All of lore.kernel.org
 help / color / mirror / Atom feed
From: Nadav Amit <namit@vmware.com>
To: Dave Hansen <dave.hansen@linux.intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
	"open list:MEMORY MANAGEMENT" <linux-mm@kvack.org>,
	Fengguang Wu <fengguang.wu@intel.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Andy Lutomirski <luto@kernel.org>,
	Arjan van de Ven <arjan@linux.intel.com>,
	Borislav Petkov <bp@alien8.de>,
	Dan Williams <dan.j.williams@intel.com>,
	David Woodhouse <dwmw2@infradead.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"hughd@google.com" <hughd@google.com>,
	"jpoimboe@redhat.com" <jpoimboe@redhat.com>,
	"jgross@suse.com" <jgross@suse.com>,
	"keescook@google.com" <keescook@google.com>,
	"torvalds@linux-foundation.org" <torvalds@linux-foundation.org>,
	"peterz@infradead.org" <peterz@infradead.org>,
	"tglx@linutronix.de" <tglx@linutronix.de>,
	"mingo@kernel.org" <mingo@kernel.org>
Subject: Re: [PATCH 5/5] x86, pti: filter at vma->vm_page_prot population
Date: Sat, 21 Apr 2018 01:21:01 +0000	[thread overview]
Message-ID: <295DB0D1-CDFB-482C-93DF-63DAA36DAE22@vmware.com> (raw)
In-Reply-To: <20180420222028.99D72858@viggo.jf.intel.com>

Dave Hansen <dave.hansen@linux.intel.com> wrote:

> 
> From: Dave Hansen <dave.hansen@linux.intel.com>
> 
> 0day reported warnings at boot on 32-bit systems without NX support:
> 
> [   12.349193] attempted to set unsupported pgprot: 8000000000000025 bits: 8000000000000000 supported: 7fffffffffffffff
> [   12.350792] WARNING: CPU: 0 PID: 1 at arch/x86/include/asm/pgtable.h:540 handle_mm_fault+0xfc1/0xfe0:
> 						check_pgprot at arch/x86/include/asm/pgtable.h:535
> 						 (inlined by) pfn_pte at arch/x86/include/asm/pgtable.h:549
> 						 (inlined by) do_anonymous_page at mm/memory.c:3169
> 						 (inlined by) handle_pte_fault at mm/memory.c:3961
> 						 (inlined by) __handle_mm_fault at mm/memory.c:4087
> 						 (inlined by) handle_mm_fault at mm/memory.c:4124
> 
> The problem was that we stopped massaging page permissions at PTE creation
> time, so vma->vm_page_prot was passed unfiltered to PTE creation.
> 
> To fix it, filter the page protections before they are installed in
> vma->vm_page_prot.
> 
> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
> Reported-by: Fengguang Wu <fengguang.wu@intel.com>
> Fixes: fb43d6cb91 ("x86/mm: Do not auto-massage page protections")
> Cc: Andrea Arcangeli <aarcange@redhat.com>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Arjan van de Ven <arjan@linux.intel.com>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: David Woodhouse <dwmw2@infradead.org>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Hugh Dickins <hughd@google.com>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> Cc: Juergen Gross <jgross@suse.com>
> Cc: Kees Cook <keescook@google.com>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Nadav Amit <namit@vmware.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: linux-mm@kvack.org
> Cc: Ingo Molnar <mingo@kernel.org>
> ---
> 
> b/arch/x86/Kconfig               |    4 ++++
> b/arch/x86/include/asm/pgtable.h |    5 +++++
> b/mm/mmap.c                      |   11 ++++++++++-
> 3 files changed, 19 insertions(+), 1 deletion(-)
> 
> diff -puN arch/x86/include/asm/pgtable.h~pti-glb-protection_map arch/x86/include/asm/pgtable.h
> --- a/arch/x86/include/asm/pgtable.h~pti-glb-protection_map	2018-04-20 14:10:08.251749151 -0700
> +++ b/arch/x86/include/asm/pgtable.h	2018-04-20 14:10:08.260749151 -0700
> @@ -601,6 +601,11 @@ static inline pgprot_t pgprot_modify(pgp
> 
> #define canon_pgprot(p) __pgprot(massage_pgprot(p))
> 
> +static inline pgprot_t arch_filter_pgprot(pgprot_t prot)
> +{
> +	return canon_pgprot(prot);
> +}
> +
> static inline int is_new_memtype_allowed(u64 paddr, unsigned long size,
> 					 enum page_cache_mode pcm,
> 					 enum page_cache_mode new_pcm)
> diff -puN arch/x86/Kconfig~pti-glb-protection_map arch/x86/Kconfig
> --- a/arch/x86/Kconfig~pti-glb-protection_map	2018-04-20 14:10:08.253749151 -0700
> +++ b/arch/x86/Kconfig	2018-04-20 14:10:08.260749151 -0700
> @@ -52,6 +52,7 @@ config X86
> 	select ARCH_HAS_DEVMEM_IS_ALLOWED
> 	select ARCH_HAS_ELF_RANDOMIZE
> 	select ARCH_HAS_FAST_MULTIPLIER
> +	select ARCH_HAS_FILTER_PGPROT
> 	select ARCH_HAS_FORTIFY_SOURCE
> 	select ARCH_HAS_GCOV_PROFILE_ALL
> 	select ARCH_HAS_KCOV			if X86_64
> @@ -273,6 +274,9 @@ config ARCH_HAS_CPU_RELAX
> config ARCH_HAS_CACHE_LINE_SIZE
> 	def_bool y
> 
> +config ARCH_HAS_FILTER_PGPROT
> +	def_bool y
> +
> config HAVE_SETUP_PER_CPU_AREA
> 	def_bool y
> 
> diff -puN mm/mmap.c~pti-glb-protection_map mm/mmap.c
> --- a/mm/mmap.c~pti-glb-protection_map	2018-04-20 14:10:08.256749151 -0700
> +++ b/mm/mmap.c	2018-04-20 14:10:08.261749151 -0700
> @@ -100,11 +100,20 @@ pgprot_t protection_map[16] __ro_after_i
> 	__S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
> };
> 
> +#ifndef CONFIG_ARCH_HAS_FILTER_PGPROT
> +static inline pgprot_t arch_filter_pgprot(pgprot_t prot)
> +{
> +	return prot;
> +}
> +#endif
> +
> pgprot_t vm_get_page_prot(unsigned long vm_flags)
> {
> -	return __pgprot(pgprot_val(protection_map[vm_flags &
> +	pgprot_t ret = __pgprot(pgprot_val(protection_map[vm_flags &
> 				(VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) |
> 			pgprot_val(arch_vm_get_page_prot(vm_flags)));
> +
> +	return arch_filter_pgprot(ret);
> }
> EXPORT_SYMBOL(vm_get_page_prot);

