From: Christophe Leroy <christophe.leroy@csgroup.eu> To: Benjamin Herrenschmidt <benh@kernel.crashing.org>, Paul Mackerras <paulus@samba.org>, Michael Ellerman <mpe@ellerman.id.au> Cc: Christophe Leroy <christophe.leroy@csgroup.eu>, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, Guenter Roeck <linux@roeck-us.net> Subject: [PATCH] powerpc/fsl_book3e: Don't set rodata RO too early Date: Thu, 19 May 2022 19:24:15 +0200 [thread overview] Message-ID: <2e35f0fd649c83c5add17a99514ac040767be93a.1652981047.git.christophe.leroy@csgroup.eu> (raw) On fsl_book3e, rodata is set read-only at the same time as init text is set NX at the end of init. That's too early. As both action are performed at the same time, delay both actions to the time rodata is expected to be made read-only. It means we will have a small window with init mem freed but still executable. It shouldn't be an issue though, especially because the said memory gets poisoned and should therefore result to a bad instruction fault in case it gets executer. mmu_mark_initmem_nx() is bailing out before doing anything when CONFIG_STRICT_KERNEL_RWX is not selected or rodata_enabled is false. mmu_mark_rodata_ro() is called only when CONFIG_STRICT_KERNEL_RWX is selected and rodata_enabled is true so this is equivalent. Move code from mmu_mark_initmem_nx() into mmu_mark_rodata_ro() and remove the call to strict_kernel_rwx_enabled() which is not needed anymore. Reported-by: Guenter Roeck <linux@roeck-us.net> Fixes: d5970045cf9e ("powerpc/fsl_booke: Update of TLBCAMs after init") Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> --- arch/powerpc/mm/nohash/fsl_book3e.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/arch/powerpc/mm/nohash/fsl_book3e.c b/arch/powerpc/mm/nohash/fsl_book3e.c index 08a984e29433..036e6a0e0137 100644 --- a/arch/powerpc/mm/nohash/fsl_book3e.c +++ b/arch/powerpc/mm/nohash/fsl_book3e.c @@ -285,22 +285,19 @@ void __init adjust_total_lowmem(void) #ifdef CONFIG_STRICT_KERNEL_RWX void mmu_mark_rodata_ro(void) -{ - /* Everything is done in mmu_mark_initmem_nx() */ -} -#endif - -void mmu_mark_initmem_nx(void) { unsigned long remapped; - if (!strict_kernel_rwx_enabled()) - return; - remapped = map_mem_in_cams(__max_low_memory, CONFIG_LOWMEM_CAM_NUM, false, false); WARN_ON(__max_low_memory != remapped); } +#endif + +void mmu_mark_initmem_nx(void) +{ + /* Everything is done in mmu_mark_rodata_ro() */ +} void setup_initial_memory_limit(phys_addr_t first_memblock_base, phys_addr_t first_memblock_size) -- 2.35.3
WARNING: multiple messages have this Message-ID (diff)
From: Christophe Leroy <christophe.leroy@csgroup.eu> To: Benjamin Herrenschmidt <benh@kernel.crashing.org>, Paul Mackerras <paulus@samba.org>, Michael Ellerman <mpe@ellerman.id.au> Cc: Guenter Roeck <linux@roeck-us.net>, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Subject: [PATCH] powerpc/fsl_book3e: Don't set rodata RO too early Date: Thu, 19 May 2022 19:24:15 +0200 [thread overview] Message-ID: <2e35f0fd649c83c5add17a99514ac040767be93a.1652981047.git.christophe.leroy@csgroup.eu> (raw) On fsl_book3e, rodata is set read-only at the same time as init text is set NX at the end of init. That's too early. As both action are performed at the same time, delay both actions to the time rodata is expected to be made read-only. It means we will have a small window with init mem freed but still executable. It shouldn't be an issue though, especially because the said memory gets poisoned and should therefore result to a bad instruction fault in case it gets executer. mmu_mark_initmem_nx() is bailing out before doing anything when CONFIG_STRICT_KERNEL_RWX is not selected or rodata_enabled is false. mmu_mark_rodata_ro() is called only when CONFIG_STRICT_KERNEL_RWX is selected and rodata_enabled is true so this is equivalent. Move code from mmu_mark_initmem_nx() into mmu_mark_rodata_ro() and remove the call to strict_kernel_rwx_enabled() which is not needed anymore. Reported-by: Guenter Roeck <linux@roeck-us.net> Fixes: d5970045cf9e ("powerpc/fsl_booke: Update of TLBCAMs after init") Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> --- arch/powerpc/mm/nohash/fsl_book3e.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/arch/powerpc/mm/nohash/fsl_book3e.c b/arch/powerpc/mm/nohash/fsl_book3e.c index 08a984e29433..036e6a0e0137 100644 --- a/arch/powerpc/mm/nohash/fsl_book3e.c +++ b/arch/powerpc/mm/nohash/fsl_book3e.c @@ -285,22 +285,19 @@ void __init adjust_total_lowmem(void) #ifdef CONFIG_STRICT_KERNEL_RWX void mmu_mark_rodata_ro(void) -{ - /* Everything is done in mmu_mark_initmem_nx() */ -} -#endif - -void mmu_mark_initmem_nx(void) { unsigned long remapped; - if (!strict_kernel_rwx_enabled()) - return; - remapped = map_mem_in_cams(__max_low_memory, CONFIG_LOWMEM_CAM_NUM, false, false); WARN_ON(__max_low_memory != remapped); } +#endif + +void mmu_mark_initmem_nx(void) +{ + /* Everything is done in mmu_mark_rodata_ro() */ +} void setup_initial_memory_limit(phys_addr_t first_memblock_base, phys_addr_t first_memblock_size) -- 2.35.3
next reply other threads:[~2022-05-19 17:24 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-05-19 17:24 Christophe Leroy [this message] 2022-05-19 17:24 ` [PATCH] powerpc/fsl_book3e: Don't set rodata RO too early Christophe Leroy 2022-05-24 11:09 ` Michael Ellerman 2022-05-24 11:09 ` Michael Ellerman 2022-05-19 18:29 Guenter Roeck 2022-05-19 18:29 ` Guenter Roeck
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=2e35f0fd649c83c5add17a99514ac040767be93a.1652981047.git.christophe.leroy@csgroup.eu \ --to=christophe.leroy@csgroup.eu \ --cc=benh@kernel.crashing.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux@roeck-us.net \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=mpe@ellerman.id.au \ --cc=paulus@samba.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.