s390: Keep inittext section writable

There is no added security by making the inittext section non-writable,
however it does split part of the kernel mapping into 4K mappings
instead of 1M mappings:

---[ Kernel Image Start ]---
0x000003ffe0000000-0x000003ffe0e00000        14M PMD RO X
0x000003ffe0e00000-0x000003ffe0ec7000       796K PTE RO X
0x000003ffe0ec7000-0x000003ffe0f00000       228K PTE RO NX
0x000003ffe0f00000-0x000003ffe1300000         4M PMD RO NX
0x000003ffe1300000-0x000003ffe1353000       332K PTE RO NX
0x000003ffe1353000-0x000003ffe1400000       692K PTE RW NX
0x000003ffe1400000-0x000003ffe1500000         1M PMD RW NX
0x000003ffe1500000-0x000003ffe1700000         2M PTE RW NX <---
0x000003ffe1700000-0x000003ffe1800000         1M PMD RW NX
0x000003ffe1800000-0x000003ffe187e000       504K PTE RW NX
---[ Kernel Image End ]---

Keep the inittext writable and enable instruction execution protection
(aka noexec) later to prevent this. This also allows to use the
generic free_initmem() implementation.

---[ Kernel Image Start ]---
0x000003ffe0000000-0x000003ffe0e00000        14M PMD RO X
0x000003ffe0e00000-0x000003ffe0ec7000       796K PTE RO X
0x000003ffe0ec7000-0x000003ffe0f00000       228K PTE RO NX
0x000003ffe0f00000-0x000003ffe1300000         4M PMD RO NX
0x000003ffe1300000-0x000003ffe1353000       332K PTE RO NX
0x000003ffe1353000-0x000003ffe1400000       692K PTE RW NX
0x000003ffe1400000-0x000003ffe1800000         4M PMD RW NX <---
0x000003ffe1800000-0x000003ffe187e000       504K PTE RW NX
---[ Kernel Image End ]---

Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
index ddcd39ef43463ade94bc3c94432a0afe6d6840d0..e3d258f9e72610a9d28bc77bdb580daddfcd7db6 100644 (file)
--- a/arch/s390/mm/init.c
+++ b/arch/s390/mm/init.c
@@ -108,6 +108,8 @@ void mark_rodata_ro(void)
 {
        unsigned long size = __end_ro_after_init - __start_ro_after_init;
 
+       if (MACHINE_HAS_NX)
+               system_ctl_set_bit(0, CR0_INSTRUCTION_EXEC_PROTECTION_BIT);
        __set_memory_ro(__start_ro_after_init, __end_ro_after_init);
        pr_info("Write protected read-only-after-init data: %luk\n", size >> 10);
 }
@@ -170,13 +172,6 @@ void __init mem_init(void)
        setup_zero_pages();     /* Setup zeroed pages. */
 }
 
-void free_initmem(void)
-{
-       set_memory_rwnx((unsigned long)_sinittext,
-                       (unsigned long)(_einittext - _sinittext) >> PAGE_SHIFT);
-       free_initmem_default(POISON_FREE_INITMEM);
-}
-
 unsigned long memory_block_size_bytes(void)
 {
        /*

diff --git a/arch/s390/mm/vmem.c b/arch/s390/mm/vmem.c
index 4edb39e2adb7ad860cf62ec0729a976d75f6b603..665b8228afebcdaa8b25cc3caf19d20b95a13fc5 100644 (file)
--- a/arch/s390/mm/vmem.c
+++ b/arch/s390/mm/vmem.c
@@ -661,7 +661,6 @@ void __init vmem_map_init(void)
 {
        __set_memory_rox(_stext, _etext);
        __set_memory_ro(_etext, __end_rodata);
-       __set_memory_rox(_sinittext, _einittext);
        __set_memory_rox(__stext_amode31, __etext_amode31);
        /*
         * If the BEAR-enhancement facility is not installed the first
@@ -672,8 +671,6 @@ void __init vmem_map_init(void)
                set_memory_x(0, 1);
        if (debug_pagealloc_enabled())
                __set_memory_4k(__va(0), __va(0) + ident_map_size);
-       if (MACHINE_HAS_NX)
-               system_ctl_set_bit(0, CR0_INSTRUCTION_EXEC_PROTECTION_BIT);
        pr_info("Write protected kernel read-only data: %luk\n",
                (unsigned long)(__end_rodata - _stext) >> 10);
 }