* Re: [PATCH] x86/mm/pti: Move user W+X check into pti_finalize()
2018-08-08 11:16 [PATCH] x86/mm/pti: Move user W+X check into pti_finalize() Joerg Roedel
@ 2018-08-08 15:54 ` Dave Hansen
2018-08-09 11:16 ` Joerg Roedel
2018-08-08 20:33 ` Kees Cook
` (3 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Dave Hansen @ 2018-08-08 15:54 UTC (permalink / raw)
To: Joerg Roedel, Thomas Gleixner, Ingo Molnar, H . Peter Anvin
Cc: x86, linux-kernel, linux-mm, Linus Torvalds, Andy Lutomirski,
Josh Poimboeuf, Juergen Gross, Peter Zijlstra, Borislav Petkov,
Jiri Kosina, Boris Ostrovsky, Brian Gerst, David Laight,
Denys Vlasenko, Eduardo Valentin, Greg KH, Will Deacon, aliguori,
daniel.gruss, hughd, keescook, Andrea Arcangeli, Waiman Long,
Pavel Machek, David H . Gutteridge, jroedel
On 08/08/2018 04:16 AM, Joerg Roedel wrote:
> But with CONFIG_DEBUG_WX enabled, the user page-table is
> already checked in mark_readonly() for insecure mappings.
> This causes false-positive warnings, because the user
> page-table did not get the updated mappings yet.
One bit of information missing from the changelog: Could you clarify how
there are any entries in the user page tables for the code to complain?
Before pti_init(), I would have expected the user page tables to be empty.
That causes a different problem, but it would not have resulted in
warnings, so I think I'm missing something.
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH] x86/mm/pti: Move user W+X check into pti_finalize()
2018-08-08 15:54 ` Dave Hansen
@ 2018-08-09 11:16 ` Joerg Roedel
0 siblings, 0 replies; 8+ messages in thread
From: Joerg Roedel @ 2018-08-09 11:16 UTC (permalink / raw)
To: Dave Hansen
Cc: Joerg Roedel, Thomas Gleixner, Ingo Molnar, H . Peter Anvin, x86,
linux-kernel, linux-mm, Linus Torvalds, Andy Lutomirski,
Josh Poimboeuf, Juergen Gross, Peter Zijlstra, Borislav Petkov,
Jiri Kosina, Boris Ostrovsky, Brian Gerst, David Laight,
Denys Vlasenko, Eduardo Valentin, Greg KH, Will Deacon, aliguori,
daniel.gruss, hughd, keescook, Andrea Arcangeli, Waiman Long,
Pavel Machek, David H . Gutteridge
Hi Dave,
On Wed, Aug 08, 2018 at 08:54:37AM -0700, Dave Hansen wrote:
> One bit of information missing from the changelog: Could you clarify how
> there are any entries in the user page tables for the code to complain?
> Before pti_init(), I would have expected the user page tables to be empty.
The W+X check runs at the end of mark_readonly() in x86, which is after
pti_init() already put kernel mappings into the user page-table. Problem
is that the cloned entries are still W+X mapped, which is fixed in
pti_finalize() running _after_ mark_readonly().
Regards,
Joerg
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] x86/mm/pti: Move user W+X check into pti_finalize()
2018-08-08 11:16 [PATCH] x86/mm/pti: Move user W+X check into pti_finalize() Joerg Roedel
2018-08-08 15:54 ` Dave Hansen
@ 2018-08-08 20:33 ` Kees Cook
2018-08-09 11:26 ` Joerg Roedel
2018-08-09 18:46 ` [tip:x86/pti] " tip-bot for Joerg Roedel
` (2 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2018-08-08 20:33 UTC (permalink / raw)
To: Joerg Roedel
Cc: Thomas Gleixner, Ingo Molnar, H . Peter Anvin, X86 ML, LKML,
Linux-MM, Linus Torvalds, Andy Lutomirski, Dave Hansen,
Josh Poimboeuf, Juergen Gross, Peter Zijlstra, Borislav Petkov,
Jiri Kosina, Boris Ostrovsky, Brian Gerst, David Laight,
Denys Vlasenko, Eduardo Valentin, Greg KH, Will Deacon,
Anthony Liguori, Daniel Gruss, Hugh Dickins, Andrea Arcangeli,
Waiman Long, Pavel Machek, David H . Gutteridge, Joerg Roedel
On Wed, Aug 8, 2018 at 4:16 AM, Joerg Roedel <joro@8bytes.org> wrote:
> From: Joerg Roedel <jroedel@suse.de>
>
> The user page-table gets the updated kernel mappings in
> pti_finalize(), which runs after the RO+X permissions got
> applied to the kernel page-table in mark_readonly().
