From: Mark Rutland <mark.rutland@arm.com>
To: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, catalin.marinas@arm.com,
ard.biesheuvel@linaro.org, sboyd@codeaurora.org,
dave.hansen@linux.intel.com, keescook@chromium.org,
msalter@redhat.com, labbott@redhat.com, tglx@linutronix.de
Subject: Re: [PATCH v3 11/20] arm64: mm: Map entry trampoline into trampoline and kernel page tables
Date: Wed, 6 Dec 2017 14:32:43 +0000 [thread overview]
Message-ID: <20171206143243.rzcssrrkomyb66jg@lakrids.cambridge.arm.com> (raw)
In-Reply-To: <1512563739-25239-12-git-send-email-will.deacon@arm.com>
On Wed, Dec 06, 2017 at 12:35:30PM +0000, Will Deacon wrote:
> The exception entry trampoline needs to be mapped at the same virtual
> address in both the trampoline page table (which maps nothing else)
> and also the kernel page table, so that we can swizzle TTBR1_EL1 on
> exceptions from and return to EL0.
>
> This patch maps the trampoline at a fixed virtual address in the fixmap
> area of the kernel virtual address space, which allows the kernel proper
> to be randomized with respect to the trampoline when KASLR is enabled.
>
> Signed-off-by: Will Deacon <will.deacon@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
> arch/arm64/include/asm/fixmap.h | 4 ++++
> arch/arm64/include/asm/pgtable.h | 1 +
> arch/arm64/kernel/asm-offsets.c | 6 +++++-
> arch/arm64/mm/mmu.c | 23 +++++++++++++++++++++++
> 4 files changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
> index 4052ec39e8db..8119b49be98d 100644
> --- a/arch/arm64/include/asm/fixmap.h
> +++ b/arch/arm64/include/asm/fixmap.h
> @@ -58,6 +58,10 @@ enum fixed_addresses {
> FIX_APEI_GHES_NMI,
> #endif /* CONFIG_ACPI_APEI_GHES */
>
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> + FIX_ENTRY_TRAMP_TEXT,
> +#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
> +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
> __end_of_permanent_fixed_addresses,
>
> /*
> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
> index 149d05fb9421..774003b247ad 100644
> --- a/arch/arm64/include/asm/pgtable.h
> +++ b/arch/arm64/include/asm/pgtable.h
> @@ -680,6 +680,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
>
> extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
> extern pgd_t idmap_pg_dir[PTRS_PER_PGD];
> +extern pgd_t tramp_pg_dir[PTRS_PER_PGD];
>
> /*
> * Encode and decode a swap entry:
> diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
> index 71bf088f1e4b..af247d10252f 100644
> --- a/arch/arm64/kernel/asm-offsets.c
> +++ b/arch/arm64/kernel/asm-offsets.c
> @@ -24,6 +24,7 @@
> #include <linux/kvm_host.h>
> #include <linux/suspend.h>
> #include <asm/cpufeature.h>
> +#include <asm/fixmap.h>
> #include <asm/thread_info.h>
> #include <asm/memory.h>
> #include <asm/smp_plat.h>
> @@ -148,11 +149,14 @@ int main(void)
> DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2));
> DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
> DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
> -
> BLANK();
> DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address));
> DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address));
> DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next));
> DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val));
> + BLANK();
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> + DEFINE(TRAMP_VALIAS, TRAMP_VALIAS);
> +#endif
> return 0;
> }
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index 267d2b79d52d..fe68a48c64cb 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -525,6 +525,29 @@ static int __init parse_rodata(char *arg)
> }
> early_param("rodata", parse_rodata);
>
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> +static int __init map_entry_trampoline(void)
> +{
> + extern char __entry_tramp_text_start[];
> +
> + pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> + phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
> +
> + /* The trampoline is always mapped and can therefore be global */
> + pgprot_val(prot) &= ~PTE_NG;
> +
> + /* Map only the text into the trampoline page table */
> + memset(tramp_pg_dir, 0, PGD_SIZE);
> + __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
> + prot, pgd_pgtable_alloc, 0);
> +
> + /* ...as well as the kernel page table */
> + __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
> + return 0;
> +}
> +core_initcall(map_entry_trampoline);
> +#endif
> +
> /*
> * Create fine-grained mappings for the kernel.
