ARC: [mm] Make stack/heap Non-executable by default

1. For VM_EXEC based delayed dcache/icache flush, reduces the number of
   flushes.

2. Makes this security feature ON by default rather than OFF before.

3. Applications can use mprotect() to selectively override this.

4. ELF binaries have a GNU_STACK segment which can easily override the
   kernel default permissions.
   For nested-functions/trampolines, gcc already auto-enables executable
   stack in elf. Others needing this can use -Wl,-z,execstack option.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>

diff --git a/arch/arc/Kconfig b/arch/arc/Kconfig
index 5917099470eaf74d259051b4f7451683cc52901a..659dadfb094114035df1050268db1bbfb9eb8e34 100644 (file)
--- a/arch/arc/Kconfig
+++ b/arch/arc/Kconfig
@@ -361,13 +361,6 @@ config ARC_MISALIGN_ACCESS
          Use ONLY-IF-ABS-NECESSARY as it will be very slow and also can hide
          potential bugs in code
 
-config ARC_STACK_NONEXEC
-       bool "Make stack non-executable"
-       default n
-       help
-         To disable the execute permissions of stack/heap of processes
-         which are enabled by default.
-
 config HZ
        int "Timer Frequency"
        default 100

diff --git a/arch/arc/include/asm/page.h b/arch/arc/include/asm/page.h
index ab84bf131fe135a2070c4a22bc5c177020787759..9c8aa41e45c2248b0ee39a23c3802e4f7425d358 100644 (file)
--- a/arch/arc/include/asm/page.h
+++ b/arch/arc/include/asm/page.h
@@ -96,13 +96,8 @@ typedef unsigned long pgtable_t;
 
 #define virt_addr_valid(kaddr)  pfn_valid(__pa(kaddr) >> PAGE_SHIFT)
 
-/* Default Permissions for page, used in mmap.c */
-#ifdef CONFIG_ARC_STACK_NONEXEC
+/* Default Permissions for stack/heaps pages (Non Executable) */
 #define VM_DATA_DEFAULT_FLAGS   (VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE)
-#else
-#define VM_DATA_DEFAULT_FLAGS   (VM_READ | VM_WRITE | VM_EXEC | \
-                                VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
-#endif
 
 #define WANT_PAGE_VIRTUAL   1