From patchwork Thu Mar 9 20:52:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9614183 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 73EED60414 for ; Thu, 9 Mar 2017 20:56:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 68FE828429 for ; Thu, 9 Mar 2017 20:56:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5D57E286B2; Thu, 9 Mar 2017 20:56:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id A286628429 for ; Thu, 9 Mar 2017 20:56:00 +0000 (UTC) Received: (qmail 3089 invoked by uid 550); 9 Mar 2017 20:55:53 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 29853 invoked from network); 9 Mar 2017 20:54:16 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hSVO1oruK2qCK/M8AfmbqC5IusLmEMLBNzTZum+H4cE=; b=VudnbZ7ebR2CmDePPE5qqS5cjk4/BxExFwaTdQUlOd4rB9oul1ImQ25aGpm9UgfuIb i32jJUh21U0rHjt9dWR+zOamYy5nusuvhRCoaClOV4ZQsoFGll+H/Ixdg7p4vIjriSfF wRRXcQ2lhk5EK2K7Kq0Emb0wQ1SNj0WoEtHEU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hSVO1oruK2qCK/M8AfmbqC5IusLmEMLBNzTZum+H4cE=; b=ACx0JKPI1xln9zuZ7uS7fAviCFGIHytdVyo8DpdNgq+XHzui5k1pCaPp740O5Ovqmi qLh2UiWS6mVy+AsEBJLsK6dBm/lYKf4UNvsil2PGJF3PAIexDzoGkscbr/X7i0YRMJ12 cfSTSn6wiY247FCjm1BgfFCG3a1vk81cb5Cx3M8sc5+3LJpglcslcDG+dPLOzHVa8TkK lFc81+H9S+wy7LlK4Di0rL73jJRuzVQ//awzcfGCD/jio8gyZygmv+DZbQR5bYooeZrg krvp7cenMceD1UnLKtMoikANUX5VGcvNmcxztoSZujO2QhV2u5dPbDgceC08aT2kqWU0 k4Zw== X-Gm-Message-State: AMke39nY0/P+ww5hiEK/dw9VtsZcnNDWEMG59AmvkgPhLwalQAc4LjddXqDeazQxpGBaBpxh X-Received: by 10.223.175.196 with SMTP id y4mr12337462wrd.77.1489092845458; Thu, 09 Mar 2017 12:54:05 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, keescook@chromium.org, labbott@fedoraproject.org Cc: kernel-hardening@lists.openwall.com, will.deacon@arm.com, catalin.marinas@arm.com, Ard Biesheuvel Date: Thu, 9 Mar 2017 21:52:06 +0100 Message-Id: <1489092729-16871-9-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1489092729-16871-1-git-send-email-ard.biesheuvel@linaro.org> References: <1489092729-16871-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [PATCH v6 08/11] arm64/mmu: add contiguous bit to sanity bug check X-Virus-Scanned: ClamAV using ClamSMTP A mapping with the contiguous bit cannot be safely manipulated while live, regardless of whether the bit changes between the old and new mapping. So take this into account when deciding whether the change is safe. Reviewed-by: Mark Rutland Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index ec23aec6433f..382ebd6ef46f 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -103,7 +103,15 @@ static bool pgattr_change_is_safe(u64 old, u64 new) */ static const pteval_t mask = PTE_PXN | PTE_RDONLY | PTE_WRITE; - return old == 0 || new == 0 || ((old ^ new) & ~mask) == 0; + /* creating or taking down mappings is always safe */ + if (old == 0 || new == 0) + return true; + + /* live contiguous mappings may not be manipulated at all */ + if ((old | new) & PTE_CONT) + return false; + + return ((old ^ new) & ~mask) == 0; } static void alloc_init_pte(pmd_t *pmd, unsigned long addr,