ARM: mm: allow non-text sections to be non-executable Adds CONFIG_ARM_KERNMEM_PERMS to separate the kernel memory regions into section-sized areas that can have different permisions. Performs the NX permission changes during free_initmem, so that init memory can be reclaimed. This uses section size instead of PMD size to reduce memory lost to padding on non-LPAE systems. Based on work by Brad Spengler, Larry Bassel, and Laura Abbott. Signed-off-by: Kees Cook <keescook@chromium.org> Tested-by: Laura Abbott <lauraa@codeaurora.org> Acked-by: Nicolas Pitre <nico@linaro.org>

commit: 1e6b48116a95046ec51f3d40f83aff8b006674d7 [log] [tgz]
author: Kees Cook <keescook@chromium.org> Thu Apr 03 17:28:11 2014 -0700
committer: Kees Cook <keescook@chromium.org> Thu Oct 16 14:38:54 2014 -0700
tree: 1c18e08416613ef84513cb2cd52679e7af6d4d7c
parent: 23a4e4050ba9c98ab67db0980a9fb20e5096d9ea [diff] [blame]
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
index ae69809..7a0756d 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig

@@ -1008,3 +1008,12 @@
 	help
 	  This option specifies the architecture can support big endian
 	  operation.
+
+config ARM_KERNMEM_PERMS
+	bool "Restrict kernel memory permissions"
+	help
+	  If this is set, kernel memory other than kernel text (and rodata)
+	  will be made non-executable. The tradeoff is that each region is
+	  padded to section-size (1MiB) boundaries (because their permissions
+	  are different and splitting the 1M pages into 4K ones causes TLB
+	  performance problems), wasting memory.
commit	1e6b48116a95046ec51f3d40f83aff8b006674d7	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Thu Apr 03 17:28:11 2014 -0700
committer	Kees Cook <keescook@chromium.org>	Thu Oct 16 14:38:54 2014 -0700
tree	1c18e08416613ef84513cb2cd52679e7af6d4d7c
parent	23a4e4050ba9c98ab67db0980a9fb20e5096d9ea [diff] [blame]