* [PATCH 1/4] mm: add DEBUG_WX support
2020-04-21 8:17 [PATCH 0/4] Extract DEBUG_WX to shared use Zong Li
@ 2020-04-21 8:17 ` Zong Li
2020-04-27 7:49 ` Will Deacon
2020-04-21 8:17 ` [PATCH 2/4] riscv: support DEBUG_WX Zong Li
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: Zong Li @ 2020-04-21 8:17 UTC (permalink / raw)
To: akpm, linux-mm, linux-kernel, paul.walmsley, palmer, linux-riscv,
tglx, mingo, bp, x86, hpa, catalin.marinas, will,
linux-arm-kernel
Cc: Zong Li
Some architectures support DEBUG_WX function, it's verbatim from each
others. Extract to mm/Kconfig.debug for shared use.
Signed-off-by: Zong Li <zong.li@sifive.com>
Suggested-by: Palmer Dabbelt <palmer@dabbelt.com>
---
mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug
index 0271b22e063f..077458ad968d 100644
--- a/mm/Kconfig.debug
+++ b/mm/Kconfig.debug
@@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST
---help---
This option enables a testcase for the setting rodata read-only.
+config ARCH_HAS_DEBUG_WX
+ bool
+
+config DEBUG_WX
+ bool "Warn on W+X mappings at boot"
+ depends on ARCH_HAS_DEBUG_WX
+ select PTDUMP_CORE
+ help
+ Generate a warning if any W+X mappings are found at boot.
+
+ This is useful for discovering cases where the kernel is leaving
+ W+X mappings after applying NX, as such mappings are a security risk.
+ This check also includes UXN, which should be set on all kernel
+ mappings.
+
+ Look for a message in dmesg output like this:
+
+ <arch>/mm: Checked W+X mappings: passed, no W+X pages found.
+
+ or like this, if the check failed:
+
+ <arch>/mm: Checked W+X mappings: failed, <N> W+X pages found.
+
+ Note that even if the check fails, your kernel is possibly
+ still fine, as W+X mappings are not a security hole in
+ themselves, what they do is that they make the exploitation
+ of other unfixed kernel bugs easier.
+
+ There is no runtime or memory usage effect of this option
+ once the kernel has booted up - it's a one time check.
+
+ If in doubt, say "Y".
+
config GENERIC_PTDUMP
bool
--
2.26.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/4] mm: add DEBUG_WX support
2020-04-21 8:17 ` [PATCH 1/4] mm: add DEBUG_WX support Zong Li
@ 2020-04-27 7:49 ` Will Deacon
2020-04-27 8:47 ` Zong Li
0 siblings, 1 reply; 10+ messages in thread
From: Will Deacon @ 2020-04-27 7:49 UTC (permalink / raw)
To: Zong Li
Cc: akpm, linux-mm, linux-kernel, paul.walmsley, palmer, linux-riscv,
tglx, mingo, bp, x86, hpa, catalin.marinas, linux-arm-kernel
On Tue, Apr 21, 2020 at 04:17:12PM +0800, Zong Li wrote:
> Some architectures support DEBUG_WX function, it's verbatim from each
> others. Extract to mm/Kconfig.debug for shared use.
>
> Signed-off-by: Zong Li <zong.li@sifive.com>
> Suggested-by: Palmer Dabbelt <palmer@dabbelt.com>
> ---
> mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++
> 1 file changed, 33 insertions(+)
>
> diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug
> index 0271b22e063f..077458ad968d 100644
> --- a/mm/Kconfig.debug
> +++ b/mm/Kconfig.debug
> @@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST
> ---help---
> This option enables a testcase for the setting rodata read-only.
>
> +config ARCH_HAS_DEBUG_WX
> + bool
> +
> +config DEBUG_WX
> + bool "Warn on W+X mappings at boot"
> + depends on ARCH_HAS_DEBUG_WX
> + select PTDUMP_CORE
> + help
> + Generate a warning if any W+X mappings are found at boot.
> +
> + This is useful for discovering cases where the kernel is leaving
> + W+X mappings after applying NX, as such mappings are a security risk.
