From: Christoph Hellwig <hch@lst.de>
To: Andrew Morton <akpm@linux-foundation.org>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Stephen Hemminger <sthemmin@microsoft.com>,
Wei Liu <wei.liu@kernel.org>,
x86@kernel.org, David Airlie <airlied@linux.ie>,
Daniel Vetter <daniel@ffwll.ch>,
Laura Abbott <labbott@redhat.com>,
Sumit Semwal <sumit.semwal@linaro.org>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Minchan Kim <minchan@kernel.org>, Nitin Gupta <ngupta@vflare.org>
Cc: Robin Murphy <robin.murphy@arm.com>,
Christophe Leroy <christophe.leroy@c-s.fr>,
Peter Zijlstra <peterz@infradead.org>,
linuxppc-dev@lists.ozlabs.org, linux-hyperv@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org,
iommu@lists.linux-foundation.org,
linux-arm-kernel@lists.infradead.org, linux-s390@vger.kernel.org,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 18/28] mm: enforce that vmap can't map pages executable
Date: Wed, 8 Apr 2020 13:59:16 +0200 [thread overview]
Message-ID: <20200408115926.1467567-19-hch@lst.de> (raw)
In-Reply-To: <20200408115926.1467567-1-hch@lst.de>
To help enforcing the W^X protection don't allow remapping existing
pages as executable.
Based on patch from Peter Zijlstra <peterz@infradead.org>.
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
arch/x86/include/asm/pgtable_types.h | 6 ++++++
include/asm-generic/pgtable.h | 4 ++++
mm/vmalloc.c | 2 +-
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 947867f112ea..2e7c442cc618 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -282,6 +282,12 @@ typedef struct pgprot { pgprotval_t pgprot; } pgprot_t;
typedef struct { pgdval_t pgd; } pgd_t;
+static inline pgprot_t pgprot_nx(pgprot_t prot)
+{
+ return __pgprot(pgprot_val(prot) | _PAGE_NX);
+}
+#define pgprot_nx pgprot_nx
+
#ifdef CONFIG_X86_PAE
/*
diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
index 329b8c8ca703..8c5f9c29698b 100644
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
@@ -491,6 +491,10 @@ static inline int arch_unmap_one(struct mm_struct *mm,
#define flush_tlb_fix_spurious_fault(vma, address) flush_tlb_page(vma, address)
#endif
+#ifndef pgprot_nx
+#define pgprot_nx(prot) (prot)
+#endif
+
#ifndef pgprot_noncached
#define pgprot_noncached(prot) (prot)
#endif
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 7356b3f07bd8..334c75251ddb 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2390,7 +2390,7 @@ void *vmap(struct page **pages, unsigned int count,
if (!area)
return NULL;
- if (map_kernel_range((unsigned long)area->addr, size, prot,
+ if (map_kernel_range((unsigned long)area->addr, size, pgprot_nx(prot),
pages) < 0) {
vunmap(area->addr);
return NULL;
--
2.25.1
next prev parent reply other threads:[~2020-04-08 12:01 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 11:58 decruft the vmalloc API Christoph Hellwig
2020-04-08 11:58 ` [PATCH 01/28] x86/hyperv: use vmalloc_exec for the hypercall page Christoph Hellwig
2020-04-09 15:52 ` Wei Liu
2020-04-10 20:40 ` Michael Kelley
2020-04-08 11:59 ` [PATCH 02/28] staging: android: ion: use vmap instead of vm_map_ram Christoph Hellwig
2020-04-08 13:27 ` Greg KH
2020-04-08 11:59 ` [PATCH 03/28] staging: media: ipu3: use vmap insted of reimplementing it Christoph Hellwig
2020-04-08 11:59 ` [PATCH 04/28] dma-mapping: " Christoph Hellwig
2020-04-08 11:59 ` [PATCH 05/28] powerpc: add an ioremap_phb helper Christoph Hellwig
2020-04-08 11:59 ` [PATCH 06/28] powerpc: remove __ioremap_at and __iounmap_at Christoph Hellwig
2020-04-08 11:59 ` [PATCH 07/28] mm: remove __get_vm_area Christoph Hellwig
2020-04-08 11:59 ` [PATCH 08/28] mm: unexport unmap_kernel_range_noflush Christoph Hellwig
2020-04-08 11:59 ` [PATCH 09/28] mm: rename CONFIG_PGTABLE_MAPPING to CONFIG_ZSMALLOC_PGTABLE_MAPPING Christoph Hellwig
2020-04-08 15:00 ` Randy Dunlap
2020-04-09 15:59 ` Minchan Kim
2020-04-08 11:59 ` [PATCH 10/28] mm: only allow page table mappings for built-in zsmalloc Christoph Hellwig
2020-04-08 15:01 ` Randy Dunlap
2020-04-08 15:12 ` Peter Zijlstra
2020-04-08 15:15 ` Matthew Wilcox
2020-04-08 15:36 ` Christoph Hellwig