>
> But with CONFIG_DEBUG_WX enabled, the user page-table is
> already checked in mark_readonly() for insecure mappings.
> This causes false-positive warnings, because the user
> page-table did not get the updated mappings yet.
>
> Move the W+X check for the user page-table into
> pti_finalize() after it updated all required mappings.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
> arch/x86/include/asm/pgtable.h | 7 +++++--
> arch/x86/mm/dump_pagetables.c | 3 +--
> arch/x86/mm/pti.c | 2 ++
> 3 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
> index e39088cb..a1cb333 100644
> --- a/arch/x86/include/asm/pgtable.h
> +++ b/arch/x86/include/asm/pgtable.h
> @@ -30,11 +30,14 @@ int __init __early_make_pgtable(unsigned long address, pmdval_t pmd);
> void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
> void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user);
> void ptdump_walk_pgd_level_checkwx(void);
> +void ptdump_walk_user_pgd_level_checkwx(void);
>
> #ifdef CONFIG_DEBUG_WX
> -#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
> +#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
> +#define debug_checkwx_user() ptdump_walk_user_pgd_level_checkwx()
> #else
> -#define debug_checkwx() do { } while (0)
> +#define debug_checkwx() do { } while (0)
> +#define debug_checkwx_user() do { } while (0)
> #endif
>
> /*
> diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
> index ccd92c4..b8ab901 100644
> --- a/arch/x86/mm/dump_pagetables.c
> +++ b/arch/x86/mm/dump_pagetables.c
> @@ -569,7 +569,7 @@ void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user)
> }
> EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs);
>
> -static void ptdump_walk_user_pgd_level_checkwx(void)
> +void ptdump_walk_user_pgd_level_checkwx(void)
> {
> #ifdef CONFIG_PAGE_TABLE_ISOLATION
> pgd_t *pgd = INIT_PGD;
> @@ -586,7 +586,6 @@ static void ptdump_walk_user_pgd_level_checkwx(void)
> void ptdump_walk_pgd_level_checkwx(void)
> {
> ptdump_walk_pgd_level_core(NULL, NULL, true, false);
> - ptdump_walk_user_pgd_level_checkwx();
> }
>
> static int __init pt_dump_init(void)
> diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
> index 69a9d60..026a89a 100644
> --- a/arch/x86/mm/pti.c
> +++ b/arch/x86/mm/pti.c
> @@ -628,4 +628,6 @@ void pti_finalize(void)
> */
> pti_clone_entry_text();
> pti_clone_kernel_text();
> +
> + debug_checkwx_user();
> }
I'm slightly nervous about complicating this and splitting up the
check. I have a mild preference that all the checks get moved later,
so that all architectures have the checks happening at the same time
during boot. Splitting this up could give us some weird differences
between architectures, etc.
-Kees
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH] x86/mm/pti: Move user W+X check into pti_finalize()
2018-08-08 20:33 ` Kees Cook
@ 2018-08-09 11:26 ` Joerg Roedel
0 siblings, 0 replies; 8+ messages in thread
From: Joerg Roedel @ 2018-08-09 11:26 UTC (permalink / raw)
To: Kees Cook
Cc: Joerg Roedel, Thomas Gleixner, Ingo Molnar, H . Peter Anvin,
X86 ML, LKML, Linux-MM, Linus Torvalds, Andy Lutomirski,
Dave Hansen, Josh Poimboeuf, Juergen Gross, Peter Zijlstra,
Borislav Petkov, Jiri Kosina, Boris Ostrovsky, Brian Gerst,
David Laight, Denys Vlasenko, Eduardo Valentin, Greg KH,
Will Deacon, Anthony Liguori, Daniel Gruss, Hugh Dickins,
Andrea Arcangeli, Waiman Long, Pavel Machek,
David H . Gutteridge
Hi Kees,
On Wed, Aug 08, 2018 at 01:33:01PM -0700, Kees Cook wrote:
> I'm slightly nervous about complicating this and splitting up the
> check. I have a mild preference that all the checks get moved later,
> so that all architectures have the checks happening at the same time
> during boot. Splitting this up could give us some weird differences
> between architectures, etc.
As fas as I can see the checks are implemented on x86, arm, and arm64. I
agree that it would be better to run the checks at a unified place
across architectures and can send a patch-set for set once the dust
around the 32-bit PTI implementation for x86 has settled.
