mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-14 06:35:12 +00:00
b6cb20fdc2
set_memory_x() calls pte_mkexec() which sets _PAGE_EXEC.
set_memory_nx() calls pte_exprotec() which clears _PAGE_EXEC.
Book3e has 2 bits, UX and SX, which defines the exec rights
resp. for user (PR=1) and for kernel (PR=0).
_PAGE_EXEC is defined as UX only.
An executable kernel page is set with either _PAGE_KERNEL_RWX
or _PAGE_KERNEL_ROX, which both have SX set and UX cleared.
So set_memory_nx() call for an executable kernel page does
nothing because UX is already cleared.
And set_memory_x() on a non-executable kernel page makes it
executable for the user and keeps it non-executable for kernel.
Also, pte_exec() always returns 'false' on kernel pages, because
it checks _PAGE_EXEC which doesn't include SX, so for instance
the W+X check doesn't work.
To fix this:
- change tlb_low_64e.S to use _PAGE_BAP_UX instead of _PAGE_USER
- sets both UX and SX in _PAGE_EXEC so that pte_exec() returns
true whenever one of the two bits is set and pte_exprotect()
clears both bits.
- Define a book3e specific version of pte_mkexec() which sets
either SX or UX based on UR.
Fixes:
|
||
|---|---|---|
| .. | ||
| book3s32 | ||
| book3s64 | ||
| kasan | ||
| nohash | ||
| ptdump | ||
| cacheflush.c | ||
| copro_fault.c | ||
| dma-noncoherent.c | ||
| drmem.c | ||
| fault.c | ||
| hugetlbpage.c | ||
| init-common.c | ||
| init_32.c | ||
| init_64.c | ||
| ioremap.c | ||
| ioremap_32.c | ||
| ioremap_64.c | ||
| maccess.c | ||
| Makefile | ||
| mem.c | ||
| mmap.c | ||
| mmu_context.c | ||
| mmu_decl.h | ||
| numa.c | ||
| pageattr.c | ||
| pgtable-frag.c | ||
| pgtable.c | ||
| pgtable_32.c | ||
| pgtable_64.c | ||
| slice.c | ||