From patchwork Thu Mar 9 08:25:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9612669 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D440C602B4 for ; Thu, 9 Mar 2017 08:26:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AFA3728585 for ; Thu, 9 Mar 2017 08:26:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A4500285A4; Thu, 9 Mar 2017 08:26:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id D0D8F28585 for ; Thu, 9 Mar 2017 08:26:42 +0000 (UTC) Received: (qmail 11913 invoked by uid 550); 9 Mar 2017 08:25:50 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11672 invoked from network); 9 Mar 2017 08:25:45 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=zjzTbxwutay1yEwYV/m01kpW66yd6PI9aEbWZZL59kw=; b=ST+EE5uT46Hp1F/gqSJXrlXcxE+Gbxw3QM7glfPsSTQXaxMqS04Lgupftouj4RD5Zo N/mvFeqwljBGfaxIxvfjyTnWGg0GSaSVe42lH6zNCK+bL0ZyhZ4NCjeGJgzVxPpq/zlC agpEbZm42Cbi00TKGz5zbXiomrbU6hRxJw7IQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=zjzTbxwutay1yEwYV/m01kpW66yd6PI9aEbWZZL59kw=; b=IISMGPeCOQtOqDUGWHha3AEtd5E+xS16BauUIPgollXDs5elLZZ6PnCxDfiptAL5rG 1jxRUmmWTLcUYAX4BgVwzc3MMG8N1mco8XR8VlElPnf0QbuRU7VVM8ozRnHnDYSkmF+8 14DJan3GjRKlZo26E/leVhTigkGSN+QHkSHHx7RyUfoNUakd3/zAJX3ZTAt1tEGvdvf+ fqx2Y/tOAQn2FkgcG25XgWA6mvF5aMc3DMYxE5tWsVyC5vGl1Rnc4W8jJboRxIyrn+51 TQFpOoN+zGhGiRTH2BXYVdWDrPsOqLucyP0K0VH49IpYxq8MZ6fLBgj4uwheZu6cWTMn QSZQ== X-Gm-Message-State: AMke39kckep16J2uJQrhvQOOs+kq7+LPs/iqjBTe5hHwlX8zWDiFXQQCmsEns/m3XQluTpQV X-Received: by 10.28.74.28 with SMTP id x28mr27506770wma.131.1489047934376; Thu, 09 Mar 2017 00:25:34 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, keescook@chromium.org, labbott@fedoraproject.org Cc: kernel-hardening@lists.openwall.com, will.deacon@arm.com, catalin.marinas@arm.com, kvmarm@lists.cs.columbia.edu, marc.zyngier@arm.com, Ard Biesheuvel Date: Thu, 9 Mar 2017 09:25:10 +0100 Message-Id: <1489047912-642-9-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1489047912-642-1-git-send-email-ard.biesheuvel@linaro.org> References: <1489047912-642-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH v5 08/10] arm64/mmu: add contiguous bit to sanity bug check X-Virus-Scanned: ClamAV using ClamSMTP A mapping with the contiguous bit cannot be safely manipulated while live, regardless of whether the bit changes between the old and new mapping. So take this into account when deciding whether the change is safe. Signed-off-by: Ard Biesheuvel Reviewed-by: Mark Rutland --- arch/arm64/mm/mmu.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index d3fecd20a136..a6d7a86dd2b8 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -103,7 +103,15 @@ static bool pgattr_change_is_safe(u64 old, u64 new) */ static const pteval_t mask = PTE_PXN | PTE_RDONLY | PTE_WRITE; - return old == 0 || new == 0 || ((old ^ new) & ~mask) == 0; + /* creating or taking down mappings is always safe */ + if (old == 0 || new == 0) + return true; + + /* live contiguous mappings may not be manipulated at all */ + if ((old | new) & PTE_CONT) + return false; + + return ((old ^ new) & ~mask) == 0; } static void alloc_init_pte(pmd_t *pmd, unsigned long addr,