But currently the call-places are architecture specific and with that in
mind the split-up on x86 is the right thing to do. I'll change that back
when I implement your idea above.
Regards,
Joerg
^ permalink raw reply [flat|nested] 8+ messages in thread
* [tip:x86/pti] x86/mm/pti: Move user W+X check into pti_finalize()
2018-08-08 11:16 [PATCH] x86/mm/pti: Move user W+X check into pti_finalize() Joerg Roedel
2018-08-08 15:54 ` Dave Hansen
2018-08-08 20:33 ` Kees Cook
@ 2018-08-09 18:46 ` tip-bot for Joerg Roedel
2018-08-10 19:16 ` tip-bot for Joerg Roedel
2018-08-17 2:42 ` [PATCH] " David H. Gutteridge
4 siblings, 0 replies; 8+ messages in thread
From: tip-bot for Joerg Roedel @ 2018-08-09 18:46 UTC (permalink / raw)
To: linux-tip-commits
Cc: dhgutteridge, jkosina, luto, mingo, will.deacon, jpoimboe,
gregkh, llong, linux-kernel, peterz, jroedel, dave.hansen,
eduval, tglx, David.Laight, torvalds, pavel, boris.ostrovsky,
dvlasenk, bp, jgross, aarcange, brgerst, hpa
Commit-ID: a13c600e15de44ccf03df28d3311ef3cb754ed9b
Gitweb: https://git.kernel.org/tip/a13c600e15de44ccf03df28d3311ef3cb754ed9b
Author: Joerg Roedel <jroedel@suse.de>
AuthorDate: Wed, 8 Aug 2018 13:16:40 +0200
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Thu, 9 Aug 2018 20:42:07 +0200
x86/mm/pti: Move user W+X check into pti_finalize()
The user page-table gets the updated kernel mappings in pti_finalize(),
which runs after the RO+X permissions got applied to the kernel page-table
in mark_readonly().
But with CONFIG_DEBUG_WX enabled, the user page-table is already checked in
mark_readonly() for insecure mappings. This causes false-positive
warnings, because the user page-table did not get the updated mappings yet.
Move the W+X check for the user page-table into pti_finalize() after it
updated all required mappings.
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: linux-mm@kvack.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Waiman Long <llong@redhat.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: "David H . Gutteridge" <dhgutteridge@sympatico.ca>
Cc: joro@8bytes.org
Link: https://lkml.kernel.org/r/1533727000-9172-1-git-send-email-joro@8bytes.org
---
arch/x86/include/asm/pgtable.h | 7 +++++--
arch/x86/mm/dump_pagetables.c | 3 +--
arch/x86/mm/pti.c | 2 ++
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index e39088cb59ab..a1cb3339da8d 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -30,11 +30,14 @@ int __init __early_make_pgtable(unsigned long address, pmdval_t pmd);
void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user);
void ptdump_walk_pgd_level_checkwx(void);
+void ptdump_walk_user_pgd_level_checkwx(void);
#ifdef CONFIG_DEBUG_WX
-#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
+#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
+#define debug_checkwx_user() ptdump_walk_user_pgd_level_checkwx()
#else
-#define debug_checkwx() do { } while (0)
+#define debug_checkwx() do { } while (0)
+#define debug_checkwx_user() do { } while (0)
#endif
/*
diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
index ccd92c4da57c..b8ab9012ffd6 100644
--- a/arch/x86/mm/dump_pagetables.c
+++ b/arch/x86/mm/dump_pagetables.c
@@ -569,7 +569,7 @@ void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user)
}
EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs);
-static void ptdump_walk_user_pgd_level_checkwx(void)
+void ptdump_walk_user_pgd_level_checkwx(void)
{
#ifdef CONFIG_PAGE_TABLE_ISOLATION
pgd_t *pgd = INIT_PGD;
@@ -586,7 +586,6 @@ static void ptdump_walk_user_pgd_level_checkwx(void)
void ptdump_walk_pgd_level_checkwx(void)
{
ptdump_walk_pgd_level_core(NULL, NULL, true, false);
- ptdump_walk_user_pgd_level_checkwx();
}
static int __init pt_dump_init(void)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 1dc5c683e7a5..d58b4aba9510 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -646,4 +646,6 @@ void pti_finalize(void)
*/
pti_clone_entry_text();
pti_clone_kernel_text();
+
+ debug_checkwx_user();
}
^ permalink raw reply related [flat|nested] 8+ messages in thread* [tip:x86/pti] x86/mm/pti: Move user W+X check into pti_finalize()
2018-08-08 11:16 [PATCH] x86/mm/pti: Move user W+X check into pti_finalize() Joerg Roedel
` (2 preceding siblings ...)
