From patchwork Thu Mar 9 08:25:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9612665 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2F5E1602B4 for ; Thu, 9 Mar 2017 08:26:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0962828593 for ; Thu, 9 Mar 2017 08:26:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F19C6285A5; Thu, 9 Mar 2017 08:26:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id E854A28593 for ; Thu, 9 Mar 2017 08:26:27 +0000 (UTC) Received: (qmail 11875 invoked by uid 550); 9 Mar 2017 08:25:49 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11564 invoked from network); 9 Mar 2017 08:25:44 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8nRcjU9yUshItm0J2oGNefnm4PRze7JhSXN6CfgimLw=; b=MJz5r3A9Bw9sanAyn9c5k9UfBIdcOr6wdVPbIel1988DmCOn72Soq86wEO8hKb0HBX YjNr34d45LU1n3EPiMW9KHGrQPQwmlSZVbp7eByLNVE8kcluge9TiFINWBjIc00APJCY n3B3KWT9wC8bxycOWn7SRPngneNX7wkr8HIso= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8nRcjU9yUshItm0J2oGNefnm4PRze7JhSXN6CfgimLw=; b=V+pePQlLDqyoWyAM1jUpIm6uur2Hiq3FqwyYrTsvDw9xcJ3cOcXtZkuJO7om328K3B PSCZkbqJ061Xb48t2ON/K7AuQYTFD/Yc/o8d3gwcQbEVRzOkwseVSPhIb4IigF4PO4Sh luKAIrLBCrwMKp3bivx8+JIxfgjBTJPpEWz0C6br6sPCJcZEyt5A3Fi/XWm3+aqYtd/o IAEUoACKR+FTo2ICt5zjZ8NnMUSmyRisBhBT/bhYzhQMAOVOppJT9Zf5svnIB3dIRzSg ZQgkgVC7CBd+zgAhsrkj0Hrfsc0fanhYjc2aewCzWM708VfD4G5hT3EbQerLoRk8Nx6F Pg8A== X-Gm-Message-State: AMke39nv8VkI+GEStDmEl7huZPBOdZo2rPHFcLh7+R4EPwqzA83L2Yu/XmgpqBxA4X9HsfXW X-Received: by 10.223.128.99 with SMTP id 90mr10054391wrk.157.1489047933202; Thu, 09 Mar 2017 00:25:33 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, keescook@chromium.org, labbott@fedoraproject.org Cc: kernel-hardening@lists.openwall.com, will.deacon@arm.com, catalin.marinas@arm.com, kvmarm@lists.cs.columbia.edu, marc.zyngier@arm.com, Ard Biesheuvel Date: Thu, 9 Mar 2017 09:25:09 +0100 Message-Id: <1489047912-642-8-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1489047912-642-1-git-send-email-ard.biesheuvel@linaro.org> References: <1489047912-642-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH v5 07/10] arm64/mmu: ignore debug_pagealloc for kernel segments X-Virus-Scanned: ClamAV using ClamSMTP The debug_pagealloc facility manipulates kernel mappings in the linear region at page granularity to detect out of bounds or use-after-free accesses. Since the kernel segments are not allocated dynamically, there is no point in taking the debug_pagealloc_enabled flag into account for them, and we can use block mappings unconditionally. Note that this applies equally to the linear alias of text/rodata: we will never have dynamic allocations there given that the same memory is statically in use by the kernel image. Signed-off-by: Ard Biesheuvel Reviewed-by: Mark Rutland --- arch/arm64/mm/mmu.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index c3963c592ec3..d3fecd20a136 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -328,8 +328,7 @@ static void update_mapping_prot(phys_addr_t phys, unsigned long virt, return; } - __create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, - NULL, debug_pagealloc_enabled()); + __create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL, false); /* flush the TLBs after updating live kernel mappings */ flush_tlb_kernel_range(virt, virt + size); @@ -381,7 +380,7 @@ static void __init __map_memblock(pgd_t *pgd, phys_addr_t start, phys_addr_t end */ __create_pgd_mapping(pgd, kernel_start, __phys_to_virt(kernel_start), kernel_end - kernel_start, PAGE_KERNEL, - early_pgtable_alloc, debug_pagealloc_enabled()); + early_pgtable_alloc, false); } void __init mark_linear_text_alias_ro(void) @@ -437,7 +436,7 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end, BUG_ON(!PAGE_ALIGNED(size)); __create_pgd_mapping(pgd, pa_start, (unsigned long)va_start, size, prot, - early_pgtable_alloc, debug_pagealloc_enabled()); + early_pgtable_alloc, false); vma->addr = va_start; vma->phys_addr = pa_start;