From patchwork Fri Jul  1 13:04:35 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb@kernel.org>
X-Patchwork-Id: 12903273
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 72FA3C433EF
	for <linux-arm-kernel@archiver.kernel.org>;
 Fri,  1 Jul 2022 13:06:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=SyRD85OAK6d2bhyq26GliUWTmKCTTpcfWkXube7lTOs=; b=1u4z2FeGfjT+pJ
	8oOG0YaXASoY9EmVwL1GYxu6rL6r62ueLs4bnnaxkEAk6SXNvnfSjz91CG0LRUnGigi/Yd+4zgUka
	iuf9cVZ8VJNwtMaFvLt/VBlLAfSgov8fuvHs2t6M3kl6vm1uE4GtgMMpsusWr7DkwMLPe4v/5uRrS
	D6zmxZe7r12C0QGfj0/sPk7rjgCEnBhX20iD2qvYxglgGYuqFZwuyqxKLPjrnOvF+6eI1pQX33k1R
	sdD3bxOTz4yembwO7Zhq+s1kVrDxEJa61pcSLCuIwdnmNtawFYZ1H40yKnuzcZ6eWsBu/NVWWg1EN
	GUqE0umG3NZvEex/xJyg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1o7GKc-004vkf-4e; Fri, 01 Jul 2022 13:05:10 +0000
Received: from ams.source.kernel.org ([145.40.68.75])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1o7GKQ-004veg-02
	for linux-arm-kernel@lists.infradead.org; Fri, 01 Jul 2022 13:04:59 +0000
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id 0D8C0B8302C;
	Fri,  1 Jul 2022 13:04:56 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BABD1C3411E;
	Fri,  1 Jul 2022 13:04:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1656680695;
	bh=pN0Oq+V6ekkhHgHIwFkj1yjxTt4E9nFqAHGmdhdgO68=;
	h=From:To:Cc:Subject:Date:From;
	b=IqHVDFyVQCenL1B3UlpCnVvgjK/TDpHskZR8vS4RJzRERjRHEGs3Prb4U1lWEvLsm
	 s3O7zBBSO5Xoy9gbK3J7mscGGuoD1HQI6a2JA8/LGgLIjXpfEYm7ytiZK01T3VSFsJ
	 ElG3yYt8599xQcpSmx/oKAJap1jERbzXC69yQdPlqcA3js48CkT2oCoTo481j+19mR
	 xXaW4zb3oTlQ5E8vzUd/7lEod+/JsgLZFQufhI+q3BqfnQENXyVDpIjhassIVgdhD3
	 bttD0HjsI6Ubc3LmKrmyRO8U79TSqDJib5rH91/qw2mBxUZHyu4DTmghZRkISipiyn
	 YSUL5G9Woc2FA==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Marc Zyngier <maz@kernel.org>,
	Will Deacon <will@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Kees Cook <keescook@chromium.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Mark Brown <broonie@kernel.org>,
	Anshuman Khandual <anshuman.khandual@arm.com>
Subject: [PATCH v6 0/9] arm64: add support for WXN
Date: Fri,  1 Jul 2022 15:04:35 +0200
Message-Id: <20220701130444.2945106-1-ardb@kernel.org>
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=4467; h=from:subject;
 bh=pN0Oq+V6ekkhHgHIwFkj1yjxTt4E9nFqAHGmdhdgO68=;
 b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBivvDaZB98Lho5YhHT1PB+s1Ei/gIFsY2iurkUjPeX
 tffFfJGJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYr7w2gAKCRDDTyI5ktmPJLEhDA
 CVMMv72FlGZrGg7QeFhDdpuJ0R24FVscpygo2nRqrad222yjsTOy9Vzw0UxsTt9TOpy9GwQKgXA7Gx
 OVz0cjGjOjq7JPkcetMxzf+aFCxbGuX5xsdauP8zSQ2VYjHmPpgUNnQJcZs0CWrjrkYkWv8sP/jJ1t
 lLLAxwT1ky4Htj1eCPjAi9LpFdmdV//MNc9UXiNnfWop7yzyCGyGZpXwwmVhXOiyx7YB9wclXATuZQ
 nzon+TZUx+S/E3NXsl4SpwNpTD1cV9NgYbaG5BdvnlKr30aPQFgpvrYH5A0L5moHyUxqbjVRoDeoEw
 zs8IagfPgLfaTWXJzGu8oeFHB8/ZPL6Dz1JN/M2LWTw564DZJA9WCAyh8wfH6/UZ8E0XGAUx0gn+PH
 15kt0k8/lXHEbVlPC30kvlg3krEiKU15oYXY++lSq7+shTvUU4tZTcA53UOQ4Q8eYkBQZfO4nDqa0Y
 xtbFelPVgFVjqK97ZvNckwjMY0vg19VxwddYd9f4TfEc8=
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220701_060458_396302_D6920612 
X-CRM114-Status: GOOD (  24.46  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

This series covers the remaining changes that are needed to enable WXN
support on arm64 now that a lot of the prerequisite work has been queued
up. WXN support is desirable for robustness, given that writable,
executable mappings of memory are too easy to subvert, and in the
kernel, we never rely on such mappings anyway.

