Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1574642ybm;
        Thu, 23 May 2019 03:25:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwvAxfieMjNK4iA6GPrG+SstoMOGufF0sAcF+G6vueSxqNcBfLfIbLynSaxRgItp7VhD8Rx
X-Received: by 2002:a65:6088:: with SMTP id t8mr47825356pgu.381.1558607156309;
        Thu, 23 May 2019 03:25:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558607156; cv=none;
        d=google.com; s=arc-20160816;
        b=Hk1hyh8235rUsnxIsD56Q4Kb4ceoLysmlaWm1ajQoL4ubXZN3C9yDfxdjJ1agiNQ7f
         6MYohQRur9Nabhz1tJ7QnvF/r0bdd2bosDOWr+/v02EkixajFmYV0ASN3XcDQ10qQQ9h
         OohJaGn384WhpLSkQyQR/bY+JtKLuwN0Khptc5RnJ7tJdyTOZ3Yceid7dYxFKTSiMQam
         wgcXzJOBl5tscf+moL5UW1FZMFlSieQdiX3edLfyCbSVysF8o+0hBPuu29W6ySR6+HW8
         0WWkprcMKWZdfHaGtEcoO77DM3eNM2gPFD+v36lKjbQawrePfIeisCaNWHeJLp7LUYIj
         G2vA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from;
        bh=A7Wa4qH/yeRFHNA7ZKEMfTehS8TXKojLrzNE8kfdHeI=;
        b=Z3vEGUHxmJUKU/ikW3QEsBee+UfFpcAEkeLQPWMbnF2wJ1kJb9W/veXsz+395Q1SQI
         h4ES54Q3aGCPR47UFAWcwajJkSg3JuT6cGvGnrfWmxF3OJNUWI1nlk/VPUwyw5525oKc
         Lhld4SYu4+45K9OjcOjv8ngxwAdA4LQ9jX5tameoH/Y6eHuff8T4/lfgV9GhOm4zt0Ig
         bt6N1Lsr9XAVGIXDlSKd2n5t7TyQADicUMd0Oa1RsFKOfC1DS3X+i0KUnn+ynDUenHPu
         2TnD7QRtwSGlHZYapo5b0j6x+lmXvX9nRAQO6WPOM1FK41rIy8CkxpTWKnKjcC56/Q0j
         zBFg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g4si27662626plo.307.2019.05.23.03.25.41;
        Thu, 23 May 2019 03:25:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730420AbfEWKYb (ORCPT <rfc822;1990.zhangzhen@gmail.com>
        + 99 others); Thu, 23 May 2019 06:24:31 -0400
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42648 "EHLO
        foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727434AbfEWKYb (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 23 May 2019 06:24:31 -0400
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3E7E315AB;
        Thu, 23 May 2019 03:24:31 -0700 (PDT)
Received: from e111045-lin.cambridge.arm.com (unknown [10.1.39.23])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1695C3F718;
        Thu, 23 May 2019 03:24:28 -0700 (PDT)
From:   Ard Biesheuvel <ard.biesheuvel@arm.com>
To:     linux-arm-kernel@lists.infradead.org
Cc:     marc.zyngier@arm.com, mark.rutland@arm.com,
        linux-kernel@vger.kernel.org,
        Ard Biesheuvel <ard.biesheuvel@arm.com>,
        Nadav Amit <namit@vmware.com>,
        Rick Edgecombe <rick.p.edgecombe@intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Will Deacon <will.deacon@arm.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        James Morse <james.morse@arm.com>
Subject: [PATCH 1/4] arm64: module: create module allocations without exec permissions
Date:   Thu, 23 May 2019 11:22:53 +0100
Message-Id: <20190523102256.29168-2-ard.biesheuvel@arm.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190523102256.29168-1-ard.biesheuvel@arm.com>
References: <20190523102256.29168-1-ard.biesheuvel@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Now that the core code manages the executable permissions of code
regions of modules explicitly, it is no longer necessary to create
the module vmalloc regions with RWX permissions, and we can create
them with RW- permissions instead, which is preferred from a
security perspective.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
---
 arch/arm64/kernel/module.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
index 2e4e3915b4d0..88f0ed31d9aa 100644
--- a/arch/arm64/kernel/module.c
+++ b/arch/arm64/kernel/module.c
@@ -41,7 +41,7 @@ void *module_alloc(unsigned long size)
 
 	p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
 				module_alloc_base + MODULES_VSIZE,
-				gfp_mask, PAGE_KERNEL_EXEC, 0,
+				gfp_mask, PAGE_KERNEL, 0,
 				NUMA_NO_NODE, __builtin_return_address(0));
 
 	if (!p && IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) &&
@@ -57,7 +57,7 @@ void *module_alloc(unsigned long size)
 		 */
 		p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
 				module_alloc_base + SZ_4G, GFP_KERNEL,
-				PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
+				PAGE_KERNEL, 0, NUMA_NO_NODE,
 				__builtin_return_address(0));
 
 	if (p && (kasan_module_alloc(p, size) < 0)) {
-- 
2.17.1