* [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
@ 2023-11-17 13:14 Will Deacon
2023-11-17 14:24 ` Russell King (Oracle)
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Will Deacon @ 2023-11-17 13:14 UTC (permalink / raw)
To: linux-arm-kernel
Cc: kernel-team, Will Deacon, Ard Biesheuvel, Catalin Marinas, Mark Rutland
When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the
kernel command-line (rather than "rodata=full") should turn off the
"full" behaviour, leaving writable linear aliases of read-only kernel
memory. Unfortunately, the option has no effect in this situation and
the only way to disable the "rodata=full" behaviour is to disable rodata
protection entirely by passing "rodata=off".
Fix this by parsing the "on" and "off" options in the arch code,
additionally enforcing that 'rodata_full' cannot be set without also
setting 'rodata_enabled', allowing us to simplify a couple of checks
in the process.
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/include/asm/setup.h | 17 +++++++++++++++--
arch/arm64/mm/pageattr.c | 7 +++----
2 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h
index f4af547ef54c..2e4d7da74fb8 100644
--- a/arch/arm64/include/asm/setup.h
+++ b/arch/arm64/include/asm/setup.h
@@ -21,9 +21,22 @@ static inline bool arch_parse_debug_rodata(char *arg)
extern bool rodata_enabled;
extern bool rodata_full;
- if (arg && !strcmp(arg, "full")) {
+ if (!arg)
+ return false;
+
+ if (!strcmp(arg, "full")) {
+ rodata_enabled = rodata_full = true;
+ return true;
+ }
+
+ if (!strcmp(arg, "off")) {
+ rodata_enabled = rodata_full = false;
+ return true;
+ }
+
+ if (!strcmp(arg, "on")) {
rodata_enabled = true;
- rodata_full = true;
+ rodata_full = false;
return true;
}
diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index 8e2017ba5f1b..924843f1f661 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -29,8 +29,8 @@ bool can_set_direct_map(void)
*
* KFENCE pool requires page-granular mapping if initialized late.
*/
- return (rodata_enabled && rodata_full) || debug_pagealloc_enabled() ||
- arm64_kfence_can_set_direct_map();
+ return rodata_full || debug_pagealloc_enabled() ||
+ arm64_kfence_can_set_direct_map();
}
static int change_page_range(pte_t *ptep, unsigned long addr, void *data)
@@ -105,8 +105,7 @@ static int change_memory_common(unsigned long addr, int numpages,
* If we are manipulating read-only permissions, apply the same
* change to the linear mapping of the pages that back this VM area.
*/
- if (rodata_enabled &&
- rodata_full && (pgprot_val(set_mask) == PTE_RDONLY ||
+ if (rodata_full && (pgprot_val(set_mask) == PTE_RDONLY ||
pgprot_val(clear_mask) == PTE_RDONLY)) {
for (i = 0; i < area->nr_pages; i++) {
__change_memory_common((u64)page_address(area->pages[i]),
--
2.43.0.rc0.421.g78406f8d94-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
2023-11-17 13:14 [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y Will Deacon
@ 2023-11-17 14:24 ` Russell King (Oracle)
2023-11-17 15:09 ` Ard Biesheuvel
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Russell King (Oracle) @ 2023-11-17 14:24 UTC (permalink / raw)
To: Will Deacon
Cc: linux-arm-kernel, kernel-team, Ard Biesheuvel, Catalin Marinas,
Mark Rutland
On Fri, Nov 17, 2023 at 01:14:22PM +0000, Will Deacon wrote:
> When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the
> kernel command-line (rather than "rodata=full") should turn off the
> "full" behaviour, leaving writable linear aliases of read-only kernel
> memory. Unfortunately, the option has no effect in this situation and
> the only way to disable the "rodata=full" behaviour is to disable rodata
> protection entirely by passing "rodata=off".
>
> Fix this by parsing the "on" and "off" options in the arch code,
> additionally enforcing that 'rodata_full' cannot be set without also
> setting 'rodata_enabled', allowing us to simplify a couple of checks
> in the process.
>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Signed-off-by: Will Deacon <will@kernel.org>
Ouch. Looks correct to me, so...
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Thanks!
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
2023-11-17 13:14 [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y Will Deacon
2023-11-17 14:24 ` Russell King (Oracle)
@ 2023-11-17 15:09 ` Ard Biesheuvel
2023-11-21 15:03 ` Will Deacon
2023-11-22 18:52 ` Catalin Marinas
2023-11-22 19:15 ` Catalin Marinas
3 siblings, 1 reply; 7+ messages in thread
From: Ard Biesheuvel @ 2023-11-17 15:09 UTC (permalink / raw)
To: Will Deacon; +Cc: linux-arm-kernel, kernel-team, Catalin Marinas, Mark Rutland
On Fri, 17 Nov 2023 at 08:14, Will Deacon <will@kernel.org> wrote:
>
> When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the
> kernel command-line (rather than "rodata=full") should turn off the
> "full" behaviour, leaving writable linear aliases of read-only kernel
> memory. Unfortunately, the option has no effect in this situation and
> the only way to disable the "rodata=full" behaviour is to disable rodata
> protection entirely by passing "rodata=off".
