arm64_addrenv_pgmap.c: Revoke user execution access to kernel mmap'd pages

pussuw · xiaoxiang781216 · commit 0ca1a07e8437 · 2024-09-10T23:10:57.000+08:00
Otherwise, user can run code from there
diff --git a/arch/arm64/src/common/arm64_addrenv_pgmap.c b/arch/arm64/src/common/arm64_addrenv_pgmap.c
@@ -271,6 +271,10 @@ int up_addrenv_kmap_pages(void **pages, unsigned int npages, uintptr_t vaddr,
 
   mask &= ~PTE_BLOCK_DESC_NG;
 
+  /* Also, revoke user execute access */
+
+  mask |= PTE_BLOCK_DESC_UXN;
+
   /* Let arm64_map_pages do the work */
 
   return arm64_map_pages(addrenv, (uintptr_t *)pages, npages, vaddr, mask);
