* + x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits.patch added to -mm tree
@ 2020-06-21 2:19 akpm
0 siblings, 0 replies; only message in thread
From: akpm @ 2020-06-21 2:19 UTC (permalink / raw)
To: mm-commits, will, wei.liu, vkuznets, peterz, jeyu, decui, david,
catalin.marinas, hch
The patch titled
Subject: x86/hyperv: allocate the hypercall page with only read and execute bits
has been added to the -mm tree. Its filename is
x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Christoph Hellwig <hch@lst.de>
Subject: x86/hyperv: allocate the hypercall page with only read and execute bits
Patch series "fix a hyperv W^X violation and remove vmalloc_exec"
Dexuan reported a W^X violation due to the fact that the hyper hypercall
page due switching it to be allocated using vmalloc_exec. The problem is
that PAGE_KERNEL_EXEC as used by vmalloc_exec actually sets writable
permissions in the pte. This series fixes the issue by switching to the
low-level __vmalloc_node_range interface that allows specifing more
detailed permissions instead. It then also open codes the other two
callers and removes the somewhat confusing vmalloc_exec interface.
Peter noted that the hyper hypercall page allocation also has another long
standing issue in that it shouldn't use the full vmalloc but just the
module space. This issue is so far theoretical as the allocation is done
early in the boot process. I plan to fix it with another bigger series
for 5.9.
This patch (of 3):
Avoid a W^X violation cause by the fact that PAGE_KERNEL_EXEC includes the
writable bit.
For this resurrect the removed PAGE_KERNEL_RX definitіon, but as
PAGE_KERNEL_ROX to match arm64 and powerpc.
Link: http://lkml.kernel.org/r/20200618064307.32739-2-hch@lst.de
Fixes: 78bb17f76edc ("x86/hyperv: use vmalloc_exec for the hypercall page")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Dexuan Cui <decui@microsoft.com>
Tested-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Acked-by: Wei Liu <wei.liu@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Jessica Yu <jeyu@kernel.org>
Cc: David Hildenbrand <david@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
arch/x86/hyperv/hv_init.c | 4 +++-
arch/x86/include/asm/pgtable_types.h | 2 ++
2 files changed, 5 insertions(+), 1 deletion(-)
--- a/arch/x86/hyperv/hv_init.c~x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits
+++ a/arch/x86/hyperv/hv_init.c
@@ -375,7 +375,9 @@ void __init hyperv_init(void)
guest_id = generate_guest_id(0, LINUX_VERSION_CODE, 0);
wrmsrl(HV_X64_MSR_GUEST_OS_ID, guest_id);
- hv_hypercall_pg = vmalloc_exec(PAGE_SIZE);
+ hv_hypercall_pg = __vmalloc_node_range(PAGE_SIZE, 1, VMALLOC_START,
+ VMALLOC_END, GFP_KERNEL, PAGE_KERNEL_ROX,
+ VM_FLUSH_RESET_PERMS, NUMA_NO_NODE, __func__);
if (hv_hypercall_pg == NULL) {
wrmsrl(HV_X64_MSR_GUEST_OS_ID, 0);
goto remove_cpuhp_state;
--- a/arch/x86/include/asm/pgtable_types.h~x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits
+++ a/arch/x86/include/asm/pgtable_types.h
@@ -194,6 +194,7 @@ enum page_cache_mode {
#define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0)
#define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC)
#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G)
+#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G)
#define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| 0|___G| __NC)
#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G)
#define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G)
@@ -219,6 +220,7 @@ enum page_cache_mode {
#define PAGE_KERNEL_RO __pgprot_mask(__PAGE_KERNEL_RO | _ENC)
#define PAGE_KERNEL_EXEC __pgprot_mask(__PAGE_KERNEL_EXEC | _ENC)
#define PAGE_KERNEL_EXEC_NOENC __pgprot_mask(__PAGE_KERNEL_EXEC | 0)
+#define PAGE_KERNEL_ROX __pgprot_mask(__PAGE_KERNEL_ROX | _ENC)
#define PAGE_KERNEL_NOCACHE __pgprot_mask(__PAGE_KERNEL_NOCACHE | _ENC)
#define PAGE_KERNEL_LARGE __pgprot_mask(__PAGE_KERNEL_LARGE | _ENC)
#define PAGE_KERNEL_LARGE_EXEC __pgprot_mask(__PAGE_KERNEL_LARGE_EXEC | _ENC)
_
Patches currently in -mm which might be from hch@lst.de are
x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits.patch
arm64-use-page_kernel_rox-directly-in-alloc_insn_page.patch
mm-remove-vmalloc_exec.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-06-21 2:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-21 2:19 + x86-hyperv-allocate-the-hypercall-page-with-only-read-and-execute-bits.patch added to -mm tree akpm
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.