s390/module: create module allocations without exec permissions

This is the s390 variant of commit 7dfac3c5f40e ("arm64: module: create
module allocations without exec permissions"):

"The core code manages the executable permissions of code regions of
modules explicitly. It is no longer necessary to create the module vmalloc
regions with RWX permissions. So create them with RW- permissions instead,
which is preferred from a security perspective."

Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
index 57c13e30e66d339c47677f12df5b46943fc28b70..07a13546980d9d099be44d22db3c7eb4079c1014 100644 (file)
--- a/arch/s390/kernel/module.c
+++ b/arch/s390/kernel/module.c
@@ -63,7 +63,7 @@ void *module_alloc(unsigned long size)
                return NULL;
        p = __vmalloc_node_range(size, MODULE_ALIGN,
                                 MODULES_VADDR + get_module_load_offset(), MODULES_END,
-                                gfp_mask, PAGE_KERNEL_EXEC, VM_DEFER_KMEMLEAK, NUMA_NO_NODE,
+                                gfp_mask, PAGE_KERNEL, VM_DEFER_KMEMLEAK, NUMA_NO_NODE,
                                 __builtin_return_address(0));
        if (p && (kasan_alloc_module_shadow(p, size, gfp_mask) < 0)) {
                vfree(p);