>
> Fix this by parsing the "on" and "off" options in the arch code,
> additionally enforcing that 'rodata_full' cannot be set without also
> setting 'rodata_enabled', allowing us to simplify a couple of checks
> in the process.
>
I think this got broken when this code was refactored to use the
generic parsing, which uses strtobool() and so it will match
rodata=0/1, yes, no etc, and only 'full' is handled as a special case.
Not sure whether this matters, and I'd much prefer supporting only
'on', 'off' and 'full' because we'll need to parse rodata= early too
(for my big head.S / LPA2 refactor).
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Signed-off-by: Will Deacon <will@kernel.org>
> ---
> arch/arm64/include/asm/setup.h | 17 +++++++++++++++--
> arch/arm64/mm/pageattr.c | 7 +++----
> 2 files changed, 18 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h
> index f4af547ef54c..2e4d7da74fb8 100644
> --- a/arch/arm64/include/asm/setup.h
> +++ b/arch/arm64/include/asm/setup.h
> @@ -21,9 +21,22 @@ static inline bool arch_parse_debug_rodata(char *arg)
> extern bool rodata_enabled;
> extern bool rodata_full;
>
> - if (arg && !strcmp(arg, "full")) {
> + if (!arg)
> + return false;
> +
> + if (!strcmp(arg, "full")) {
> + rodata_enabled = rodata_full = true;
> + return true;
> + }
> +
> + if (!strcmp(arg, "off")) {
> + rodata_enabled = rodata_full = false;
> + return true;
> + }
> +
> + if (!strcmp(arg, "on")) {
> rodata_enabled = true;
> - rodata_full = true;
> + rodata_full = false;
> return true;
> }
>
> diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
> index 8e2017ba5f1b..924843f1f661 100644
> --- a/arch/arm64/mm/pageattr.c
> +++ b/arch/arm64/mm/pageattr.c
> @@ -29,8 +29,8 @@ bool can_set_direct_map(void)
> *
> * KFENCE pool requires page-granular mapping if initialized late.
> */
> - return (rodata_enabled && rodata_full) || debug_pagealloc_enabled() ||
> - arm64_kfence_can_set_direct_map();
> + return rodata_full || debug_pagealloc_enabled() ||
> + arm64_kfence_can_set_direct_map();
> }
>
> static int change_page_range(pte_t *ptep, unsigned long addr, void *data)
> @@ -105,8 +105,7 @@ static int change_memory_common(unsigned long addr, int numpages,
> * If we are manipulating read-only permissions, apply the same
> * change to the linear mapping of the pages that back this VM area.
> */
> - if (rodata_enabled &&
> - rodata_full && (pgprot_val(set_mask) == PTE_RDONLY ||
> + if (rodata_full && (pgprot_val(set_mask) == PTE_RDONLY ||
> pgprot_val(clear_mask) == PTE_RDONLY)) {
> for (i = 0; i < area->nr_pages; i++) {
> __change_memory_common((u64)page_address(area->pages[i]),
> --
> 2.43.0.rc0.421.g78406f8d94-goog
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
2023-11-17 15:09 ` Ard Biesheuvel
@ 2023-11-21 15:03 ` Will Deacon
2023-11-21 15:24 ` Ard Biesheuvel
0 siblings, 1 reply; 7+ messages in thread
From: Will Deacon @ 2023-11-21 15:03 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-arm-kernel, kernel-team, Catalin Marinas, Mark Rutland
On Fri, Nov 17, 2023 at 10:09:04AM -0500, Ard Biesheuvel wrote:
> On Fri, 17 Nov 2023 at 08:14, Will Deacon <will@kernel.org> wrote:
> >
> > When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the
> > kernel command-line (rather than "rodata=full") should turn off the
> > "full" behaviour, leaving writable linear aliases of read-only kernel
> > memory. Unfortunately, the option has no effect in this situation and
> > the only way to disable the "rodata=full" behaviour is to disable rodata
> > protection entirely by passing "rodata=off".
> >
> > Fix this by parsing the "on" and "off" options in the arch code,
> > additionally enforcing that 'rodata_full' cannot be set without also
> > setting 'rodata_enabled', allowing us to simplify a couple of checks
> > in the process.
> >
>
> I think this got broken when this code was refactored to use the
> generic parsing, which uses strtobool() and so it will match
> rodata=0/1, yes, no etc, and only 'full' is handled as a special case.
strtobool() is such a hack! I don't think the core code uses it anymore
though: set_debug_rodata() uses good ol' strcmp() since 2e8cff0a0eee
("arm64: fix rodata=full").
> Not sure whether this matters, and I'd much prefer supporting only
> 'on', 'off' and 'full' because we'll need to parse rodata= early too
> (for my big head.S / LPA2 refactor).
I think that matches the current behaviour (minus the bug I'm fixing here)
and even the documentation in kernel-parameters.txt only talks about those
three values.
