From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: kvmarm@lists.cs.columbia.edu, linux-hardening@vger.kernel.org,
Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>,
Marc Zyngier <maz@kernel.org>, Fuad Tabba <tabba@google.com>,
Quentin Perret <qperret@google.com>,
Mark Rutland <mark.rutland@arm.com>,
James Morse <james.morse@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>
Subject: [RFC PATCH 07/12] arm64: mm: remap PTE level user page tables r/o in the linear region
Date: Wed, 26 Jan 2022 18:30:06 +0100 [thread overview]
Message-ID: <20220126173011.3476262-8-ardb@kernel.org> (raw)
In-Reply-To: <20220126173011.3476262-1-ardb@kernel.org>
Now that all PTE manipulations for user space tables go via the fixmap,
we can remap these tables read-only in the linear region so they cannot
be corrupted inadvertently.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/include/asm/pgalloc.h | 5 +++++
arch/arm64/include/asm/tlb.h | 2 ++
arch/arm64/mm/mmu.c | 23 ++++++++++++++++++++
3 files changed, 30 insertions(+)
diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h
index 63f9ae9e96fe..18a5bb0c9ee4 100644
--- a/arch/arm64/include/asm/pgalloc.h
+++ b/arch/arm64/include/asm/pgalloc.h
@@ -18,10 +18,15 @@
#define __HAVE_ARCH_PUD_FREE
#define __HAVE_ARCH_PMD_ALLOC_ONE
#define __HAVE_ARCH_PMD_FREE
+#define __HAVE_ARCH_PTE_ALLOC_ONE
+#define __HAVE_ARCH_PTE_FREE
#include <asm-generic/pgalloc.h>
#define PGD_SIZE (PTRS_PER_PGD * sizeof(pgd_t))
+pgtable_t pte_alloc_one(struct mm_struct *mm);
+void pte_free(struct mm_struct *mm, struct page *pte_page);
+
#if CONFIG_PGTABLE_LEVELS > 2
pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr);
diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h
index 0f54fbb59bba..e69a44160cce 100644
--- a/arch/arm64/include/asm/tlb.h
+++ b/arch/arm64/include/asm/tlb.h
@@ -75,6 +75,8 @@ static inline void tlb_flush(struct mmu_gather *tlb)
static inline void __pte_free_tlb(struct mmu_gather *tlb, pgtable_t pte,
unsigned long addr)
{
+ if (page_tables_are_ro())
+ set_pgtable_rw(page_address(pte));
pgtable_pte_page_dtor(pte);
tlb_remove_table(tlb, pte);
}
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index e55d91a5f1ed..949846654797 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1686,3 +1686,26 @@ void pmd_free(struct mm_struct *mm, pmd_t *pmd)
free_page((u64)pmd);
}
#endif
+
+pgtable_t pte_alloc_one(struct mm_struct *mm)
+{
+ pgtable_t pgt = __pte_alloc_one(mm, GFP_PGTABLE_USER);
+
+ VM_BUG_ON(mm == &init_mm);
+
+ if (!pgt)
+ return NULL;
+ if (page_tables_are_ro())
+ set_pgtable_ro(page_address(pgt));
+ return pgt;
+}
+
+void pte_free(struct mm_struct *mm, struct page *pte_page)
+{
+ VM_BUG_ON(mm == &init_mm);
+
+ if (page_tables_are_ro())
+ set_pgtable_rw(page_address(pte_page));
+ pgtable_pte_page_dtor(pte_page);
+ __free_page(pte_page);
+}
--
2.30.2
WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Marc Zyngier <maz@kernel.org>,
kvmarm@lists.cs.columbia.edu, linux-hardening@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>
Subject: [RFC PATCH 07/12] arm64: mm: remap PTE level user page tables r/o in the linear region
Date: Wed, 26 Jan 2022 18:30:06 +0100 [thread overview]
Message-ID: <20220126173011.3476262-8-ardb@kernel.org> (raw)
In-Reply-To: <20220126173011.3476262-1-ardb@kernel.org>
Now that all PTE manipulations for user space tables go via the fixmap,
we can remap these tables read-only in the linear region so they cannot
