From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=fJxK=ID=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-14.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 66BC0C433DB
	for <linux-arm-kernel@archiver.kernel.org>; Fri,  5 Mar 2021 08:15:33 +0000 (UTC)
Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id EF9C865011
	for <linux-arm-kernel@archiver.kernel.org>; Fri,  5 Mar 2021 08:15:32 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EF9C865011
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding
	:Content-Type:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:
	References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=CZU0AdmvRN8RNPTxF1wkOnvD3fFs7lacQtoaxtgyIKQ=; b=OPEztXb0Jmhcsf4UDHaGGqsey
	9sJzwJ13Id3e5g82vvwdCIkDR9uQaIFeq0+NUhvr74vszEGSP6PK1UQZxGrVXss6f20hFaH6zL9Pb
	S5PL7D4awmOWrDq/TIAN2Jmd/ZQSvTuP0VecKuu7oJ7UJEpH9WJxPtcXxounP58+vxqIpeYF56YLn
	8iGns/D42EvYU1PMMO5Y74kLjyJ6LUt0YE7nGE2eT+kXopVoXaEoNUFEyNWREQ4zbs8746fpvkcP8
	cqK05zTlYmFg0RmunTvlT6Sobt1pX06qd+vbdLBxKphUzRXihdFlKkLSQ0UXwLknBXXs3RISoW+42
	qkk5DX0aQ==;
Received: from localhost ([::1] helo=desiato.infradead.org)
	by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux))
	id 1lI5aj-00DwKh-Tw; Fri, 05 Mar 2021 08:13:46 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux))
 id 1lI5ae-00DwIr-5n
 for linux-arm-kernel@lists.infradead.org; Fri, 05 Mar 2021 08:13:42 +0000
Received: by mail.kernel.org (Postfix) with ESMTPSA id B4A5265019
 for <linux-arm-kernel@lists.infradead.org>;
 Fri,  5 Mar 2021 08:13:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1614932018;
 bh=rULgGesFuufQHPbuD26dJANoM6usmeFT/EtHVm61QIM=;
 h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
 b=RYTFE7EF2oLCuvXF21XSA8hL3GzowaElVPUgaOYhOD54VESFzjBvJd0eNCsH6KEaN
 SroxaqWq20nDlUw92osQ7aMs5VAtwRIXACHpwQYXxqIYKeyyVnljXoh960LSy6wtVh
 7OXH9qoTxXONnN3WCLrh+hBKA3LSHbvQVSc5jTikh7/MU7Wiu9ENMLDSQ8PfRBs+fj
 Yj/BqrI21gyDrAST4tW/o7W8UOfNmeG2vAsHZXYSuthtaqUYOyCuYzNQQO1jBR66k4
 br563OaTGZYBF3J8Z3Xm1yVtBeRxgO0EOgJTezdMZi/JTJorQIu7p9S5x0gYajOrQP
 GfWWOClgM4A4w==
Received: by mail-oi1-f182.google.com with SMTP id l133so1623797oib.4
 for <linux-arm-kernel@lists.infradead.org>;
 Fri, 05 Mar 2021 00:13:38 -0800 (PST)
X-Gm-Message-State: AOAM5315eEOVfCLvbcUUgeoNgV6p3wRDqIoxMX7ZVmJ7nRD82h0u+0PA
 Yszv1UePaheelXLbmy8p7WlHo8wczLdzz7o8yJc=
X-Google-Smtp-Source: ABdhPJz8K0C7nFSnu2Bj4l0zYUorGTdHOCYknYMy96+pNro5ibeBNZaK2EcjkNF6zvsamM0ZAXvTinqJ1u0Wuq0rrf4=
X-Received: by 2002:aca:538c:: with SMTP id h134mr6081436oib.174.1614932018000; 
 Fri, 05 Mar 2021 00:13:38 -0800 (PST)
MIME-Version: 1.0
References: <20210304171145.12281-1-ardb@kernel.org>
 <20210304171145.12281-3-ardb@kernel.org>
 <20210304173903.GB60457@C02TD0UTHF1T.local>
In-Reply-To: <20210304173903.GB60457@C02TD0UTHF1T.local>
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 5 Mar 2021 09:13:26 +0100
X-Gmail-Original-Message-ID: <CAMj1kXHvpB0LodGreJu9x37V_Bo0BsTo9nKf3xkXjvhYMuUR2A@mail.gmail.com>
Message-ID: <CAMj1kXHvpB0LodGreJu9x37V_Bo0BsTo9nKf3xkXjvhYMuUR2A@mail.gmail.com>
Subject: Re: [PATCH 2/2] arm64: mm: use XN table mapping attributes for the
 linear region
To: Mark Rutland <mark.rutland@arm.com>
Cc: Linux ARM <linux-arm-kernel@lists.infradead.org>,
 Marc Zyngier <maz@kernel.org>, 
 Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, 
 Anshuman Khandual <anshuman.khandual@arm.com>,
 Quentin Perret <qperret@google.com>, 
 Android Kernel Team <kernel-team@android.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210305_081340_833209_6091CA8A 
X-CRM114-Status: GOOD (  31.20  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Thu, 4 Mar 2021 at 18:39, Mark Rutland <mark.rutland@arm.com> wrote:
>
> On Thu, Mar 04, 2021 at 06:11:45PM +0100, Ard Biesheuvel wrote:
> > The way the arm64 kernel virtual address space is constructed guarantees
> > that swapper PGD entries are never shared between the linear region on
> > the one hand, and the vmalloc region on the other, which is where all
> > kernel text, module text and BPF text mappings reside.
