From: Russell Currey <ruscur@russell.cc>
To: Christophe Leroy <christophe.leroy@c-s.fr>,
linuxppc-dev@lists.ozlabs.org
Cc: mpe@ellerman.id.au, ajd@linux.ibm.com, dja@axtens.net,
npiggin@gmail.com, kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v7 7/7] powerpc/32: use set_memory_attr()
Date: Wed, 01 Apr 2020 13:27:03 +1100 [thread overview]
Message-ID: <6b003f8d254d1614cec838e1c032c3005d52d44d.camel@russell.cc> (raw)
In-Reply-To: <e61a1f88-1ad6-ca26-790b-f036faacb790@c-s.fr>
On Tue, 2020-03-31 at 11:56 +0200, Christophe Leroy wrote:
>
> Le 31/03/2020 à 06:48, Russell Currey a écrit :
> > From: Christophe Leroy <christophe.leroy@c-s.fr>
> >
> > Use set_memory_attr() instead of the PPC32 specific
> > change_page_attr()
> >
> > change_page_attr() was checking that the address was not mapped by
> > blocks and was handling highmem, but that's unneeded because the
> > affected pages can't be in highmem and block mapping verification
> > is already done by the callers.
> >
> > Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
> > ---
> > arch/powerpc/mm/pgtable_32.c | 95 ++++---------------------------
> > -----
> > 1 file changed, 10 insertions(+), 85 deletions(-)
> >
> > diff --git a/arch/powerpc/mm/pgtable_32.c
> > b/arch/powerpc/mm/pgtable_32.c
> > index 5fb90edd865e..3d92eaf3ee2f 100644
> > --- a/arch/powerpc/mm/pgtable_32.c
> > +++ b/arch/powerpc/mm/pgtable_32.c
> > @@ -23,6 +23,7 @@
> > #include <linux/highmem.h>
> > #include <linux/memblock.h>
> > #include <linux/slab.h>
> > +#include <linux/set_memory.h>
> >
> > #include <asm/pgtable.h>
> > #include <asm/pgalloc.h>
> > @@ -121,99 +122,20 @@ void __init mapin_ram(void)
> > }
> > }
> >
> > -/* Scan the real Linux page tables and return a PTE pointer for
> > - * a virtual address in a context.
> > - * Returns true (1) if PTE was found, zero otherwise. The pointer
> > to
> > - * the PTE pointer is unmodified if PTE is not found.
> > - */
> > -static int
> > -get_pteptr(struct mm_struct *mm, unsigned long addr, pte_t **ptep,
> > pmd_t **pmdp)
>
> This will conflict, get_pteptr() is gone now, see
> https://github.com/linuxppc/linux/commit/2efc7c085f05870eda6f29ac71eeb83f3bd54415
>
> Christophe
OK cool, so I can just drop that hunk? Will try that and make sure it
rebases on powerpc/next
- Russell
>
>
> > -{
> > - pgd_t *pgd;
> > - pud_t *pud;
> > - pmd_t *pmd;
> > - pte_t *pte;
> > - int retval = 0;
> > -
> > - pgd = pgd_offset(mm, addr & PAGE_MASK);
> > - if (pgd) {
> > - pud = pud_offset(pgd, addr & PAGE_MASK);
> > - if (pud && pud_present(*pud)) {
> > - pmd = pmd_offset(pud, addr & PAGE_MASK);
> > - if (pmd_present(*pmd)) {
> > - pte = pte_offset_map(pmd, addr &
> > PAGE_MASK);
> > - if (pte) {
> > - retval = 1;
> > - *ptep = pte;
> > - if (pmdp)
> > - *pmdp = pmd;
> > - /* XXX caller needs to do
> > pte_unmap, yuck */
> > - }
> > - }
> > - }
> > - }
> > - return(retval);
> > -}
> > -
> > -static int __change_page_attr_noflush(struct page *page, pgprot_t
> > prot)
> > -{
> > - pte_t *kpte;
> > - pmd_t *kpmd;
> > - unsigned long address;
> > -
> > - BUG_ON(PageHighMem(page));
> > - address = (unsigned long)page_address(page);
> > -
> > - if (v_block_mapped(address))
> > - return 0;
> > - if (!get_pteptr(&init_mm, address, &kpte, &kpmd))
> > - return -EINVAL;
> > - __set_pte_at(&init_mm, address, kpte, mk_pte(page, prot), 0);
> > - pte_unmap(kpte);
> > -
> > - return 0;
> > -}
> > -
> > -/*
> > - * Change the page attributes of an page in the linear mapping.