> + This check also includes UXN, which should be set on all kernel
> + mappings.
"UXN" is the name of a bit in the arm64 page-table descriptors, so this
should be reworded now that it's in generic help text.
Will
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/4] mm: add DEBUG_WX support
2020-04-27 7:49 ` Will Deacon
@ 2020-04-27 8:47 ` Zong Li
2020-04-27 19:42 ` Andrew Morton
0 siblings, 1 reply; 10+ messages in thread
From: Zong Li @ 2020-04-27 8:47 UTC (permalink / raw)
To: Will Deacon
Cc: akpm, linux-mm, linux-kernel@vger.kernel.org List, Paul Walmsley,
Palmer Dabbelt, linux-riscv, tglx, mingo, bp, x86, hpa,
catalin.marinas, linux-arm-kernel
On Mon, Apr 27, 2020 at 3:49 PM Will Deacon <will@kernel.org> wrote:
>
> On Tue, Apr 21, 2020 at 04:17:12PM +0800, Zong Li wrote:
> > Some architectures support DEBUG_WX function, it's verbatim from each
> > others. Extract to mm/Kconfig.debug for shared use.
> >
> > Signed-off-by: Zong Li <zong.li@sifive.com>
> > Suggested-by: Palmer Dabbelt <palmer@dabbelt.com>
> > ---
> > mm/Kconfig.debug | 33 +++++++++++++++++++++++++++++++++
> > 1 file changed, 33 insertions(+)
> >
> > diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug
> > index 0271b22e063f..077458ad968d 100644
> > --- a/mm/Kconfig.debug
> > +++ b/mm/Kconfig.debug
> > @@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST
> > ---help---
> > This option enables a testcase for the setting rodata read-only.
> >
> > +config ARCH_HAS_DEBUG_WX
> > + bool
> > +
> > +config DEBUG_WX
> > + bool "Warn on W+X mappings at boot"
> > + depends on ARCH_HAS_DEBUG_WX
> > + select PTDUMP_CORE
> > + help
> > + Generate a warning if any W+X mappings are found at boot.
> > +
> > + This is useful for discovering cases where the kernel is leaving
> > + W+X mappings after applying NX, as such mappings are a security risk.
> > + This check also includes UXN, which should be set on all kernel
> > + mappings.
>
> "UXN" is the name of a bit in the arm64 page-table descriptors, so this
> should be reworded now that it's in generic help text.
>
It's exactly. Sorry for missing the statement.
Hi Andrew,
Shall I send a next version patch to fix it? It should be "This is
useful for discovering cases where the kernel is leaving W+X mappings
after applying NX, as such mappings are a security risk." here.
> Will
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/4] mm: add DEBUG_WX support
2020-04-27 8:47 ` Zong Li
@ 2020-04-27 19:42 ` Andrew Morton
0 siblings, 0 replies; 10+ messages in thread
From: Andrew Morton @ 2020-04-27 19:42 UTC (permalink / raw)
To: Zong Li
Cc: Will Deacon, linux-mm, linux-kernel@vger.kernel.org List,
Paul Walmsley, Palmer Dabbelt, linux-riscv, tglx, mingo, bp, x86,
hpa, catalin.marinas, linux-arm-kernel
On Mon, 27 Apr 2020 16:47:47 +0800 Zong Li <zong.li@sifive.com> wrote:
> > > + This is useful for discovering cases where the kernel is leaving
> > > + W+X mappings after applying NX, as such mappings are a security risk.
> > > + This check also includes UXN, which should be set on all kernel
> > > + mappings.
> >
> > "UXN" is the name of a bit in the arm64 page-table descriptors, so this
> > should be reworded now that it's in generic help text.
> >
>
> It's exactly. Sorry for missing the statement.
>
> Hi Andrew,
> Shall I send a next version patch to fix it? It should be "This is
> useful for discovering cases where the kernel is leaving W+X mappings
> after applying NX, as such mappings are a security risk." here.
I'll add this:
--- a/mm/Kconfig.debug~mm-add-debug_wx-support-fix
+++ a/mm/Kconfig.debug
@@ -128,8 +128,8 @@ config DEBUG_WX
help
Generate a warning if any W+X mappings are found at boot.