be corrupted inadvertently.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/include/asm/pgalloc.h | 5 +++++
arch/arm64/include/asm/tlb.h | 2 ++
arch/arm64/mm/mmu.c | 23 ++++++++++++++++++++
3 files changed, 30 insertions(+)
diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h
index 63f9ae9e96fe..18a5bb0c9ee4 100644
--- a/arch/arm64/include/asm/pgalloc.h
+++ b/arch/arm64/include/asm/pgalloc.h
@@ -18,10 +18,15 @@
#define __HAVE_ARCH_PUD_FREE
#define __HAVE_ARCH_PMD_ALLOC_ONE
#define __HAVE_ARCH_PMD_FREE
+#define __HAVE_ARCH_PTE_ALLOC_ONE
+#define __HAVE_ARCH_PTE_FREE
#include <asm-generic/pgalloc.h>
#define PGD_SIZE (PTRS_PER_PGD * sizeof(pgd_t))
+pgtable_t pte_alloc_one(struct mm_struct *mm);
+void pte_free(struct mm_struct *mm, struct page *pte_page);
+
#if CONFIG_PGTABLE_LEVELS > 2
pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr);
diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h
index 0f54fbb59bba..e69a44160cce 100644
--- a/arch/arm64/include/asm/tlb.h
+++ b/arch/arm64/include/asm/tlb.h
@@ -75,6 +75,8 @@ static inline void tlb_flush(struct mmu_gather *tlb)
static inline void __pte_free_tlb(struct mmu_gather *tlb, pgtable_t pte,
unsigned long addr)
{
+ if (page_tables_are_ro())
+ set_pgtable_rw(page_address(pte));
pgtable_pte_page_dtor(pte);
tlb_remove_table(tlb, pte);
}
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index e55d91a5f1ed..949846654797 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1686,3 +1686,26 @@ void pmd_free(struct mm_struct *mm, pmd_t *pmd)
free_page((u64)pmd);
}
#endif
+
+pgtable_t pte_alloc_one(struct mm_struct *mm)
+{
+ pgtable_t pgt = __pte_alloc_one(mm, GFP_PGTABLE_USER);
+
+ VM_BUG_ON(mm == &init_mm);
+
+ if (!pgt)
+ return NULL;
+ if (page_tables_are_ro())
+ set_pgtable_ro(page_address(pgt));
+ return pgt;
+}
+
+void pte_free(struct mm_struct *mm, struct page *pte_page)
+{
+ VM_BUG_ON(mm == &init_mm);
+
+ if (page_tables_are_ro())
+ set_pgtable_rw(page_address(pte_page));
+ pgtable_pte_page_dtor(pte_page);
+ __free_page(pte_page);
+}
--
2.30.2
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: kvmarm@lists.cs.columbia.edu, linux-hardening@vger.kernel.org,
Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>,
Marc Zyngier <maz@kernel.org>, Fuad Tabba <tabba@google.com>,
Quentin Perret <qperret@google.com>,
Mark Rutland <mark.rutland@arm.com>,
James Morse <james.morse@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>
Subject: [RFC PATCH 07/12] arm64: mm: remap PTE level user page tables r/o in the linear region
Date: Wed, 26 Jan 2022 18:30:06 +0100 [thread overview]
Message-ID: <20220126173011.3476262-8-ardb@kernel.org> (raw)
In-Reply-To: <20220126173011.3476262-1-ardb@kernel.org>
Now that all PTE manipulations for user space tables go via the fixmap,
we can remap these tables read-only in the linear region so they cannot
be corrupted inadvertently.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/include/asm/pgalloc.h | 5 +++++
arch/arm64/include/asm/tlb.h | 2 ++
arch/arm64/mm/mmu.c | 23 ++++++++++++++++++++
3 files changed, 30 insertions(+)
diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h
index 63f9ae9e96fe..18a5bb0c9ee4 100644
--- a/arch/arm64/include/asm/pgalloc.h
+++ b/arch/arm64/include/asm/pgalloc.h
@@ -18,10 +18,15 @@
#define __HAVE_ARCH_PUD_FREE
#define __HAVE_ARCH_PMD_ALLOC_ONE
#define __HAVE_ARCH_PMD_FREE
+#define __HAVE_ARCH_PTE_ALLOC_ONE
+#define __HAVE_ARCH_PTE_FREE
#include <asm-generic/pgalloc.h>
#define PGD_SIZE (PTRS_PER_PGD * sizeof(pgd_t))