2018-08-09 18:46 ` [tip:x86/pti] " tip-bot for Joerg Roedel
@ 2018-08-10 19:16 ` tip-bot for Joerg Roedel
2018-08-17 2:42 ` [PATCH] " David H. Gutteridge
4 siblings, 0 replies; 8+ messages in thread
From: tip-bot for Joerg Roedel @ 2018-08-10 19:16 UTC (permalink / raw)
To: linux-tip-commits
Cc: jpoimboe, linux-kernel, mingo, jroedel, peterz, pavel, gregkh,
bp, eduval, llong, torvalds, dhgutteridge, brgerst, hpa, tglx,
dvlasenk, jkosina, will.deacon, luto, jgross, dave.hansen,
David.Laight, aarcange, boris.ostrovsky
Commit-ID: d878efce73fe86db34ddb2013260adf571a701a7
Gitweb: https://git.kernel.org/tip/d878efce73fe86db34ddb2013260adf571a701a7
Author: Joerg Roedel <jroedel@suse.de>
AuthorDate: Wed, 8 Aug 2018 13:16:40 +0200
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Fri, 10 Aug 2018 21:12:45 +0200
x86/mm/pti: Move user W+X check into pti_finalize()
The user page-table gets the updated kernel mappings in pti_finalize(),
which runs after the RO+X permissions got applied to the kernel page-table
in mark_readonly().
But with CONFIG_DEBUG_WX enabled, the user page-table is already checked in
mark_readonly() for insecure mappings. This causes false-positive
warnings, because the user page-table did not get the updated mappings yet.
Move the W+X check for the user page-table into pti_finalize() after it
updated all required mappings.
[ tglx: Folded !NX supported fix ]
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: linux-mm@kvack.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Waiman Long <llong@redhat.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: "David H . Gutteridge" <dhgutteridge@sympatico.ca>
Cc: joro@8bytes.org
Link: https://lkml.kernel.org/r/1533727000-9172-1-git-send-email-joro@8bytes.org
---
arch/x86/include/asm/pgtable.h | 7 +++++--
arch/x86/mm/dump_pagetables.c | 6 +++---
arch/x86/mm/pti.c | 2 ++
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index e39088cb59ab..a1cb3339da8d 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -30,11 +30,14 @@ int __init __early_make_pgtable(unsigned long address, pmdval_t pmd);
void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user);
void ptdump_walk_pgd_level_checkwx(void);
+void ptdump_walk_user_pgd_level_checkwx(void);
#ifdef CONFIG_DEBUG_WX
-#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
+#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
+#define debug_checkwx_user() ptdump_walk_user_pgd_level_checkwx()
#else
-#define debug_checkwx() do { } while (0)
+#define debug_checkwx() do { } while (0)
+#define debug_checkwx_user() do { } while (0)
#endif
/*
diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
index ccd92c4da57c..a12afff146d1 100644
--- a/arch/x86/mm/dump_pagetables.c
+++ b/arch/x86/mm/dump_pagetables.c
@@ -569,12 +569,13 @@ void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user)
}
EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs);
-static void ptdump_walk_user_pgd_level_checkwx(void)
+void ptdump_walk_user_pgd_level_checkwx(void)
{
#ifdef CONFIG_PAGE_TABLE_ISOLATION
pgd_t *pgd = INIT_PGD;
- if (!static_cpu_has(X86_FEATURE_PTI))
+ if (!(__supported_pte_mask & _PAGE_NX) ||
+ !static_cpu_has(X86_FEATURE_PTI))
return;
pr_info("x86/mm: Checking user space page tables\n");
@@ -586,7 +587,6 @@ static void ptdump_walk_user_pgd_level_checkwx(void)
void ptdump_walk_pgd_level_checkwx(void)
{
ptdump_walk_pgd_level_core(NULL, NULL, true, false);
- ptdump_walk_user_pgd_level_checkwx();
}
static int __init pt_dump_init(void)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 1dc5c683e7a5..d58b4aba9510 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -646,4 +646,6 @@ void pti_finalize(void)
*/
pti_clone_entry_text();
pti_clone_kernel_text();
+
+ debug_checkwx_user();
}
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [PATCH] x86/mm/pti: Move user W+X check into pti_finalize()
2018-08-08 11:16 [PATCH] x86/mm/pti: Move user W+X check into pti_finalize() Joerg Roedel
` (3 preceding siblings ...)
