arm64: module: create module allocations without exec permissions

Now that the core code manages the executable permissions of code
regions of modules explicitly, it is no longer necessary to create
the module vmalloc regions with RWX permissions, and we can create
them with RW- permissions instead, which is preferred from a
security perspective.

Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
index dd080837e6a9c18d70d7e1b74bca707f25040b45..5b5936b7868c4dd09cbd0aec012666cec74373cd 100644 (file)
--- a/arch/arm64/kernel/module.c
+++ b/arch/arm64/kernel/module.c
@@ -41,7 +41,7 @@ void *module_alloc(unsigned long size)
 
        p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
                                module_alloc_base + MODULES_VSIZE,
-                               gfp_mask, PAGE_KERNEL_EXEC, 0,
+                               gfp_mask, PAGE_KERNEL, 0,
                                NUMA_NO_NODE, __builtin_return_address(0));
 
        if (!p && IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) &&
@@ -57,7 +57,7 @@ void *module_alloc(unsigned long size)
                 */
                p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
                                module_alloc_base + SZ_2G, GFP_KERNEL,
-                               PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
+                               PAGE_KERNEL, 0, NUMA_NO_NODE,
                                __builtin_return_address(0));
 
        if (p && (kasan_module_alloc(p, size) < 0)) {