+pgtable_t pte_alloc_one(struct mm_struct *mm);
+void pte_free(struct mm_struct *mm, struct page *pte_page);
+
#if CONFIG_PGTABLE_LEVELS > 2
pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr);
diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h
index 0f54fbb59bba..e69a44160cce 100644
--- a/arch/arm64/include/asm/tlb.h
+++ b/arch/arm64/include/asm/tlb.h
@@ -75,6 +75,8 @@ static inline void tlb_flush(struct mmu_gather *tlb)
static inline void __pte_free_tlb(struct mmu_gather *tlb, pgtable_t pte,
unsigned long addr)
{
+ if (page_tables_are_ro())
+ set_pgtable_rw(page_address(pte));
pgtable_pte_page_dtor(pte);
tlb_remove_table(tlb, pte);
}
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index e55d91a5f1ed..949846654797 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1686,3 +1686,26 @@ void pmd_free(struct mm_struct *mm, pmd_t *pmd)
free_page((u64)pmd);
}
#endif
+
+pgtable_t pte_alloc_one(struct mm_struct *mm)
+{
+ pgtable_t pgt = __pte_alloc_one(mm, GFP_PGTABLE_USER);
+
+ VM_BUG_ON(mm == &init_mm);
+
+ if (!pgt)
+ return NULL;
+ if (page_tables_are_ro())
+ set_pgtable_ro(page_address(pgt));
+ return pgt;
+}
+
+void pte_free(struct mm_struct *mm, struct page *pte_page)
+{
+ VM_BUG_ON(mm == &init_mm);
+
+ if (page_tables_are_ro())
+ set_pgtable_rw(page_address(pte_page));
+ pgtable_pte_page_dtor(pte_page);
+ __free_page(pte_page);
+}
--
2.30.2
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-01-26 17:30 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-26 17:29 [RFC PATCH 00/12] arm64: implement read-only page tables Ard Biesheuvel
2022-01-26 17:29 ` Ard Biesheuvel
2022-01-26 17:29 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 01/12] asm-generic/pgalloc: allow arch to override PMD alloc/free routines Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 02/12] arm64: mm: add helpers to remap page tables read-only/read-write Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 03/12] arm64: mm: use a fixmap slot for user page table modifications Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-28 16:08 ` Steven Price
2022-01-28 16:08 ` Steven Price
2022-01-28 16:08 ` Steven Price
2022-01-26 17:30 ` [RFC PATCH 04/12] arm64: mm: remap PGD pages r/o in the linear region after allocation Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 05/12] arm64: mm: remap PUD pages r/o in linear region Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 06/12] arm64: mm: remap PMD " Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel [this message]
2022-01-26 17:30 ` [RFC PATCH 07/12] arm64: mm: remap PTE level user page tables r/o in the " Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 08/12] arm64: mm: remap kernel PTE level " Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 09/12] arm64: mm: remap kernel page tables read-only at end of init Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 10/12] mm: add default definition of p4d_index() Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 11/12] arm64: efi: use set_pte_at() not set_pte() in order to pass mm pointer Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` [RFC PATCH 12/12] arm64: hugetlb: use set_pte_at() not set_pte() to provide " Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
2022-01-26 17:30 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220126173011.3476262-8-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=qperret@google.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.