> */
> --
> 2.1.4
>
WARNING: multiple messages have this Message-ID (diff)
From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 11/20] arm64: mm: Map entry trampoline into trampoline and kernel page tables
Date: Wed, 6 Dec 2017 14:32:43 +0000 [thread overview]
Message-ID: <20171206143243.rzcssrrkomyb66jg@lakrids.cambridge.arm.com> (raw)
In-Reply-To: <1512563739-25239-12-git-send-email-will.deacon@arm.com>
On Wed, Dec 06, 2017 at 12:35:30PM +0000, Will Deacon wrote:
> The exception entry trampoline needs to be mapped at the same virtual
> address in both the trampoline page table (which maps nothing else)
> and also the kernel page table, so that we can swizzle TTBR1_EL1 on
> exceptions from and return to EL0.
>
> This patch maps the trampoline at a fixed virtual address in the fixmap
> area of the kernel virtual address space, which allows the kernel proper
> to be randomized with respect to the trampoline when KASLR is enabled.
>
> Signed-off-by: Will Deacon <will.deacon@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Mark.
> ---
> arch/arm64/include/asm/fixmap.h | 4 ++++
> arch/arm64/include/asm/pgtable.h | 1 +
> arch/arm64/kernel/asm-offsets.c | 6 +++++-
> arch/arm64/mm/mmu.c | 23 +++++++++++++++++++++++
> 4 files changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
> index 4052ec39e8db..8119b49be98d 100644
> --- a/arch/arm64/include/asm/fixmap.h
> +++ b/arch/arm64/include/asm/fixmap.h
> @@ -58,6 +58,10 @@ enum fixed_addresses {
> FIX_APEI_GHES_NMI,
> #endif /* CONFIG_ACPI_APEI_GHES */
>
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> + FIX_ENTRY_TRAMP_TEXT,
> +#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
> +#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
> __end_of_permanent_fixed_addresses,
>
> /*
> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
> index 149d05fb9421..774003b247ad 100644
> --- a/arch/arm64/include/asm/pgtable.h
> +++ b/arch/arm64/include/asm/pgtable.h
> @@ -680,6 +680,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
>
> extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
> extern pgd_t idmap_pg_dir[PTRS_PER_PGD];
> +extern pgd_t tramp_pg_dir[PTRS_PER_PGD];
>
> /*
> * Encode and decode a swap entry:
> diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
> index 71bf088f1e4b..af247d10252f 100644
> --- a/arch/arm64/kernel/asm-offsets.c
> +++ b/arch/arm64/kernel/asm-offsets.c
> @@ -24,6 +24,7 @@
> #include <linux/kvm_host.h>
> #include <linux/suspend.h>
> #include <asm/cpufeature.h>
> +#include <asm/fixmap.h>
> #include <asm/thread_info.h>
> #include <asm/memory.h>
> #include <asm/smp_plat.h>
> @@ -148,11 +149,14 @@ int main(void)
> DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2));
> DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
> DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
> -
> BLANK();
> DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address));
> DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address));
> DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next));
> DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val));
> + BLANK();
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> + DEFINE(TRAMP_VALIAS, TRAMP_VALIAS);
> +#endif
> return 0;
> }
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index 267d2b79d52d..fe68a48c64cb 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -525,6 +525,29 @@ static int __init parse_rodata(char *arg)
> }
> early_param("rodata", parse_rodata);
>
> +#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
> +static int __init map_entry_trampoline(void)
> +{
> + extern char __entry_tramp_text_start[];
> +
> + pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
> + phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
> +
> + /* The trampoline is always mapped and can therefore be global */
> + pgprot_val(prot) &= ~PTE_NG;
> +
> + /* Map only the text into the trampoline page table */
> + memset(tramp_pg_dir, 0, PGD_SIZE);
> + __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
> + prot, pgd_pgtable_alloc, 0);
> +
> + /* ...as well as the kernel page table */
> + __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
> + return 0;
> +}
> +core_initcall(map_entry_trampoline);
> +#endif
> +
> /*
> * Create fine-grained mappings for the kernel.