2018-08-10 19:16 ` tip-bot for Joerg Roedel
@ 2018-08-17 2:42 ` David H. Gutteridge
4 siblings, 0 replies; 8+ messages in thread
From: David H. Gutteridge @ 2018-08-17 2:42 UTC (permalink / raw)
To: Joerg Roedel, Thomas Gleixner, Ingo Molnar, H . Peter Anvin
Cc: x86, linux-kernel, linux-mm, Linus Torvalds, Andy Lutomirski,
Dave Hansen, Josh Poimboeuf, Juergen Gross, Peter Zijlstra,
Borislav Petkov, Jiri Kosina, Boris Ostrovsky, Brian Gerst,
David Laight, Denys Vlasenko, Eduardo Valentin, Greg KH,
Will Deacon, aliguori, daniel.gruss, hughd, keescook,
Andrea Arcangeli, Waiman Long, Pavel Machek, jroedel
On Wed, 2018-08-08 at 13:16 +0200, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
>
> The user page-table gets the updated kernel mappings in
> pti_finalize(), which runs after the RO+X permissions got
> applied to the kernel page-table in mark_readonly().
>
> But with CONFIG_DEBUG_WX enabled, the user page-table is
> already checked in mark_readonly() for insecure mappings.
> This causes false-positive warnings, because the user
> page-table did not get the updated mappings yet.
>
> Move the W+X check for the user page-table into
> pti_finalize() after it updated all required mappings.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
> arch/x86/include/asm/pgtable.h | 7 +++++--
> arch/x86/mm/dump_pagetables.c | 3 +--
> arch/x86/mm/pti.c | 2 ++
> 3 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/include/asm/pgtable.h
> b/arch/x86/include/asm/pgtable.h
> index e39088cb..a1cb333 100644
> --- a/arch/x86/include/asm/pgtable.h
> +++ b/arch/x86/include/asm/pgtable.h
> @@ -30,11 +30,14 @@ int __init __early_make_pgtable(unsigned long
> address, pmdval_t pmd);
> void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
> void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd,
> bool user);
> void ptdump_walk_pgd_level_checkwx(void);
> +void ptdump_walk_user_pgd_level_checkwx(void);
>
> #ifdef CONFIG_DEBUG_WX
> -#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
> +#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
> +#define debug_checkwx_user() ptdump_walk_user_pgd_level_checkwx()
> #else
> -#define debug_checkwx() do { } while (0)
> +#define debug_checkwx() do { } while (0)
> +#define debug_checkwx_user() do { } while (0)
> #endif
>
> /*
> diff --git a/arch/x86/mm/dump_pagetables.c
> b/arch/x86/mm/dump_pagetables.c
> index ccd92c4..b8ab901 100644
> --- a/arch/x86/mm/dump_pagetables.c
> +++ b/arch/x86/mm/dump_pagetables.c
> @@ -569,7 +569,7 @@ void ptdump_walk_pgd_level_debugfs(struct seq_file
> *m, pgd_t *pgd, bool user)
> }
> EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs);
>
> -static void ptdump_walk_user_pgd_level_checkwx(void)
> +void ptdump_walk_user_pgd_level_checkwx(void)
> {
> #ifdef CONFIG_PAGE_TABLE_ISOLATION
> pgd_t *pgd = INIT_PGD;
> @@ -586,7 +586,6 @@ static void
> ptdump_walk_user_pgd_level_checkwx(void)
> void ptdump_walk_pgd_level_checkwx(void)
> {
> ptdump_walk_pgd_level_core(NULL, NULL, true, false);
> - ptdump_walk_user_pgd_level_checkwx();
> }
>
> static int __init pt_dump_init(void)
> diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
> index 69a9d60..026a89a 100644
> --- a/arch/x86/mm/pti.c
> +++ b/arch/x86/mm/pti.c
> @@ -628,4 +628,6 @@ void pti_finalize(void)
> */
> pti_clone_entry_text();
> pti_clone_kernel_text();
> +
> + debug_checkwx_user();
> }
I've tested this in a VM and on an Atom laptop, as usual. No
regressions noted.
(The version I tested was the latter pulled into tip:
[ tglx: Folded !NX supported fix ])
Tested-by: David H. Gutteridge <dhgutteridge@sympatico.ca>
Regards,
Dave
^ permalink raw reply [flat|nested] 8+ messages in thread