> > - *
> > - * THIS DOES NOTHING WITH BAT MAPPINGS, DEBUG USE ONLY
> > - */
> > -static int change_page_attr(struct page *page, int numpages,
> > pgprot_t prot)
> > -{
> > - int i, err = 0;
> > - unsigned long flags;
> > - struct page *start = page;
> > -
> > - local_irq_save(flags);
> > - for (i = 0; i < numpages; i++, page++) {
> > - err = __change_page_attr_noflush(page, prot);
> > - if (err)
> > - break;
> > - }
> > - wmb();
> > - local_irq_restore(flags);
> > - flush_tlb_kernel_range((unsigned long)page_address(start),
> > - (unsigned long)page_address(page));
> > - return err;
> > -}
> > -
> > void mark_initmem_nx(void)
> > {
> > - struct page *page = virt_to_page(_sinittext);
> > unsigned long numpages = PFN_UP((unsigned long)_einittext) -
> > PFN_DOWN((unsigned long)_sinittext);
> >
> > if (v_block_mapped((unsigned long)_stext + 1))
> > mmu_mark_initmem_nx();
> > else
> > - change_page_attr(page, numpages, PAGE_KERNEL);
> > + set_memory_attr((unsigned long)_sinittext, numpages,
> > PAGE_KERNEL);
> > }
> >
> > #ifdef CONFIG_STRICT_KERNEL_RWX
> > void mark_rodata_ro(void)
> > {
> > - struct page *page;
> > unsigned long numpages;
> >
> > if (v_block_mapped((unsigned long)_sinittext)) {
> > @@ -222,20 +144,18 @@ void mark_rodata_ro(void)
> > return;
> > }
> >
> > - page = virt_to_page(_stext);
> > numpages = PFN_UP((unsigned long)_etext) -
> > PFN_DOWN((unsigned long)_stext);
> >
> > - change_page_attr(page, numpages, PAGE_KERNEL_ROX);
> > + set_memory_attr((unsigned long)_stext, numpages,
> > PAGE_KERNEL_ROX);
> > /*
> > * mark .rodata as read only. Use __init_begin rather than
> > __end_rodata
> > * to cover NOTES and EXCEPTION_TABLE.
> > */
> > - page = virt_to_page(__start_rodata);
> > numpages = PFN_UP((unsigned long)__init_begin) -
> > PFN_DOWN((unsigned long)__start_rodata);
> >
> > - change_page_attr(page, numpages, PAGE_KERNEL_RO);
> > + set_memory_attr((unsigned long)__start_rodata, numpages,
> > PAGE_KERNEL_RO);
> >
> > // mark_initmem_nx() should have already run by now
> > ptdump_check_wx();
> > @@ -245,9 +165,14 @@ void mark_rodata_ro(void)
> > #ifdef CONFIG_DEBUG_PAGEALLOC
> > void __kernel_map_pages(struct page *page, int numpages, int
> > enable)
> > {
> > + unsigned long addr = (unsigned long)page_address(page);
> > +
> > if (PageHighMem(page))
> > return;
> >
> > - change_page_attr(page, numpages, enable ? PAGE_KERNEL :
> > __pgprot(0));
> > + if (enable)
> > + set_memory_attr(addr, numpages, PAGE_KERNEL);
> > + else
> > + set_memory_attr(addr, numpages, __pgprot(0));
> > }
> > #endif /* CONFIG_DEBUG_PAGEALLOC */
> >
next prev parent reply other threads:[~2020-04-01 2:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-31 4:48 [PATCH v7 0/7] set_memory() routines and STRICT_MODULE_RWX Russell Currey
2020-03-31 4:48 ` [PATCH v7 1/7] powerpc/mm: Implement set_memory() routines Russell Currey
2020-03-31 4:48 ` [PATCH v7 2/7] powerpc/kprobes: Mark newly allocated probes as RO Russell Currey
2020-03-31 4:48 ` [PATCH v7 3/7] powerpc/mm/ptdump: debugfs handler for W+X checks at runtime Russell Currey
2020-03-31 4:48 ` [PATCH v7 4/7] powerpc: Set ARCH_HAS_STRICT_MODULE_RWX Russell Currey
2020-03-31 4:48 ` [PATCH v7 5/7] powerpc/configs: Enable STRICT_MODULE_RWX in skiroot_defconfig Russell Currey
2020-03-31 4:48 ` [PATCH v7 6/7] powerpc/mm: implement set_memory_attr() Russell Currey
2020-03-31 4:48 ` [PATCH v7 7/7] powerpc/32: use set_memory_attr() Russell Currey
2020-03-31 9:56 ` Christophe Leroy
2020-04-01 2:27 ` Russell Currey [this message]
2020-04-01 5:50 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6b003f8d254d1614cec838e1c032c3005d52d44d.camel@russell.cc \
--to=ruscur@russell.cc \
--cc=ajd@linux.ibm.com \
--cc=christophe.leroy@c-s.fr \
--cc=dja@axtens.net \
--cc=kernel-hardening@lists.openwall.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).