> */
> --
> 2.1.4
>
next prev parent reply other threads:[~2017-12-06 14:33 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-06 12:35 [PATCH v3 00/20] arm64: Unmap the kernel whilst running in userspace (KPTI) Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 01/20] arm64: mm: Use non-global mappings for kernel space Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 02/20] arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 03/20] arm64: mm: Move ASID from TTBR0 to TTBR1 Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 04/20] arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 05/20] arm64: mm: Rename post_ttbr0_update_workaround Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 06/20] arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN Will Deacon
2017-12-06 12:35 ` Will Deacon
2018-01-17 2:58 ` Yisheng Xie
2018-01-17 2:58 ` Yisheng Xie
2017-12-06 12:35 ` [PATCH v3 07/20] arm64: mm: Allocate ASIDs in pairs Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 08/20] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 09/20] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 10/20] arm64: entry: Add exception trampoline page for exceptions from EL0 Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 11/20] arm64: mm: Map entry trampoline into trampoline and kernel page tables Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 14:32 ` Mark Rutland [this message]
2017-12-06 14:32 ` Mark Rutland
2018-01-23 8:28 ` Yisheng Xie
2018-01-23 8:28 ` Yisheng Xie
2018-01-23 10:04 ` Will Deacon
2018-01-23 10:04 ` Will Deacon
2018-01-23 10:43 ` Yisheng Xie
2018-01-23 10:43 ` Yisheng Xie
2017-12-06 12:35 ` [PATCH v3 12/20] arm64: entry: Explicitly pass exception level to kernel_ventry macro Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 13/20] arm64: entry: Hook up entry trampoline to exception vectors Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 14/20] arm64: erratum: Work around Falkor erratum #E1003 in trampoline code Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 15/20] arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 16/20] arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 14:11 ` Mark Rutland
2017-12-06 14:11 ` Mark Rutland
2017-12-06 12:35 ` [PATCH v3 17/20] arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:35 ` [PATCH v3 18/20] perf: arm_spe: Fail device probe when arm64_kernel_unmapped_at_el0() Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 13:34 ` Mark Rutland
2017-12-06 13:34 ` Mark Rutland
2017-12-06 12:35 ` [PATCH v3 19/20] arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 14:12 ` Mark Rutland
2017-12-06 14:12 ` Mark Rutland
2017-12-06 12:35 ` [PATCH v3 20/20] arm64: kaslr: Put kernel vectors address in separate data page Will Deacon
2017-12-06 12:35 ` Will Deacon
2017-12-06 12:59 ` Ard Biesheuvel
2017-12-06 12:59 ` Ard Biesheuvel
2017-12-06 13:27 ` Will Deacon
2017-12-06 13:27 ` Will Deacon
2017-12-06 14:03 ` Ard Biesheuvel
2017-12-06 14:03 ` Ard Biesheuvel
2017-12-08 0:40 ` [PATCH v3 00/20] arm64: Unmap the kernel whilst running in userspace (KPTI) Laura Abbott
2017-12-08 0:40 ` Laura Abbott
2017-12-11 13:23 ` Will Deacon
2017-12-11 13:23 ` Will Deacon
2017-12-11 17:59 ` Catalin Marinas
2017-12-11 17:59 ` Catalin Marinas
2018-01-04 5:17 ` Florian Fainelli
2018-01-04 5:17 ` Florian Fainelli
2018-01-04 6:50 ` Greg Kroah-Hartman
2018-01-04 6:50 ` Greg Kroah-Hartman
2018-01-04 18:23 ` Florian Fainelli
2018-01-04 18:23 ` Florian Fainelli
2018-01-04 23:27 ` Russell King - ARM Linux
2018-01-04 23:27 ` Russell King - ARM Linux
2018-01-05 16:06 ` Greg Kroah-Hartman
2018-01-05 16:06 ` Greg Kroah-Hartman
2018-01-05 16:12 ` Ard Biesheuvel
2018-01-05 16:12 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171206143243.rzcssrrkomyb66jg@lakrids.cambridge.arm.com \
--to=mark.rutland@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=keescook@chromium.org \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=msalter@redhat.com \
--cc=sboyd@codeaurora.org \
--cc=tglx@linutronix.de \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.