Wouldn’t it be simpler or at least cleaner to change the protection map if
NX is not supported? I presume it can be done paging_init() similarly to the
way other archs (e.g., arm, mips) do.


  reply	other threads:[~2018-04-21  1:21 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-20 22:20 [PATCH 0/5] x86, mm: PTI Global page fixes for 4.17 Dave Hansen
2018-04-20 22:20 ` Dave Hansen
2018-04-20 22:20 ` [PATCH 1/5] x86, pti: fix boot problems from Global-bit setting Dave Hansen
2018-04-20 22:20   ` Dave Hansen
2018-04-23 10:50   ` Aaro Koskinen
2018-04-23 10:50     ` Aaro Koskinen
2018-04-24  8:06   ` [tip:x86/pti] x86/pti: Fix " tip-bot for Dave Hansen
2018-04-25  9:06   ` tip-bot for Dave Hansen
2018-04-20 22:20 ` [PATCH 2/5] x86, pti: fix boot warning " Dave Hansen
2018-04-20 22:20   ` Dave Hansen
2018-04-23 10:51   ` Aaro Koskinen
2018-04-23 10:51     ` Aaro Koskinen
2018-04-24  8:07   ` [tip:x86/pti] x86/pti: Fix " tip-bot for Dave Hansen
2018-04-25  9:07   ` tip-bot for Dave Hansen
2018-04-20 22:20 ` [PATCH 3/5] x86, pti: reduce amount of kernel text allowed to be Global Dave Hansen
2018-04-20 22:20   ` Dave Hansen
2018-04-24  8:08   ` [tip:x86/pti] x86, pti: Reduce " tip-bot for Dave Hansen
2018-04-25  9:08   ` [tip:x86/pti] x86/pti: " tip-bot for Dave Hansen
2018-04-20 22:20 ` [PATCH 4/5] x86, pti: disallow global kernel text with RANDSTRUCT Dave Hansen
2018-04-20 22:20   ` Dave Hansen
2018-04-24  8:08   ` [tip:x86/pti] x86/pti: Disallow " tip-bot for Dave Hansen
2018-04-25  9:08   ` tip-bot for Dave Hansen
2018-04-20 22:20 ` [PATCH 5/5] x86, pti: filter at vma->vm_page_prot population Dave Hansen
2018-04-20 22:20   ` Dave Hansen
2018-04-21  1:21   ` Nadav Amit [this message]
2018-04-23 11:37     ` Dave Hansen
2018-04-23 11:37       ` Dave Hansen
2018-04-24  8:09   ` [tip:x86/pti] x86, pti: Filter " tip-bot for Dave Hansen
2018-04-25  9:09   ` [tip:x86/pti] x86/pti: " tip-bot for Dave Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=295DB0D1-CDFB-482C-93DF-63DAA36DAE22@vmware.com \
    --to=namit@vmware.com \
    --cc=aarcange@redhat.com \
    --cc=arjan@linux.intel.com \
    --cc=bp@alien8.de \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=dwmw2@infradead.org \
    --cc=fengguang.wu@intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hughd@google.com \
    --cc=jgross@suse.com \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.