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
2023-11-21 15:03 ` Will Deacon
@ 2023-11-21 15:24 ` Ard Biesheuvel
0 siblings, 0 replies; 7+ messages in thread
From: Ard Biesheuvel @ 2023-11-21 15:24 UTC (permalink / raw)
To: Will Deacon; +Cc: linux-arm-kernel, kernel-team, Catalin Marinas, Mark Rutland
On Tue, 21 Nov 2023 at 10:03, Will Deacon <will@kernel.org> wrote:
>
> On Fri, Nov 17, 2023 at 10:09:04AM -0500, Ard Biesheuvel wrote:
> > On Fri, 17 Nov 2023 at 08:14, Will Deacon <will@kernel.org> wrote:
> > >
> > > When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the
> > > kernel command-line (rather than "rodata=full") should turn off the
> > > "full" behaviour, leaving writable linear aliases of read-only kernel
> > > memory. Unfortunately, the option has no effect in this situation and
> > > the only way to disable the "rodata=full" behaviour is to disable rodata
> > > protection entirely by passing "rodata=off".
> > >
> > > Fix this by parsing the "on" and "off" options in the arch code,
> > > additionally enforcing that 'rodata_full' cannot be set without also
> > > setting 'rodata_enabled', allowing us to simplify a couple of checks
> > > in the process.
> > >
> >
> > I think this got broken when this code was refactored to use the
> > generic parsing, which uses strtobool() and so it will match
> > rodata=0/1, yes, no etc, and only 'full' is handled as a special case.
>
> strtobool() is such a hack! I don't think the core code uses it anymore
> though: set_debug_rodata() uses good ol' strcmp() since 2e8cff0a0eee
> ("arm64: fix rodata=full").
>
> > Not sure whether this matters, and I'd much prefer supporting only
> > 'on', 'off' and 'full' because we'll need to parse rodata= early too
> > (for my big head.S / LPA2 refactor).
>
> I think that matches the current behaviour (minus the bug I'm fixing here)
> and even the documentation in kernel-parameters.txt only talks about those
> three values.
>
OK I didn't realize this was the current behavior already.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
2023-11-17 13:14 [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y Will Deacon
2023-11-17 14:24 ` Russell King (Oracle)
2023-11-17 15:09 ` Ard Biesheuvel
@ 2023-11-22 18:52 ` Catalin Marinas
2023-11-22 19:15 ` Catalin Marinas
3 siblings, 0 replies; 7+ messages in thread
From: Catalin Marinas @ 2023-11-22 18:52 UTC (permalink / raw)
To: Will Deacon; +Cc: linux-arm-kernel, kernel-team, Ard Biesheuvel, Mark Rutland
On Fri, Nov 17, 2023 at 01:14:22PM +0000, Will Deacon wrote:
> When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the
> kernel command-line (rather than "rodata=full") should turn off the
> "full" behaviour, leaving writable linear aliases of read-only kernel
> memory. Unfortunately, the option has no effect in this situation and
> the only way to disable the "rodata=full" behaviour is to disable rodata
> protection entirely by passing "rodata=off".
>
> Fix this by parsing the "on" and "off" options in the arch code,
> additionally enforcing that 'rodata_full' cannot be set without also
> setting 'rodata_enabled', allowing us to simplify a couple of checks
> in the process.
>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Signed-off-by: Will Deacon <will@kernel.org>
I'll add a:
Fixes: 2e8cff0a0eee ("arm64: fix rodata=full")
My quick grep shows that rodata_full = false was removed by the above
commit, leaving the default set by the config option.
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
2023-11-17 13:14 [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y Will Deacon
` (2 preceding siblings ...)
2023-11-22 18:52 ` Catalin Marinas
@ 2023-11-22 19:15 ` Catalin Marinas
3 siblings, 0 replies; 7+ messages in thread
From: Catalin Marinas @ 2023-11-22 19:15 UTC (permalink / raw)
To: linux-arm-kernel, Will Deacon; +Cc: kernel-team, Ard Biesheuvel, Mark Rutland
On Fri, 17 Nov 2023 13:14:22 +0000, Will Deacon wrote:
> When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the
> kernel command-line (rather than "rodata=full") should turn off the
> "full" behaviour, leaving writable linear aliases of read-only kernel
> memory. Unfortunately, the option has no effect in this situation and
> the only way to disable the "rodata=full" behaviour is to disable rodata
> protection entirely by passing "rodata=off".
>
> [...]
Applied to arm64 (for-next/fixes), thanks!
[1/1] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
https://git.kernel.org/arm64/c/acfa60dbe038
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-11-22 19:15 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-17 13:14 [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y Will Deacon
2023-11-17 14:24 ` Russell King (Oracle)
2023-11-17 15:09 ` Ard Biesheuvel
2023-11-21 15:03 ` Will Deacon
2023-11-21 15:24 ` Ard Biesheuvel
2023-11-22 18:52 ` Catalin Marinas
2023-11-22 19:15 ` Catalin Marinas
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.