| Message ID | 20230413110513.243326-12-joey.gouly@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Permission Indirection Extension | expand |
On Thu, Apr 13, 2023 at 12:05:05PM +0100, Joey Gouly wrote: > With PIE enabled, the swapper PTEs would have a Permission Indirection Index > (PIIndex) of 0. A PIIndex of 0 is not currently used by any other PTEs. > > To avoid using index 0 specifically for the swapper PTEs, mark them as > PTE_UXN and PTE_WRITE, so that they map to a PAGE_KERNEL_EXEC equivalent. > > Signed-off-by: Joey Gouly <joey.gouly@arm.com> > Cc: Catalin Marinas <catalin.marinas@arm.com> > Cc: Will Deacon <will@kernel.org> > Cc: Mark Rutland <mark.rutland@arm.com> > --- > arch/arm64/include/asm/kernel-pgtable.h | 4 ++-- > arch/arm64/kernel/head.S | 8 ++++---- > arch/arm64/mm/proc.S | 2 +- > 3 files changed, 7 insertions(+), 7 deletions(-) > > diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h > index fcd14197756f..daf1909116f6 100644 > --- a/arch/arm64/include/asm/kernel-pgtable.h > +++ b/arch/arm64/include/asm/kernel-pgtable.h > @@ -104,8 +104,8 @@ > /* > * Initial memory map attributes. > */ > -#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) > -#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) > +#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_UXN | PTE_WRITE) > +#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PTE_UXN | PTE_WRITE) I mentioned on the previous version, I think it's better not to add the PTE_WRITE here but in the users of these macros where writeable is required (e.g. SWAPPER_RX_MMUFLAGS doesn't need PTE_WRITE as it has PTE_RDONLY).
Hi, On Thu, Apr 13, 2023 at 05:35:15PM +0100, Catalin Marinas wrote: > On Thu, Apr 13, 2023 at 12:05:05PM +0100, Joey Gouly wrote: > > With PIE enabled, the swapper PTEs would have a Permission Indirection Index > > (PIIndex) of 0. A PIIndex of 0 is not currently used by any other PTEs. > > > > To avoid using index 0 specifically for the swapper PTEs, mark them as > > PTE_UXN and PTE_WRITE, so that they map to a PAGE_KERNEL_EXEC equivalent. > > > > Signed-off-by: Joey Gouly <joey.gouly@arm.com> > > Cc: Catalin Marinas <catalin.marinas@arm.com> > > Cc: Will Deacon <will@kernel.org> > > Cc: Mark Rutland <mark.rutland@arm.com> > > --- > > arch/arm64/include/asm/kernel-pgtable.h | 4 ++-- > > arch/arm64/kernel/head.S | 8 ++++---- > > arch/arm64/mm/proc.S | 2 +- > > 3 files changed, 7 insertions(+), 7 deletions(-) > > > > diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h > > index fcd14197756f..daf1909116f6 100644 > > --- a/arch/arm64/include/asm/kernel-pgtable.h > > +++ b/arch/arm64/include/asm/kernel-pgtable.h > > @@ -104,8 +104,8 @@ > > /* > > * Initial memory map attributes. > > */ > > -#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) > > -#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) > > +#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_UXN | PTE_WRITE) > > +#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PTE_UXN | PTE_WRITE) > > I mentioned on the previous version, I think it's better not to add the > PTE_WRITE here but in the users of these macros where writeable is > required (e.g. SWAPPER_RX_MMUFLAGS doesn't need PTE_WRITE as it has > PTE_RDONLY). I didn't ignore the previous comment, I just misunderstood it and thought I should leave it as is. I've made the change now! Thanks, Joey
On Thu, Apr 20, 2023 at 04:29:17PM +0100, Joey Gouly wrote: > On Thu, Apr 13, 2023 at 05:35:15PM +0100, Catalin Marinas wrote: > > On Thu, Apr 13, 2023 at 12:05:05PM +0100, Joey Gouly wrote: > > > With PIE enabled, the swapper PTEs would have a Permission Indirection Index > > > (PIIndex) of 0. A PIIndex of 0 is not currently used by any other PTEs. > > > > > > To avoid using index 0 specifically for the swapper PTEs, mark them as > > > PTE_UXN and PTE_WRITE, so that they map to a PAGE_KERNEL_EXEC equivalent. > > > > > > Signed-off-by: Joey Gouly <joey.gouly@arm.com> > > > Cc: Catalin Marinas <catalin.marinas@arm.com> > > > Cc: Will Deacon <will@kernel.org> > > > Cc: Mark Rutland <mark.rutland@arm.com> > > > --- > > > arch/arm64/include/asm/kernel-pgtable.h | 4 ++-- > > > arch/arm64/kernel/head.S | 8 ++++---- > > > arch/arm64/mm/proc.S | 2 +- > > > 3 files changed, 7 insertions(+), 7 deletions(-) > > > > > > diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h > > > index fcd14197756f..daf1909116f6 100644 > > > --- a/arch/arm64/include/asm/kernel-pgtable.h > > > +++ b/arch/arm64/include/asm/kernel-pgtable.h > > > @@ -104,8 +104,8 @@ > > > /* > > > * Initial memory map attributes. > > > */ > > > -#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) > > > -#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) > > > +#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_UXN | PTE_WRITE) > > > +#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PTE_UXN | PTE_WRITE) > > > > I mentioned on the previous version, I think it's better not to add the > > PTE_WRITE here but in the users of these macros where writeable is > > required (e.g. SWAPPER_RX_MMUFLAGS doesn't need PTE_WRITE as it has > > PTE_RDONLY). > > I didn't ignore the previous comment, I just misunderstood it and thought I > should leave it as is. Yeah, sorry, my comment was confusing. > I've made the change now! Thanks.
diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h index fcd14197756f..daf1909116f6 100644 --- a/arch/arm64/include/asm/kernel-pgtable.h +++ b/arch/arm64/include/asm/kernel-pgtable.h @@ -104,8 +104,8 @@ /* * Initial memory map attributes. */ -#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) -#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) +#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_UXN | PTE_WRITE) +#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PTE_UXN | PTE_WRITE) #ifdef CONFIG_ARM64_4K_PAGES #define SWAPPER_RW_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index b98970907226..989e2132af14 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -382,7 +382,7 @@ SYM_FUNC_START_LOCAL(create_idmap) adrp x0, init_idmap_pg_dir adrp x3, _text adrp x6, _end + MAX_FDT_SIZE + SWAPPER_BLOCK_SIZE - mov x7, SWAPPER_RX_MMUFLAGS + mov_q x7, SWAPPER_RX_MMUFLAGS map_memory x0, x1, x3, x6, x7, x3, IDMAP_PGD_ORDER, x10, x11, x12, x13, x14, EXTRA_SHIFT @@ -391,7 +391,7 @@ SYM_FUNC_START_LOCAL(create_idmap) adrp x2, init_pg_dir adrp x3, init_pg_end bic x4, x2, #SWAPPER_BLOCK_SIZE - 1 - mov x5, SWAPPER_RW_MMUFLAGS + mov_q x5, SWAPPER_RW_MMUFLAGS mov x6, #SWAPPER_BLOCK_SHIFT bl remap_region @@ -402,7 +402,7 @@ SYM_FUNC_START_LOCAL(create_idmap) bfi x22, x21, #0, #SWAPPER_BLOCK_SHIFT // remapped FDT address add x3, x2, #MAX_FDT_SIZE + SWAPPER_BLOCK_SIZE bic x4, x21, #SWAPPER_BLOCK_SIZE - 1 - mov x5, SWAPPER_RW_MMUFLAGS + mov_q x5, SWAPPER_RW_MMUFLAGS mov x6, #SWAPPER_BLOCK_SHIFT bl remap_region @@ -430,7 +430,7 @@ SYM_FUNC_START_LOCAL(create_kernel_mapping) adrp x3, _text // runtime __pa(_text) sub x6, x6, x3 // _end - _text add x6, x6, x5 // runtime __va(_end) - mov x7, SWAPPER_RW_MMUFLAGS + mov_q x7, SWAPPER_RW_MMUFLAGS map_memory x0, x1, x5, x6, x7, x3, (VA_BITS - PGDIR_SHIFT), x10, x11, x12, x13, x14 diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 91410f488090..644e8daa25df 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -290,7 +290,7 @@ SYM_TYPED_FUNC_START(idmap_kpti_install_ng_mappings) isb mov temp_pte, x5 - mov pte_flags, #KPTI_NG_PTE_FLAGS + mov_q pte_flags, KPTI_NG_PTE_FLAGS /* Everybody is enjoying the idmap, so we can rewrite swapper. */ /* PGD */
With PIE enabled, the swapper PTEs would have a Permission Indirection Index (PIIndex) of 0. A PIIndex of 0 is not currently used by any other PTEs. To avoid using index 0 specifically for the swapper PTEs, mark them as PTE_UXN and PTE_WRITE, so that they map to a PAGE_KERNEL_EXEC equivalent. Signed-off-by: Joey Gouly <joey.gouly@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> --- arch/arm64/include/asm/kernel-pgtable.h | 4 ++-- arch/arm64/kernel/head.S | 8 ++++---- arch/arm64/mm/proc.S | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-)