- This is useful for discovering cases where the kernel is leaving
- W+X mappings after applying NX, as such mappings are a security risk.
+ This is useful for discovering cases where the kernel is leaving W+X
+ mappings after applying NX, as such mappings are a security risk.
This check also includes UXN, which should be set on all kernel
mappings.
_
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/4] riscv: support DEBUG_WX
2020-04-21 8:17 [PATCH 0/4] Extract DEBUG_WX to shared use Zong Li
2020-04-21 8:17 ` [PATCH 1/4] mm: add DEBUG_WX support Zong Li
@ 2020-04-21 8:17 ` Zong Li
2020-04-26 1:05 ` Andrew Morton
2020-04-21 8:17 ` [PATCH 3/4] x86: mm: use ARCH_HAS_DEBUG_WX instead of arch defined Zong Li
2020-04-21 8:17 ` [PATCH 4/4] arm64: " Zong Li
3 siblings, 1 reply; 10+ messages in thread
From: Zong Li @ 2020-04-21 8:17 UTC (permalink / raw)
To: akpm, linux-mm, linux-kernel, paul.walmsley, palmer, linux-riscv,
tglx, mingo, bp, x86, hpa, catalin.marinas, will,
linux-arm-kernel
Cc: Zong Li
Support DEBUG_WX to check whether there are mapping with write and
execute permission at the same time.
Signed-off-by: Zong Li <zong.li@sifive.com>
---
arch/riscv/Kconfig | 1 +
arch/riscv/include/asm/ptdump.h | 6 ++++++
arch/riscv/mm/init.c | 3 +++
3 files changed, 10 insertions(+)
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index 62f7bfeb709e..612bf0a258d0 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -68,6 +68,7 @@ config RISCV
select ARCH_HAS_GCOV_PROFILE_ALL
select HAVE_COPY_THREAD_TLS
select HAVE_ARCH_KASAN if MMU && 64BIT
+ select ARCH_HAS_DEBUG_WX
config ARCH_MMAP_RND_BITS_MIN
default 18 if 64BIT
diff --git a/arch/riscv/include/asm/ptdump.h b/arch/riscv/include/asm/ptdump.h
index e29af7191909..eb2a1cc5f22c 100644
--- a/arch/riscv/include/asm/ptdump.h
+++ b/arch/riscv/include/asm/ptdump.h
@@ -8,4 +8,10 @@
void ptdump_check_wx(void);
+#ifdef CONFIG_DEBUG_WX
+#define debug_checkwx() ptdump_check_wx()
+#else
+#define debug_checkwx() do { } while (0)
+#endif
+
#endif /* _ASM_RISCV_PTDUMP_H */
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
index b55be44ff9bd..86606e4d1860 100644
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -19,6 +19,7 @@
#include <asm/sections.h>
#include <asm/pgtable.h>
#include <asm/io.h>
+#include <asm/ptdump.h>
#include "../kernel/head.h"
@@ -529,6 +530,8 @@ void mark_rodata_ro(void)
set_memory_ro(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
set_memory_nx(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
set_memory_nx(data_start, (max_low - data_start) >> PAGE_SHIFT);
+
+ debug_checkwx();
}
#endif
--
2.26.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 2/4] riscv: support DEBUG_WX
2020-04-21 8:17 ` [PATCH 2/4] riscv: support DEBUG_WX Zong Li
@ 2020-04-26 1:05 ` Andrew Morton
0 siblings, 0 replies; 10+ messages in thread
From: Andrew Morton @ 2020-04-26 1:05 UTC (permalink / raw)
To: Zong Li
Cc: linux-mm, linux-kernel, paul.walmsley, palmer, linux-riscv, tglx,
mingo, bp, x86, hpa, catalin.marinas, will, linux-arm-kernel
On Tue, 21 Apr 2020 16:17:13 +0800 Zong Li <zong.li@sifive.com> wrote:
> Support DEBUG_WX to check whether there are mapping with write and
> execute permission at the same time.