> >
> > This means that mappings in the linear region (which never require
> > executable permissions) never share any table entries at any level with
> > mappings that do require executable permissions, and so we can set the
> > table-level PXN/UXN attributes for all table entries that are created
> > while setting up mappings in the linear region. Since swapper's PGD
> > level page table is mapped r/o itself, this adds another layer of
> > robustness to the way the kernel manages its own page tables.
> >
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> >  arch/arm64/include/asm/pgtable-hwdef.h |  3 +++
> >  arch/arm64/mm/mmu.c                    | 27 +++++++++++++++-----
> >  2 files changed, 23 insertions(+), 7 deletions(-)
> >
> > diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
> > index e64e77a345b2..b6f50abd63d7 100644
> > --- a/arch/arm64/include/asm/pgtable-hwdef.h
> > +++ b/arch/arm64/include/asm/pgtable-hwdef.h
> > @@ -101,6 +101,7 @@
> >  #define P4D_TYPE_MASK                (_AT(p4dval_t, 3) << 0)
> >  #define P4D_TYPE_SECT                (_AT(p4dval_t, 1) << 0)
> >  #define P4D_SECT_RDONLY              (_AT(p4dval_t, 1) << 7)         /* AP[2] */
> > +#define P4D_TABLE_XN         (_AT(p4dval_t, 3) << 59)        /* UXN:PXN */
>
> I reckon it's worth having separate P?D_TABLE_UXN and P?D_TABLE_PXN
> definitions, so that it's easier/possible to:
>
> * Set UXNTable for *all* kernel mappings
>
> * Set PXNTable for *all* user mappings
>
> ... though we don't need to do either immediately.
>
> Otherwise, this looks good to me, and with or without that split:
>
> Acked-by: Mark Rutland <mark.rutland@arm.com>
>

Yeah, it's probably better to split them right away.

> >
> >  /*
> >   * Level 1 descriptor (PUD).
> > @@ -110,6 +111,7 @@
> >  #define PUD_TYPE_MASK                (_AT(pudval_t, 3) << 0)
> >  #define PUD_TYPE_SECT                (_AT(pudval_t, 1) << 0)
> >  #define PUD_SECT_RDONLY              (_AT(pudval_t, 1) << 7)         /* AP[2] */
> > +#define PUD_TABLE_XN         (_AT(pudval_t, 3) << 59)        /* UXN:PXN */
> >
> >  /*
> >   * Level 2 descriptor (PMD).
> > @@ -131,6 +133,7 @@
> >  #define PMD_SECT_CONT                (_AT(pmdval_t, 1) << 52)
> >  #define PMD_SECT_PXN         (_AT(pmdval_t, 1) << 53)
> >  #define PMD_SECT_UXN         (_AT(pmdval_t, 1) << 54)
> > +#define PMD_TABLE_XN         (_AT(pmdval_t, 3) << 59)        /* UXN:PXN */
> >
> >  /*
> >   * AttrIndx[2:0] encoding (mapping attributes defined in the MAIR* registers).
> > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> > index 029091474042..ff5cbca403be 100644
> > --- a/arch/arm64/mm/mmu.c
> > +++ b/arch/arm64/mm/mmu.c
> > @@ -39,6 +39,7 @@
> >
> >  #define NO_BLOCK_MAPPINGS    BIT(0)
> >  #define NO_CONT_MAPPINGS     BIT(1)
> > +#define NO_EXEC_MAPPINGS     BIT(2)
> >
> >  u64 idmap_t0sz = TCR_T0SZ(VA_BITS);
> >  u64 idmap_ptrs_per_pgd = PTRS_PER_PGD;
> > @@ -185,10 +186,14 @@ static void alloc_init_cont_pte(pmd_t *pmdp, unsigned long addr,
> >
> >       BUG_ON(pmd_sect(pmd));
> >       if (pmd_none(pmd)) {
> > +             pmdval_t pmdval = PMD_TYPE_TABLE;
> >               phys_addr_t pte_phys;
> > +
> > +             if (flags & NO_EXEC_MAPPINGS)
> > +                     pmdval |= PMD_TABLE_XN;
> >               BUG_ON(!pgtable_alloc);
> >               pte_phys = pgtable_alloc(PAGE_SHIFT);
> > -             __pmd_populate(pmdp, pte_phys, PMD_TYPE_TABLE);
> > +             __pmd_populate(pmdp, pte_phys, pmdval);
> >               pmd = READ_ONCE(*pmdp);
> >       }
> >       BUG_ON(pmd_bad(pmd));
> > @@ -259,10 +264,14 @@ static void alloc_init_cont_pmd(pud_t *pudp, unsigned long addr,
> >        */
> >       BUG_ON(pud_sect(pud));
> >       if (pud_none(pud)) {
> > +             pudval_t pudval = PUD_TYPE_TABLE;
> >               phys_addr_t pmd_phys;
> > +
> > +             if (flags & NO_EXEC_MAPPINGS)
> > +                     pudval |= PUD_TABLE_XN;
> >               BUG_ON(!pgtable_alloc);
> >               pmd_phys = pgtable_alloc(PMD_SHIFT);
> > -             __pud_populate(pudp, pmd_phys, PUD_TYPE_TABLE);
> > +             __pud_populate(pudp, pmd_phys, pudval);
> >               pud = READ_ONCE(*pudp);
> >       }
> >       BUG_ON(pud_bad(pud));
> > @@ -306,10 +315,14 @@ static void alloc_init_pud(pgd_t *pgdp, unsigned long addr, unsigned long end,
> >       p4d_t p4d = READ_ONCE(*p4dp);
> >
> >       if (p4d_none(p4d)) {
> > +             p4dval_t p4dval = P4D_TYPE_TABLE;
> >               phys_addr_t pud_phys;
> > +
> > +             if (flags & NO_EXEC_MAPPINGS)
> > +                     p4dval |= P4D_TABLE_XN;
> >               BUG_ON(!pgtable_alloc);
> >               pud_phys = pgtable_alloc(PUD_SHIFT);
> > -             __p4d_populate(p4dp, pud_phys, P4D_TYPE_TABLE);
> > +             __p4d_populate(p4dp, pud_phys, p4dval);
> >               p4d = READ_ONCE(*p4dp);
> >       }
> >       BUG_ON(p4d_bad(p4d));
> > @@ -489,11 +502,11 @@ static void __init map_mem(pgd_t *pgdp)
> >       phys_addr_t kernel_start = __pa_symbol(_stext);
> >       phys_addr_t kernel_end = __pa_symbol(__init_begin);
> >       phys_addr_t start, end;
> > -     int flags = 0;
> > +     int flags = NO_EXEC_MAPPINGS;
> >       u64 i;
> >
> >       if (rodata_full || crash_mem_map || debug_pagealloc_enabled())
> > -             flags = NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
> > +             flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
> >
> >       /*
> >        * Take care not to create a writable alias for the
> > @@ -1462,7 +1475,7 @@ struct range arch_get_mappable_range(void)
> >  int arch_add_memory(int nid, u64 start, u64 size,
> >                   struct mhp_params *params)
> >  {
> > -     int ret, flags = 0;
> > +     int ret, flags = NO_EXEC_MAPPINGS;
> >
> >       VM_BUG_ON(!mhp_range_allowed(start, size, true));
> >
> > @@ -1472,7 +1485,7 @@ int arch_add_memory(int nid, u64 start, u64 size,
> >        */
> >       if (rodata_full || debug_pagealloc_enabled() ||
> >           IS_ENABLED(CONFIG_KFENCE))
> > -             flags = NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
> > +             flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
> >
> >       __create_pgd_mapping(swapper_pg_dir, start, __phys_to_virt(start),
> >                            size, params->pgprot, __pgd_pgtable_alloc,
> > --
> > 2.20.1
> >

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel