Skip to content

Commit d27c3c9

Browse files
zongboxpalmer-dabbelt
zongbox
authored and
palmer-dabbelt
committed
riscv: add STRICT_KERNEL_RWX support
The commit contains that make text section as non-writable, rodata section as read-only, and data section as non-executable. The init section should be changed to non-executable. Signed-off-by: Zong Li <[email protected]> Signed-off-by: Palmer Dabbelt <[email protected]>
1 parent 00cb41d commit d27c3c9

File tree

3 files changed

+53
-0
lines changed

3 files changed

+53
-0
lines changed

arch/riscv/Kconfig

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ config RISCV
6161
select ARCH_HAS_GIGANTIC_PAGE
6262
select ARCH_HAS_SET_DIRECT_MAP
6363
select ARCH_HAS_SET_MEMORY
64+
select ARCH_HAS_STRICT_KERNEL_RWX
6465
select ARCH_WANT_HUGE_PMD_SHARE if 64BIT
6566
select SPARSEMEM_STATIC if 32BIT
6667
select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU

arch/riscv/include/asm/set_memory.h

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,14 @@ static inline int set_memory_x(unsigned long addr, int numpages) { return 0; }
2222
static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; }
2323
#endif
2424

25+
#ifdef CONFIG_STRICT_KERNEL_RWX
26+
void set_kernel_text_ro(void);
27+
void set_kernel_text_rw(void);
28+
#else
29+
static inline void set_kernel_text_ro(void) { }
30+
static inline void set_kernel_text_rw(void) { }
31+
#endif
32+
2533
int set_direct_map_invalid_noflush(struct page *page);
2634
int set_direct_map_default_noflush(struct page *page);
2735

arch/riscv/mm/init.c

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
#include <linux/sizes.h>
1313
#include <linux/of_fdt.h>
1414
#include <linux/libfdt.h>
15+
#include <linux/set_memory.h>
1516

1617
#include <asm/fixmap.h>
1718
#include <asm/tlbflush.h>
@@ -477,6 +478,17 @@ static void __init setup_vm_final(void)
477478
csr_write(CSR_SATP, PFN_DOWN(__pa_symbol(swapper_pg_dir)) | SATP_MODE);
478479
local_flush_tlb_all();
479480
}
481+
482+
void free_initmem(void)
483+
{
484+
unsigned long init_begin = (unsigned long)__init_begin;
485+
unsigned long init_end = (unsigned long)__init_end;
486+
487+
/* Make the region as non-execuatble. */
488+
set_memory_nx(init_begin, (init_end - init_begin) >> PAGE_SHIFT);
489+
free_initmem_default(POISON_FREE_INITMEM);
490+
}
491+
480492
#else
481493
asmlinkage void __init setup_vm(uintptr_t dtb_pa)
482494
{
@@ -488,6 +500,38 @@ static inline void setup_vm_final(void)
488500
}
489501
#endif /* CONFIG_MMU */
490502

503+
#ifdef CONFIG_STRICT_KERNEL_RWX
504+
void set_kernel_text_rw(void)
505+
{
506+
unsigned long text_start = (unsigned long)_text;
507+
unsigned long text_end = (unsigned long)_etext;
508+
509+
set_memory_rw(text_start, (text_end - text_start) >> PAGE_SHIFT);
510+
}
511+
512+
void set_kernel_text_ro(void)
513+
{
514+
unsigned long text_start = (unsigned long)_text;
515+
unsigned long text_end = (unsigned long)_etext;
516+
517+
set_memory_ro(text_start, (text_end - text_start) >> PAGE_SHIFT);
518+
}
519+
520+
void mark_rodata_ro(void)
521+
{
522+
unsigned long text_start = (unsigned long)_text;
523+
unsigned long text_end = (unsigned long)_etext;
524+
unsigned long rodata_start = (unsigned long)__start_rodata;
525+
unsigned long data_start = (unsigned long)_data;
526+
unsigned long max_low = (unsigned long)(__va(PFN_PHYS(max_low_pfn)));
527+
528+
set_memory_ro(text_start, (text_end - text_start) >> PAGE_SHIFT);
529+
set_memory_ro(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
530+
set_memory_nx(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
531+
set_memory_nx(data_start, (max_low - data_start) >> PAGE_SHIFT);
532+
}
533+
#endif
534+
491535
void __init paging_init(void)
492536
{
493537
setup_vm_final();

0 commit comments

Comments
 (0)