>
> --- a/arch/riscv/include/asm/ptdump.h
> +++ b/arch/riscv/include/asm/ptdump.h
> @@ -8,4 +8,10 @@
>
> void ptdump_check_wx(void);
>
> +#ifdef CONFIG_DEBUG_WX
> +#define debug_checkwx() ptdump_check_wx()
> +#else
> +#define debug_checkwx() do { } while (0)
> +#endif
> +
> #endif /* _ASM_RISCV_PTDUMP_H */
It's preferred to implement things in regular C, unless they MUST be
implemented in the preprocessor. So...
--- a/arch/riscv/include/asm/ptdump.h~riscv-support-debug_wx-fix
+++ a/arch/riscv/include/asm/ptdump.h
@@ -9,9 +9,14 @@
void ptdump_check_wx(void);
#ifdef CONFIG_DEBUG_WX
-#define debug_checkwx() ptdump_check_wx()
+static inline void debug_checkwx(void)
+{
+ ptdump_check_wx();
+}
#else
-#define debug_checkwx() do { } while (0)
+static inline void debug_checkwx(void)
+{
+}
#endif
#endif /* _ASM_RISCV_PTDUMP_H */
_
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 3/4] x86: mm: use ARCH_HAS_DEBUG_WX instead of arch defined
2020-04-21 8:17 [PATCH 0/4] Extract DEBUG_WX to shared use Zong Li
2020-04-21 8:17 ` [PATCH 1/4] mm: add DEBUG_WX support Zong Li
2020-04-21 8:17 ` [PATCH 2/4] riscv: support DEBUG_WX Zong Li
@ 2020-04-21 8:17 ` Zong Li
2020-04-21 8:17 ` [PATCH 4/4] arm64: " Zong Li
3 siblings, 0 replies; 10+ messages in thread
From: Zong Li @ 2020-04-21 8:17 UTC (permalink / raw)
To: akpm, linux-mm, linux-kernel, paul.walmsley, palmer, linux-riscv,
tglx, mingo, bp, x86, hpa, catalin.marinas, will,
linux-arm-kernel
Cc: Zong Li
Extract DEBUG_WX to mm/Kconfig.debug for shared use. Change to use
ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port.
Signed-off-by: Zong Li <zong.li@sifive.com>
---
arch/x86/Kconfig | 1 +
arch/x86/Kconfig.debug | 27 ---------------------------
2 files changed, 1 insertion(+), 27 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 1d6104ea8af0..310a49ee3c25 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -80,6 +80,7 @@ config X86
select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
select ARCH_HAS_SYSCALL_WRAPPER
select ARCH_HAS_UBSAN_SANITIZE_ALL
+ select ARCH_HAS_DEBUG_WX
select ARCH_HAVE_NMI_SAFE_CMPXCHG
select ARCH_MIGHT_HAVE_ACPI_PDC if ACPI
select ARCH_MIGHT_HAVE_PC_PARPORT
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 2e74690b028a..de1846ed41b3 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -72,33 +72,6 @@ config EFI_PGT_DUMP
issues with the mapping of the EFI runtime regions into that
table.
-config DEBUG_WX
- bool "Warn on W+X mappings at boot"
- select PTDUMP_CORE
- ---help---
- Generate a warning if any W+X mappings are found at boot.
-
- This is useful for discovering cases where the kernel is leaving
- W+X mappings after applying NX, as such mappings are a security risk.
-
- Look for a message in dmesg output like this:
-
- x86/mm: Checked W+X mappings: passed, no W+X pages found.
-
- or like this, if the check failed:
-
- x86/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
-
- Note that even if the check fails, your kernel is possibly
- still fine, as W+X mappings are not a security hole in
- themselves, what they do is that they make the exploitation
- of other unfixed kernel bugs easier.
-
- There is no runtime or memory usage effect of this option
- once the kernel has booted up - it's a one time check.
-
- If in doubt, say "Y".
-
config DOUBLEFAULT
default y
bool "Enable doublefault exception handler" if EXPERT && X86_32
--
2.26.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 4/4] arm64: mm: use ARCH_HAS_DEBUG_WX instead of arch defined
2020-04-21 8:17 [PATCH 0/4] Extract DEBUG_WX to shared use Zong Li
` (2 preceding siblings ...)
