From patchwork Sat Mar  4 14:30:47 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 9603991
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B634C60453 for <patchwork-linux-arm@patchwork.kernel.org>;
	Sat,  4 Mar 2017 14:34:36 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A4F2228503
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Sat,  4 Mar 2017 14:34:36 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 970D028589; Sat,  4 Mar 2017 14:34:36 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 36F5728503
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Sat,  4 Mar 2017 14:34:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=WAJc68ccT/Ugvk7Gq10iizwcP+K4Q3r/9uktEHk9PPg=;
	b=hluEgYnQBnG0LmXRYKGyndJ2KE
	g+C8dVP9qdMa5P1yltBLjXT8mE5UHNckOBebh3QFrYaDdWbu2SMcwEh09zGVzYbpzY5qoXh0utp1V
	4unNjfE8pietbd9Dwci4W2BioaseaZ0r3BFSmUSRG3pQn2JINyi9pXoQJCHsYjxqmgM5xj0K/k42+
	7lb6RqQoPbAgIytn9ojhRUH1g0AS2iwfPdpvcAeJj7LFoJ5hTK4cWwMVTziNE9zXvgfwhtJYqE1Dt
	cn7MH/LGcStFqV1tPGOf8tfTzAEBRiaiFgVa3fxlQ9Y3Aa+3ygU8rhz33gEZqLtHdCiKp+HtXXGZf
	V3DIu+AQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1ckAlV-000458-ME; Sat, 04 Mar 2017 14:34:33 +0000
Received: from mail-wm0-x232.google.com ([2a00:1450:400c:c09::232])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1ckAiw-0002Qt-7z for linux-arm-kernel@lists.infradead.org;
	Sat, 04 Mar 2017 14:31:55 +0000
Received: by mail-wm0-x232.google.com with SMTP id t193so34459290wmt.1
	for <linux-arm-kernel@lists.infradead.org>;
	Sat, 04 Mar 2017 06:31:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ylsPvwYj1/N1UP6W2OwPchxGzLYNXs2cOsPkRLFwS44=;
	b=KQWe7xoSla7imlI8AHE9SCc5ZsMe6iA6N101seSm3xEHJG8jIJSER4PlcGz9OJLjql
	Y0mJC2vDWhZsQnQ5ZXV1eYcFxVb9QzmlY4TIN3zWuwX6hdC4NAqg4sI71Y/kK0beZbpv
	+luM5ZpHBHEEWMdnx++tce3ixciPBcCJ66dXI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ylsPvwYj1/N1UP6W2OwPchxGzLYNXs2cOsPkRLFwS44=;
	b=cuEfM4RxyHuNm12Sz7hi6tQv3YHa/lTkRGgsW+ldM/+Zts4/HnwcJFseXVdASZO8Ib
	yog0M2FvoWnodLpuIhWT0/gP8YOjre9F85rkOZPKFKCCpp2eki5ry7njQGAAzVwJEx2g
	V4w1GSDS35nYEgXxjxRUuOTCkb57liA36kFQwz/Yp8C/W61rKzDEKdxy2RttUq6h6soo
	zRek5bbTGW2+qaWS1YApYJny9vlZd0JsuD0TcshOFEEETase7qwSOaXozNPLqTqDIG1Y
	WcLZKLyxDvwqaw1EjP3nWXYPTL4eNPGUfZF9RTO16O674cDQaPUQbaV1vMfH+WMJgykt
	omug==
X-Gm-Message-State: 
 AMke39mvNwLh/CrOw4dqTM3RlvcJb/dWJXSLGzhZk2OHQ5acs/H7iNKs6SEU3l1dX/p2hwrH
X-Received: by 10.28.45.213 with SMTP id t204mr7219476wmt.113.1488637892131;
	Sat, 04 Mar 2017 06:31:32 -0800 (PST)
Received: from localhost.localdomain ([197.130.214.201])
	by smtp.gmail.com with ESMTPSA id
	c35sm19497267wra.1.2017.03.04.06.31.29
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sat, 04 Mar 2017 06:31:31 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com,
	mark.rutland@arm.com, catalin.marinas@arm.com, will.deacon@arm.com,
	labbott@fedoraproject.org
Subject: [PATCH v4 5/6] arm64: mmu: apply strict permissions to .init.text
	and .init.data
Date: Sat,  4 Mar 2017 14:30:47 +0000
Message-Id: <1488637848-13588-6-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1488637848-13588-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1488637848-13588-1-git-send-email-ard.biesheuvel@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170304_063154_446253_53E0A281 
X-CRM114-Status: GOOD (  12.35  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: keescook@chromium.org, suzuki.poulose@arm.com, marc.zyngier@arm.com,
	andre.przywara@arm.com, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	james.morse@arm.com, kvmarm@lists.cs.columbia.edu
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

To avoid having mappings that are writable and executable at the same
time, split the init region into a .init.text region that is mapped
read-only, and a .init.data region that is mapped non-executable.

