summaryrefslogtreecommitdiffstats
path: root/arch/arm/mm/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2014-04-03 17:28:11 -0700
committerKees Cook <keescook@chromium.org>2014-10-16 14:38:54 -0700
commit1e6b48116a95046ec51f3d40f83aff8b006674d7 (patch)
tree1c18e08416613ef84513cb2cd52679e7af6d4d7c /arch/arm/mm/Kconfig
parent23a4e4050ba9c98ab67db0980a9fb20e5096d9ea (diff)
downloadlinux-1e6b48116a95046ec51f3d40f83aff8b006674d7.tar.gz
linux-1e6b48116a95046ec51f3d40f83aff8b006674d7.tar.bz2
linux-1e6b48116a95046ec51f3d40f83aff8b006674d7.zip
ARM: mm: allow non-text sections to be non-executable
Adds CONFIG_ARM_KERNMEM_PERMS to separate the kernel memory regions into section-sized areas that can have different permisions. Performs the NX permission changes during free_initmem, so that init memory can be reclaimed. This uses section size instead of PMD size to reduce memory lost to padding on non-LPAE systems. Based on work by Brad Spengler, Larry Bassel, and Laura Abbott. Signed-off-by: Kees Cook <keescook@chromium.org> Tested-by: Laura Abbott <lauraa@codeaurora.org> Acked-by: Nicolas Pitre <nico@linaro.org>
Diffstat (limited to 'arch/arm/mm/Kconfig')
-rw-r--r--arch/arm/mm/Kconfig9
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
index ae69809a9e47..7a0756df91a2 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -1008,3 +1008,12 @@ config ARCH_SUPPORTS_BIG_ENDIAN
help
This option specifies the architecture can support big endian
operation.
+
+config ARM_KERNMEM_PERMS
+ bool "Restrict kernel memory permissions"
+ help
+ If this is set, kernel memory other than kernel text (and rodata)
+ will be made non-executable. The tradeoff is that each region is
+ padded to section-size (1MiB) boundaries (because their permissions
+ are different and splitting the 1M pages into 4K ones causes TLB
+ performance problems), wasting memory.