- 19 3月, 2015 1 次提交
-
-
由 Daniel Borkmann 提交于
This effectively unexports set_memory_ro and set_memory_rw functions from commit 11d91a77 ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support"). No module user of those is in mainline kernel and we explicitly do not want modules to use these functions, as they i.e. RO-protect eBPF (interpreted and JIT'ed) images from malicious modifications/bugs. Outside of eBPF scope, I believe also other set_memory_* functions should be unexported on arm64 due to non-existant mainline module user. Laura mentioned that they have some uses for modules doing set_memory_*, but none that are in mainline and it's unclear if they would ever get there. Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net> Acked-by: NAlexei Starovoitov <ast@plumgrid.com> Acked-by: NLaura Abbott <lauraa@codeaurora.org> Signed-off-by: NWill Deacon <will.deacon@arm.com>
-
- 06 3月, 2015 1 次提交
-
-
由 Laura Abbott 提交于
The set_memory_* functions currently only support module addresses. The addresses are validated using is_module_addr. That function is special though and relies on internal state in the module subsystem to work properly. At the time of module initialization and calling set_memory_*, it's too early for is_module_addr to work properly so it always returns false. Rather than be subject to the whims of the module state, just bounds check against the module virtual address range. Signed-off-by: NLaura Abbott <lauraa@codeaurora.org> Signed-off-by: NCatalin Marinas <catalin.marinas@arm.com>
-
- 12 9月, 2014 1 次提交
-
-
由 Laura Abbott 提交于
The start address needs to be actually updated after it is detected to be unaligned. Adjust it and the end address properly. Reported-by: NZi Shen Lim <zlim.lnx@gmail.com> Reviewed-by: NZi Shen Lim <zlim.lnx@gmail.com> Signed-off-by: NLaura Abbott <lauraa@codeaurora.org> Signed-off-by: NCatalin Marinas <catalin.marinas@arm.com>
-
- 08 9月, 2014 1 次提交
-
-
由 Laura Abbott 提交于
In a similar fashion to other architecture, add the infrastructure and Kconfig to enable DEBUG_SET_MODULE_RONX support. When enabled, module ranges will be marked read-only/no-execute as appropriate. Signed-off-by: NLaura Abbott <lauraa@codeaurora.org> [will: fixed off-by-one in module end check] Signed-off-by: NWill Deacon <will.deacon@arm.com>
-