear region is a bottleneck,
    performance may be affected.
    
    Therefore, allow this feature to be runtime en/disabled, by setting
    rodata=full (or 'on' to disable just this enhancement, or 'off' to
    disable read-only mappings for code and r/o data entirely) on the
    kernel command line. Also, allow the default value to be set via a
    Kconfig option.
    Tested-by: default avatarLaura Abbott <labbott@redhat.com>
    Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    c55191e9
mmu_context.h 7.07 KB