From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.0 required=3.0 tests=BAYES_00,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A78FC432BE for ; Mon, 2 Aug 2021 12:38:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 05FBB60F50 for ; Mon, 2 Aug 2021 12:38:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233652AbhHBMjF (ORCPT ); Mon, 2 Aug 2021 08:39:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:44756 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232815AbhHBMjE (ORCPT ); Mon, 2 Aug 2021 08:39:04 -0400 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5250960F58; Mon, 2 Aug 2021 12:38:55 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=why.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mAXDZ-002Rjd-BU; Mon, 02 Aug 2021 13:38:53 +0100 From: Marc Zyngier To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org Cc: James Morse , Suzuki K Poulose , Alexandru Elisei , Quentin Perret , Will Deacon , Catalin Marinas , kernel-team@android.com Subject: [PATCH v2 0/2] KVM: arm64: Prevent kmemleak from accessing HYP data Date: Mon, 2 Aug 2021 13:38:28 +0100 Message-Id: <20210802123830.2195174-1-maz@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, james.morse@arm.com, suzuki.poulose@arm.com, alexandru.elisei@arm.com, qperret@google.com, will@kernel.org, catalin.marinas@arm.com, kernel-team@android.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org This is a rework of the patch previously posted at [1]. The gist of the problem is that kmemleak can legitimately access data that has been removed from the kernel view, for two reasons: (1) .hyp.rodata is lumped together with the BSS (2) there is no separation of the HYP BSS from the kernel BSS (1) can easily be addressed by moving the .hyp.rodata section into the kernel's RO zone, which avoids any kmemleak into that section. (2) must be addressed by telling kmemleak about the address range. Tested on a SC2A11 system, in protected and non-protected modes with kmemleak active. Both patches are stable candidates. [1] https://lore.kernel.org/r/20210729135016.3037277-1-maz@kernel.org Marc Zyngier (2): arm64: Move .hyp.rodata outside of the _sdata.._edata range KVM: arm64: Unregister HYP sections from kmemleak in protected mode arch/arm64/kernel/vmlinux.lds.S | 4 ++-- arch/arm64/kvm/arm.c | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) -- 2.30.2 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.0 required=3.0 tests=BAYES_00,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46133C4320A for ; Mon, 2 Aug 2021 12:39:02 +0000 (UTC) Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by mail.kernel.org (Postfix) with ESMTP id C6FDA60F41 for ; Mon, 2 Aug 2021 12:39:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C6FDA60F41 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.cs.columbia.edu Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 7C7DB4B08F; Mon, 2 Aug 2021 08:39:01 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9F7v6BwbBN8X; Mon, 2 Aug 2021 08:38:59 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 243B24AEE2; Mon, 2 Aug 2021 08:38:58 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 454834099E for ; Mon, 2 Aug 2021 08:38:57 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w+DR5aDzbJys for ; Mon, 2 Aug 2021 08:38:56 -0400 (EDT) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 487A64081C for ; Mon, 2 Aug 2021 08:38:56 -0400 (EDT) Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5250960F58; Mon, 2 Aug 2021 12:38:55 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=why.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mAXDZ-002Rjd-BU; Mon, 02 Aug 2021 13:38:53 +0100 From: Marc Zyngier To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 0/2] KVM: arm64: Prevent kmemleak from accessing HYP data Date: Mon, 2 Aug 2021 13:38:28 +0100 Message-Id: <20210802123830.2195174-1-maz@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, james.morse@arm.com, suzuki.poulose@arm.com, alexandru.elisei@arm.com, qperret@google.com, will@kernel.org, catalin.marinas@arm.com, kernel-team@android.