Setting SCTLR_ELx.WXN makes all writable mappings implicitly
non-executable, and when set at EL1, it affects EL0 as well as EL1. This
means we need some diligence on the part of user space, but fortunately,
most JITs and other user space components that actually need to
manipulate the contents of their own executable code use split views on
the same memory, or switch between RW- and R-X and back. (One notable
exception is V8, which recently switched back to a full RWX mappings
based JIT)

So on the user space side, we need a couple of minor tweaks to validate
the mmap()/mprotect() arguments when WXN is in effect, and to handle any
faults that might occur on such mappings.

On the kernel side, it is mostly about ensuring that we don't rely on
writable, executable mappings, even during early boot. So for this
reason, the two remaining sequences that create the kernel mapping are
merged, moving the more elaborate logic to set the right attributes into
a C implementation that executes from the ID map. This also allows us to
move the relocation code into C as well, which only lived in asm because
it runs before we have a stack.

Finally, some cleanups are provided for the KASLR code, mainly to ensure
that the early code's decision to use nG mappings or not is based on the
exact same criteria.

(v5 was a subset of v4 without the WXN specific pieces)

Changes since v4: [0]
- don't move __ro_after_init section now that we no longer need to,
- don't complicate the asm kernel mapping routines further, but instead,
  merge the two existing passes into one implemented in C,
- deal with rodata=off on WXN enabled builds (i.e., turn off WXN as
  well),
- add some acks from Kees

[0] https://lore.kernel.org/linux-arm-kernel/20220613144550.3760857-1-ardb@kernel.org/

Cc: Marc Zyngier <maz@kernel.org>
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>

Ard Biesheuvel (9):
  arm64: kaslr: use an ordinary command line param for nokaslr
  arm64: kaslr: don't pretend KASLR is enabled if offset <
    MIN_KIMG_ALIGN
  arm64: kaslr: drop special case for ThunderX in kaslr_requires_kpti()
  arm64: head: allocate more pages for the kernel mapping
  arm64: head: move early kernel mapping and relocation code to C code
  arm64: mm: avoid fixmap for early swapper_pg_dir updates
  arm64: mm: omit redundant remap of kernel image
  mm: add arch hook to validate mmap() prot flags
  arm64: mm: add support for WXN memory translation attribute

 arch/arm64/Kconfig                      |  11 +
 arch/arm64/include/asm/cpufeature.h     |   9 +
 arch/arm64/include/asm/kasan.h          |   2 -
 arch/arm64/include/asm/kernel-pgtable.h |  11 +-
 arch/arm64/include/asm/memory.h         |  11 +
 arch/arm64/include/asm/mman.h           |  36 ++
 arch/arm64/include/asm/mmu.h            |   2 +-
 arch/arm64/include/asm/mmu_context.h    |  30 +-
 arch/arm64/include/asm/pgtable-prot.h   |   2 +
 arch/arm64/kernel/Makefile              |   4 +-
 arch/arm64/kernel/cpufeature.c          |  14 +-
 arch/arm64/kernel/head.S                | 157 +-------
 arch/arm64/kernel/idreg-override.c      |  15 -
 arch/arm64/kernel/image-vars.h          |  17 +
 arch/arm64/kernel/kaslr.c               |   8 +-
 arch/arm64/kernel/pi/Makefile           |   2 +-
 arch/arm64/kernel/pi/early_map_kernel.c | 381 ++++++++++++++++++++
 arch/arm64/kernel/pi/kaslr_early.c      | 112 ------
 arch/arm64/kernel/vmlinux.lds.S         |  13 +-
 arch/arm64/mm/kasan_init.c              |  15 -
 arch/arm64/mm/mmu.c                     | 150 +++-----
 arch/arm64/mm/proc.S                    |  24 ++
 include/linux/mman.h                    |  15 +
 mm/mmap.c                               |   3 +
 24 files changed, 630 insertions(+), 414 deletions(-)
 create mode 100644 arch/arm64/kernel/pi/early_map_kernel.c
 delete mode 100644 arch/arm64/kernel/pi/kaslr_early.c