mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-14 06:35:12 +00:00
b6cb20fdc2
set_memory_x() calls pte_mkexec() which sets _PAGE_EXEC.
set_memory_nx() calls pte_exprotec() which clears _PAGE_EXEC.
Book3e has 2 bits, UX and SX, which defines the exec rights
resp. for user (PR=1) and for kernel (PR=0).
_PAGE_EXEC is defined as UX only.
An executable kernel page is set with either _PAGE_KERNEL_RWX
or _PAGE_KERNEL_ROX, which both have SX set and UX cleared.
So set_memory_nx() call for an executable kernel page does
nothing because UX is already cleared.
And set_memory_x() on a non-executable kernel page makes it
executable for the user and keeps it non-executable for kernel.
Also, pte_exec() always returns 'false' on kernel pages, because
it checks _PAGE_EXEC which doesn't include SX, so for instance
the W+X check doesn't work.
To fix this:
- change tlb_low_64e.S to use _PAGE_BAP_UX instead of _PAGE_USER
- sets both UX and SX in _PAGE_EXEC so that pte_exec() returns
true whenever one of the two bits is set and pte_exprotect()
clears both bits.
- Define a book3e specific version of pte_mkexec() which sets
either SX or UX based on UR.
Fixes:
|
||
---|---|---|
.. | ||
book3s32 | ||
book3s64 | ||
kasan | ||
nohash | ||
ptdump | ||
cacheflush.c | ||
copro_fault.c | ||
dma-noncoherent.c | ||
drmem.c | ||
fault.c | ||
hugetlbpage.c | ||
init-common.c | ||
init_32.c | ||
init_64.c | ||
ioremap.c | ||
ioremap_32.c | ||
ioremap_64.c | ||
maccess.c | ||
Makefile | ||
mem.c | ||
mmap.c | ||
mmu_context.c | ||
mmu_decl.h | ||
numa.c | ||
pageattr.c | ||
pgtable-frag.c | ||
pgtable.c | ||
pgtable_32.c | ||
pgtable_64.c | ||
slice.c |