2020-04-21 8:17 ` [PATCH 3/4] x86: mm: use ARCH_HAS_DEBUG_WX instead of arch defined Zong Li
@ 2020-04-21 8:17 ` Zong Li
2020-04-27 7:49 ` Will Deacon
3 siblings, 1 reply; 10+ messages in thread
From: Zong Li @ 2020-04-21 8:17 UTC (permalink / raw)
To: akpm, linux-mm, linux-kernel, paul.walmsley, palmer, linux-riscv,
tglx, mingo, bp, x86, hpa, catalin.marinas, will,
linux-arm-kernel
Cc: Zong Li
Extract DEBUG_WX to mm/Kconfig.debug for shared use. Change to use
ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port.
Signed-off-by: Zong Li <zong.li@sifive.com>
---
arch/arm64/Kconfig | 1 +
arch/arm64/Kconfig.debug | 29 -----------------------------
2 files changed, 1 insertion(+), 29 deletions(-)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 40fb05d96c60..a16e2ce80854 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -9,6 +9,7 @@ config ARM64
select ACPI_MCFG if (ACPI && PCI)
select ACPI_SPCR_TABLE if ACPI
select ACPI_PPTT if ACPI
+ select ARCH_HAS_DEBUG_WX
select ARCH_HAS_DEBUG_VIRTUAL
select ARCH_HAS_DEVMEM_IS_ALLOWED
select ARCH_HAS_DMA_PREP_COHERENT
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
index a1efa246c9ed..cdf7ec0b975e 100644
--- a/arch/arm64/Kconfig.debug
+++ b/arch/arm64/Kconfig.debug
@@ -23,35 +23,6 @@ config ARM64_RANDOMIZE_TEXT_OFFSET
of TEXT_OFFSET and platforms must not require a specific
value.
-config DEBUG_WX
- bool "Warn on W+X mappings at boot"
- select PTDUMP_CORE
- ---help---
- Generate a warning if any W+X mappings are found at boot.
-
- This is useful for discovering cases where the kernel is leaving
- W+X mappings after applying NX, as such mappings are a security risk.
- This check also includes UXN, which should be set on all kernel
- mappings.
-
- Look for a message in dmesg output like this:
-
- arm64/mm: Checked W+X mappings: passed, no W+X pages found.
-
- or like this, if the check failed:
-
- arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
-
- Note that even if the check fails, your kernel is possibly
- still fine, as W+X mappings are not a security hole in
- themselves, what they do is that they make the exploitation
- of other unfixed kernel bugs easier.
-
- There is no runtime or memory usage effect of this option
- once the kernel has booted up - it's a one time check.
-
- If in doubt, say "Y".
-
config DEBUG_EFI
depends on EFI && DEBUG_INFO
bool "UEFI debugging"
--
2.26.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 4/4] arm64: mm: use ARCH_HAS_DEBUG_WX instead of arch defined
2020-04-21 8:17 ` [PATCH 4/4] arm64: " Zong Li
@ 2020-04-27 7:49 ` Will Deacon
0 siblings, 0 replies; 10+ messages in thread
From: Will Deacon @ 2020-04-27 7:49 UTC (permalink / raw)
To: Zong Li
Cc: akpm, linux-mm, linux-kernel, paul.walmsley, palmer, linux-riscv,
tglx, mingo, bp, x86, hpa, catalin.marinas, linux-arm-kernel
On Tue, Apr 21, 2020 at 04:17:15PM +0800, Zong Li wrote:
> Extract DEBUG_WX to mm/Kconfig.debug for shared use. Change to use
> ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port.
>
> Signed-off-by: Zong Li <zong.li@sifive.com>
> ---
> arch/arm64/Kconfig | 1 +
> arch/arm64/Kconfig.debug | 29 -----------------------------
> 2 files changed, 1 insertion(+), 29 deletions(-)
Acked-by: Will Deacon <will@kernel.org>
Will
^ permalink raw reply [flat|nested] 10+ messages in thread