This is possible now that the alternative patching occurs via the linear
mapping, and the linear alias of the init region is always mapped writable
(but never executable).

Since the alternatives descriptions themselves are read-only data, move
those into the .init.text region.

Reviewed-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
---
 arch/arm64/include/asm/sections.h |  3 ++-
 arch/arm64/kernel/vmlinux.lds.S   | 25 +++++++++++++-------
 arch/arm64/mm/mmu.c               | 12 ++++++----
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/arch/arm64/include/asm/sections.h b/arch/arm64/include/asm/sections.h
index 4e7e7067afdb..22582819b2e5 100644
--- a/arch/arm64/include/asm/sections.h
+++ b/arch/arm64/include/asm/sections.h
@@ -24,7 +24,8 @@ extern char __hibernate_exit_text_start[], __hibernate_exit_text_end[];
 extern char __hyp_idmap_text_start[], __hyp_idmap_text_end[];
 extern char __hyp_text_start[], __hyp_text_end[];
 extern char __idmap_text_start[], __idmap_text_end[];
+extern char __initdata_begin[], __initdata_end[];
+extern char __inittext_begin[], __inittext_end[];
 extern char __irqentry_text_start[], __irqentry_text_end[];
 extern char __mmuoff_data_start[], __mmuoff_data_end[];
-
 #endif /* __ASM_SECTIONS_H */
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index b8deffa9e1bf..2c93d259046c 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -143,12 +143,27 @@ SECTIONS
 
 	. = ALIGN(SEGMENT_ALIGN);
 	__init_begin = .;
+	__inittext_begin = .;
 
 	INIT_TEXT_SECTION(8)
 	.exit.text : {
 		ARM_EXIT_KEEP(EXIT_TEXT)
 	}
 
+	. = ALIGN(4);
+	.altinstructions : {
+		__alt_instructions = .;
+		*(.altinstructions)
+		__alt_instructions_end = .;
+	}
+	.altinstr_replacement : {
+		*(.altinstr_replacement)
+	}
+
+	. = ALIGN(PAGE_SIZE);
+	__inittext_end = .;
+	__initdata_begin = .;
+
 	.init.data : {
 		INIT_DATA
 		INIT_SETUP(16)
@@ -164,15 +179,6 @@ SECTIONS
 
 	PERCPU_SECTION(L1_CACHE_BYTES)
 
-	. = ALIGN(4);
-	.altinstructions : {
-		__alt_instructions = .;
-		*(.altinstructions)
-		__alt_instructions_end = .;
-	}
-	.altinstr_replacement : {
-		*(.altinstr_replacement)
-	}
 	.rela : ALIGN(8) {
 		*(.rela .rela*)
 	}
@@ -181,6 +187,7 @@ SECTIONS
 	__rela_size	= SIZEOF(.rela);
 
 	. = ALIGN(SEGMENT_ALIGN);
+	__initdata_end = .;
 	__init_end = .;
 
 	_data = .;
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index edd982f88714..0612573ef869 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -459,14 +459,18 @@ early_param("rodata", parse_rodata);
  */
 static void __init map_kernel(pgd_t *pgd)
 {
-	static struct vm_struct vmlinux_text, vmlinux_rodata, vmlinux_init, vmlinux_data;
+	static struct vm_struct vmlinux_text, vmlinux_rodata, vmlinux_inittext,
+				vmlinux_initdata, vmlinux_data;
 
 	pgprot_t text_prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
 
 	map_kernel_segment(pgd, _text, _etext, text_prot, &vmlinux_text);
-	map_kernel_segment(pgd, __start_rodata, __init_begin, PAGE_KERNEL, &vmlinux_rodata);
-	map_kernel_segment(pgd, __init_begin, __init_end, PAGE_KERNEL_EXEC,
-			   &vmlinux_init);
+	map_kernel_segment(pgd, __start_rodata, __inittext_begin, PAGE_KERNEL,
+			   &vmlinux_rodata);
+	map_kernel_segment(pgd, __inittext_begin, __inittext_end, text_prot,
+			   &vmlinux_inittext);
+	map_kernel_segment(pgd, __initdata_begin, __initdata_end, PAGE_KERNEL,
+			   &vmlinux_initdata);
 	map_kernel_segment(pgd, _data, _end, PAGE_KERNEL, &vmlinux_data);
 
 	if (!pgd_val(*pgd_offset_raw(pgd, FIXADDR_START))) {