mirror of
https://github.com/torvalds/linux
synced 2024-09-16 00:58:07 +00:00
s390/module: create module allocations without exec permissions
This is the s390 variant of commit 7dfac3c5f4
("arm64: module: create
module allocations without exec permissions"):
"The core code manages the executable permissions of code regions of
modules explicitly. It is no longer necessary to create the module vmalloc
regions with RWX permissions. So create them with RW- permissions instead,
which is preferred from a security perspective."
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
This commit is contained in:
parent
7c7ab788c0
commit
1707c11652
|
@ -63,7 +63,7 @@ void *module_alloc(unsigned long size)
|
|||
return NULL;
|
||||
p = __vmalloc_node_range(size, MODULE_ALIGN,
|
||||
MODULES_VADDR + get_module_load_offset(), MODULES_END,
|
||||
gfp_mask, PAGE_KERNEL_EXEC, VM_DEFER_KMEMLEAK, NUMA_NO_NODE,
|
||||
gfp_mask, PAGE_KERNEL, VM_DEFER_KMEMLEAK, NUMA_NO_NODE,
|
||||
__builtin_return_address(0));
|
||||
if (p && (kasan_alloc_module_shadow(p, size, gfp_mask) < 0)) {
|
||||
vfree(p);
|
||||
|
|
Loading…
Reference in a new issue