diff options
author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2016-06-23 15:53:17 +0200 |
---|---|---|
committer | Catalin Marinas <catalin.marinas@arm.com> | 2016-06-27 19:21:27 +0200 |
commit | 9fdc14c55cd6579d619ccd9d40982e0805e62b6d (patch) | |
tree | 39c75ed542eccac983b74f9297b2c562f06a6bd8 /arch/arm64/kernel/setup.c | |
parent | arm64: mm: simplify memblock numa node extraction (diff) | |
download | linux-9fdc14c55cd6579d619ccd9d40982e0805e62b6d.tar.xz linux-9fdc14c55cd6579d619ccd9d40982e0805e62b6d.zip |
arm64: mm: fix location of _etext
As Kees Cook notes in the ARM counterpart of this patch [0]:
The _etext position is defined to be the end of the kernel text code,
and should not include any part of the data segments. This interferes
with things that might check memory ranges and expect executable code
up to _etext.
In particular, Kees is referring to the HARDENED_USERCOPY patch set [1],
which rejects attempts to call copy_to_user() on kernel ranges containing
executable code, but does allow access to the .rodata segment. Regardless
of whether one may or may not agree with the distinction, it makes sense
for _etext to have the same meaning across architectures.
So let's put _etext where it belongs, between .text and .rodata, and fix
up existing references to use __init_begin instead, which unlike _end_rodata
includes the exception and notes sections as well.
The _etext references in kaslr.c are left untouched, since its references
to [_stext, _etext) are meant to capture potential jump instruction targets,
and so disregarding .rodata is actually an improvement here.
[0] http://article.gmane.org/gmane.linux.kernel/2245084
[1] http://thread.gmane.org/gmane.linux.kernel.hardened.devel/2502
Reported-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/kernel/setup.c')
-rw-r--r-- | arch/arm64/kernel/setup.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c index 3279defabaa2..c1509e654190 100644 --- a/arch/arm64/kernel/setup.c +++ b/arch/arm64/kernel/setup.c @@ -202,7 +202,7 @@ static void __init request_standard_resources(void) struct resource *res; kernel_code.start = virt_to_phys(_text); - kernel_code.end = virt_to_phys(_etext - 1); + kernel_code.end = virt_to_phys(__init_begin - 1); kernel_data.start = virt_to_phys(_sdata); kernel_data.end = virt_to_phys(_end - 1); |