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Cc: kernel-team@android.com, Will Deacon , Catalin Marinas X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu This is a rework of the patch previously posted at [1]. The gist of the problem is that kmemleak can legitimately access data that has been removed from the kernel view, for two reasons: (1) .hyp.rodata is lumped together with the BSS (2) there is no separation of the HYP BSS from the kernel BSS (1) can easily be addressed by moving the .hyp.rodata section into the kernel's RO zone, which avoids any kmemleak into that section. (2) must be addressed by telling kmemleak about the address range. Tested on a SC2A11 system, in protected and non-protected modes with kmemleak active. Both patches are stable candidates. [1] https://lore.kernel.org/r/20210729135016.3037277-1-maz@kernel.org Marc Zyngier (2): arm64: Move .hyp.rodata outside of the _sdata.._edata range KVM: arm64: Unregister HYP sections from kmemleak in protected mode arch/arm64/kernel/vmlinux.lds.S | 4 ++-- arch/arm64/kvm/arm.c | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) -- 2.30.2 _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12D81C4338F for ; Mon, 2 Aug 2021 12:41:22 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D4D3E60F51 for ; Mon, 2 Aug 2021 12:41:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D4D3E60F51 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=GeKgc3CfU7wzmPPtd0SEv7hvP5zliQB3pVgNMtKxbMs=; b=n766XzYN5jJzTW Rb0BcFV8M0qNVS60qBTMeWDaIwJpB4v64yC7fFVVFLSARHuXUsV1AgFSi8k4JvXPWi3XyRFDUV+ws chC0v0UCyNI0SuTMc5aP2uMdLETMPBauWTknlhFHo+CvCXyAA88NJqiSXWpc/jeBKTXYO4H4ESlrq 7RlNYj7mcFy8mxYZuAmZgt2Gc5sE+WmQXJazePOs9efKAYg++U43j/K3/4fm0dZxwOBGHUSdtvGc6 UHaisasNCzmBNSHBcRF9I3XbZHXt/Dp436Jo0ihyd82EFtYLUZTX/FzM49gV9dlUzlotDF1Bq+Bly w2XAU6UStwpZ6oml4kkQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mAXDp-00GDdO-A3; Mon, 02 Aug 2021 12:39:09 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mAXDb-00GDai-JH for linux-arm-kernel@lists.infradead.org; Mon, 02 Aug 2021 12:38:57 +0000 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5250960F58; Mon, 2 Aug 2021 12:38:55 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=why.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mAXDZ-002Rjd-BU; Mon, 02 Aug 2021 13:38:53 +0100 From: Marc Zyngier To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org Cc: James Morse , Suzuki K Poulose , Alexandru Elisei , Quentin Perret , Will Deacon , Catalin Marinas , kernel-team@android.com Subject: [PATCH v2 0/2] KVM: arm64: Prevent kmemleak from accessing HYP data Date: Mon, 2 Aug 2021 13:38:28 +0100 Message-Id: <20210802123830.2195174-1-maz@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, james.morse@arm.com, suzuki.poulose@arm.com, alexandru.elisei@arm.com, qperret@google.com, will@kernel.org, catalin.marinas@arm.com, kernel-team@android.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210802_053855_711032_90EBDEAA X-CRM114-Status: GOOD ( 12.93 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is a rework of the patch previously posted at [1]. The gist of the problem is that kmemleak can legitimately access data that has been removed from the kernel view, for two reasons: (1) .hyp.rodata is lumped together with the BSS (2) there is no separation of the HYP BSS from the kernel BSS (1) can easily be addressed by moving the .hyp.rodata section into the kernel's RO zone, which avoids any kmemleak into that section. (2) must be addressed by telling kmemleak about the address range. Tested on a SC2A11 system, in protected and non-protected modes with kmemleak active. Both patches are stable candidates. [1] https://lore.kernel.org/r/20210729135016.3037277-1-maz@kernel.org Marc Zyngier (2): arm64: Move .hyp.rodata outside of the _sdata.._edata range KVM: arm64: Unregister HYP sections from kmemleak in protected mode arch/arm64/kernel/vmlinux.lds.S | 4 ++-- arch/arm64/kvm/arm.c | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) -- 2.30.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel