[v2,0/3] arm64: use hierarchical XN permissions for all page tables

Message ID	20210308181535.16230-1-ardb@kernel.org (mailing list archive)
Headers	show Return-Path: <SRS0=G0Ss=IG=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1A9066518A From: Ard Biesheuvel <ardb@kernel.org> To: linux-arm-kernel@lists.infradead.org Cc: Ard Biesheuvel <ardb@kernel.org>, maz@kernel.org, catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com, anshuman.khandual@arm.com, qperret@google.com, kernel-team@android.com Subject: [PATCH v2 0/3] arm64: use hierarchical XN permissions for all page tables Date: Mon, 8 Mar 2021 19:15:32 +0100 Message-Id: <20210308181535.16230-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	arm64: use hierarchical XN permissions for all page tables \| expand [v2,0/3] arm64: use hierarchical XN permissions for all page tables [v2,1/3] arm64: mm: add missing P4D definitions and use them consistently [v2,2/3] arm64: mm: use XN table mapping attributes for the linear region [v2,3/3] arm64: mm: use XN table mapping attributes for user/kernel mappings

Message ID

20210308181535.16230-1-ardb@kernel.org (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1A9066518A
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>, maz@kernel.org, catalin.marinas@arm.com,
 will@kernel.org, mark.rutland@arm.com, anshuman.khandual@arm.com,
 qperret@google.com, kernel-team@android.com
Subject: [PATCH v2 0/3] arm64: use hierarchical XN permissions for all page
 tables
Date: Mon,  8 Mar 2021 19:15:32 +0100
Message-Id: <20210308181535.16230-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

arm64: use hierarchical XN permissions for all page tables | expand

Message

Ard Biesheuvel March 8, 2021, 6:15 p.m. UTC

This series tweaks the page table population code to set the UXNTable and
PXNTable bits as appropriate when page tables are being allocated and linked
into a page table hierarchy. On table entries that cover the linear region,
both PXN and UXN are set; for other page tables, either the UXN or PXN
attribute is set on all table entries, depending on whether the hierarchy in
question is used by the kernel or by user space.

Doing so removes the ability for lower level mappings to grant executable
permissions which are never needed by code that works as intended. And given
that swapper's PGD level is mapped r/o and can only be updated via the fixmap
API, the restrictions on kernel mappings cannot be trivially reverted by poking
writable memory.

Note that newer cores may permit hierarchical permission checks to be disabled,
so that the bits can be repurposed as software bits. However, we currently do
not make use of that feature, nor do we intend to, given that software bits in
table descriptors are not in short supply anyway.

This does not address a known exploit or vulnerability, but it applies the
principle of least privilege in a way that does not result in any space
or runtime overhead.

Changes since v1:
- clean up some more occurrences of P?D_xxx mismatches (#1)
- split the PXN and UXN macro definitions so we can apply them independently
- add patch #3 to apply PXNTable xor UXNTable permissions to all user and
  kernel mappings, respectively

Cc: maz@kernel.org
Cc: catalin.marinas@arm.com
Cc: will@kernel.org
Cc: mark.rutland@arm.com
Cc: anshuman.khandual@arm.com
Cc: qperret@google.com
Cc: kernel-team@android.com

Ard Biesheuvel (3):
  arm64: mm: add missing P4D definitions and use them consistently
  arm64: mm: use XN table mapping attributes for the linear region
  arm64: mm: use XN table mapping attributes for user/kernel mappings

 arch/arm64/include/asm/pgalloc.h       | 19 +++++++-----
 arch/arm64/include/asm/pgtable-hwdef.h | 15 ++++++++++
 arch/arm64/mm/kasan_init.c             |  4 +--
 arch/arm64/mm/mmu.c                    | 31 ++++++++++++++------
 4 files changed, 51 insertions(+), 18 deletions(-)