2020-04-08 15:37 ` Randy Dunlap
2020-04-08 15:36 ` Randy Dunlap
2020-04-09 16:08 ` Minchan Kim
2020-04-09 16:50 ` Peter Zijlstra
2020-04-09 17:08 ` Minchan Kim
2020-04-10 2:38 ` Sergey Senozhatsky
2020-04-10 23:11 ` Minchan Kim
2020-04-11 7:20 ` Christoph Hellwig
2020-04-16 20:37 ` Minchan Kim
2020-04-08 11:59 ` [PATCH 11/28] mm: pass addr as unsigned long to vb_free Christoph Hellwig
2020-04-08 11:59 ` [PATCH 12/28] mm: remove vmap_page_range_noflush and vunmap_page_range Christoph Hellwig
2020-04-08 11:59 ` [PATCH 13/28] mm: rename vmap_page_range to map_kernel_range Christoph Hellwig
2020-04-08 11:59 ` [PATCH 14/28] mm: don't return the number of pages from map_kernel_range{,_noflush} Christoph Hellwig
2020-04-08 11:59 ` [PATCH 15/28] mm: remove map_vm_range Christoph Hellwig
2020-04-08 11:59 ` [PATCH 16/28] mm: remove unmap_vmap_area Christoph Hellwig
2020-04-08 11:59 ` [PATCH 17/28] mm: remove the prot argument from vm_map_ram Christoph Hellwig
2020-04-08 12:21 ` Peter Zijlstra
2020-04-08 12:23 ` Christoph Hellwig
2020-04-09 0:39 ` Gao Xiang
2020-04-08 11:59 ` Christoph Hellwig [this message]
2020-04-08 12:38 ` [PATCH 18/28] mm: enforce that vmap can't map pages executable Mark Rutland
2020-04-08 15:32 ` Christoph Hellwig
2020-04-08 11:59 ` [PATCH 19/28] gpu/drm: remove the powerpc hack in drm_legacy_sg_alloc Christoph Hellwig
2020-04-08 12:25 ` Daniel Vetter
2020-04-09 8:54 ` Benjamin Herrenschmidt
2020-04-09 9:41 ` Daniel Vetter
2020-04-09 14:19 ` Alex Deucher
2020-04-09 14:57 ` Daniel Vetter
2020-04-09 22:56 ` Benjamin Herrenschmidt
2020-04-10 8:11 ` Daniel Vetter
2020-04-09 11:46 ` Gerhard Pircher
2020-04-08 11:59 ` [PATCH 20/28] mm: remove the pgprot argument to __vmalloc Christoph Hellwig
2020-04-10 20:39 ` Michael Kelley
2020-04-08 11:59 ` [PATCH 21/28] mm: remove the prot argument to __vmalloc_node Christoph Hellwig
2020-04-08 11:59 ` [PATCH 22/28] mm: remove both instances of __vmalloc_node_flags Christoph Hellwig
2020-04-08 11:59 ` [PATCH 23/28] mm: remove __vmalloc_node_flags_caller Christoph Hellwig
2020-04-08 11:59 ` [PATCH 24/28] mm: switch the test_vmalloc module to use __vmalloc_node Christoph Hellwig
2020-04-08 11:59 ` [PATCH 25/28] mm: remove vmalloc_user_node_flags Christoph Hellwig
2020-04-09 22:25 ` Andrii Nakryiko
2020-04-13 20:03 ` Johannes Weiner
2020-04-08 11:59 ` [PATCH 26/28] arm64: use __vmalloc_node in arch_alloc_vmap_stack Christoph Hellwig
2020-04-08 12:18 ` Mark Rutland
2020-04-08 11:59 ` [PATCH 27/28] s390: use __vmalloc_node in alloc_vm_stack Christoph Hellwig
2020-04-08 13:33 ` Christian Borntraeger
2020-04-08 11:59 ` [PATCH 28/28] s390: use __vmalloc_node in stack_alloc Christoph Hellwig
2020-04-08 13:44 ` Christian Borntraeger
2020-04-08 12:25 ` decruft the vmalloc API Peter Zijlstra
2020-04-08 12:48 ` [PATCH 02/28] staging: android: ion: use vmap instead of vm_map_ram Hillf Danton
2020-04-08 15:40 ` Christoph Hellwig
2020-04-08 13:17 ` [PATCH 04/28] dma-mapping: use vmap insted of reimplementing it Hillf Danton
2020-04-08 15:42 ` Christoph Hellwig
2020-04-08 13:52 ` [PATCH 17/28] mm: remove the prot argument from vm_map_ram Hillf Danton
2020-04-08 15:43 ` Christoph Hellwig
2020-04-08 16:03 ` decruft the vmalloc API Russell King - ARM Linux admin
2020-04-08 16:07 ` Christoph Hellwig
2020-04-09 4:06 ` [PATCH 25/28] mm: remove vmalloc_user_node_flags Hillf Danton
2020-04-09 6:09 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200408115926.1467567-19-hch@lst.de \
--to=hch@lst.de \
--cc=airlied@linux.ie \
--cc=akpm@linux-foundation.org \
--cc=bpf@vger.kernel.org \
--cc=christophe.leroy@c-s.fr \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=haiyangz@microsoft.com \
--cc=iommu@lists.linux-foundation.org \
--cc=kys@microsoft.com \
--cc=labbott@redhat.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=minchan@kernel.org \
--cc=ngupta@vflare.org \
--cc=peterz@infradead.org \
--cc=robin.murphy@arm.com \
--cc=sakari.ailus@linux.intel.com \
--cc=sthemmin@microsoft.com \
--cc=sumit.semwal@linaro.org \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).