From patchwork Fri Apr 29 13:13:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 12831999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9D11AC433F5 for ; Fri, 29 Apr 2022 13:15:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=MJ+E5/1hRnbMM8cmDRooNkU6BGqIqBoBiKZLJID2K3s=; b=eZDLHt03WlHvug PV0palvWu6fRH03TONVdY/+zrT2uudYhxTp+vHv+ksckbIwjW9NnMy3EFYGjYG6FjvaZRSyHzICOx sxa7l2NUmlHb4eiukllN6uTLIjLmCpqD8Vd2mBP8+MnS75zdUOPPcFW2ODTCpjoO5h16JIc2uN7Yu zFrv/l97MoiNpU0OWEPhphZeeLq7kiw2pmsBa8BBys6o5iZVbn7Yc61LAliN1bF0gYKFqC7fMMlAy 75i/RaNF+a773m+bqRE8hdmJ2WXAsVnrIDxVKi4n1qGxwg4NaITOnq/JiLo6C3BfsM6DzqsXSpEda cMzy9hEeRB+Z908pKXew==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkQRr-00BKKL-Af; Fri, 29 Apr 2022 13:14:15 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkQRd-00BKIP-FQ for linux-arm-kernel@lists.infradead.org; Fri, 29 Apr 2022 13:14:03 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 37DAFB8350B; Fri, 29 Apr 2022 13:14:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90768C385B1; Fri, 29 Apr 2022 13:13:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1651238038; bh=F+6df/dSYYQQyN87qkGkrNYCl5hTwNhMk899VGHKEXE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HuxWdAwSMuVWe2aYf6pbLEdXc0dHog/aOGCD8gnRon+mAV9yU5NqE1I0erLuk48xY /iqQ9E+XyGSVk9xuNd6j2A2X/t7k4Rme8D69J8xoltKv5kuH+QsodgMe/Oe5PyQSXC R1uwm2cAHSkk7/p/MKiRunosLo5Lcu+KebNxgvZdF3JNXof/sCEnFIwoBcsB7G0KrY fcnrhXTTCdrGCVJtq8PrIgaDJgXId8EXHjFb43JIxfK2bIrD5Jw34nZpgiEMLjmVHk 1p/jZLw+94VzSiI6qT5s/XEH67PWSfc5uDy4RcPHg+Ci99QKoMGD0H79KbVb8Oi7Kd IGtu/PZyNQT8A== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org, mark.rutland@arm.com, Ard Biesheuvel Subject: [PATCH 1/2] arm64: lds: move special code sections out of kernel exec segment Date: Fri, 29 Apr 2022 15:13:46 +0200 Message-Id: <20220429131347.3621090-2-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220429131347.3621090-1-ardb@kernel.org> References: <20220429131347.3621090-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3357; h=from:subject; bh=F+6df/dSYYQQyN87qkGkrNYCl5hTwNhMk899VGHKEXE=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBia+SJhmnaDDev+KwmVae6lERhCZGEpzXDSjGEZ7bq w0+iPo+JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYmvkiQAKCRDDTyI5ktmPJBzdC/ 93TEVqr4SSIRWy5TchEsDWwKhsLKtFYqMhSG6dSpNKQO3B5t3C/3IH+jo5pILgk/O6kxryq44A5frZ aAWb2O3/8GSk5+9Nxg+FjAuQOeWnqmNxyWuhJUijYxlXClcGRQEXYyDGE9NpP7g6NO8fjYGemZGmDu +Fn4EtsQe+FAgPvTDFNp8K+9JFLE8IOrPFkvk7W3C+cHsZ6iStR137WjZ5kBkPkESsNCprLpsI4Jua VcAdVg8RT+AFKb401oKSK5ChS19FqXy1LJizZFCflGOAJ77eFOaEf3oPutPO5g6A1aLzKWtn1fh/qm W88Rc7otktEnHv4F4so800WYwbMN8ut1OeVtJ9WbIi/HGKt+EO9TrbSn25xsndNyOuBfb+DG6bb/7U 1Y2FPLKrM+QXqxppdL8ZjFV3MqhL4Y4ZpLupkZly/bbfyazT2DeLVRHttTKei52ailhp0SarciDv9E dOf58sA7mCPo2ROVAQ9fnuVCMsuDGHDqsxNW9zdKRhQ5Y= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220429_061401_832219_738A0CB1 X-CRM114-Status: GOOD ( 14.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org There are a few code sections that are emitted into the kernel's executable .text segment simply because they contain code, but are actually never executed via this mapping, so they can happily live in a region that gets mapped without executable permissions, reducing the risk of being gadgetized. Note that the kexec and hibernate region contents are always copied into a fresh page, and so there is no need to align them as long as the overall size of each is below 4 KiB. Signed-off-by: Ard Biesheuvel --- The EL1 and HYP ID maps could receive a similar treatment, but this requires slightly more work, which I will cover in my boot mapping cleanup series. The HYP text section contains branches covered by jump labels, and moving it out of [_stext.._etext] makes the core jump label code very unhappy so moving that one out is left for a future effort. arch/arm64/kernel/vmlinux.lds.S | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index edaf0faf766f..cf594c6a7b84 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -93,7 +93,6 @@ jiffies = jiffies_64; #ifdef CONFIG_HIBERNATION #define HIBERNATE_TEXT \ - . = ALIGN(SZ_4K); \ __hibernate_exit_text_start = .; \ *(.hibernate_exit.text) \ __hibernate_exit_text_end = .; @@ -103,7 +102,6 @@ jiffies = jiffies_64; #ifdef CONFIG_KEXEC_CORE #define KEXEC_TEXT \ - . = ALIGN(SZ_4K); \ __relocate_new_kernel_start = .; \ *(.kexec_relocate.text) \ __relocate_new_kernel_end = .; @@ -170,9 +168,6 @@ SECTIONS KPROBES_TEXT HYPERVISOR_TEXT IDMAP_TEXT - HIBERNATE_TEXT - KEXEC_TEXT - TRAMP_TEXT *(.gnu.warning) . = ALIGN(16); *(.got) /* Global offset table */ @@ -194,6 +189,13 @@ SECTIONS HYPERVISOR_DATA_SECTIONS + /* code sections that are never executed via the kernel mapping */ + .rodata.text : { + TRAMP_TEXT + HIBERNATE_TEXT + KEXEC_TEXT + } + idmap_pg_dir = .; . += IDMAP_DIR_SIZE; idmap_pg_end = .; @@ -337,8 +339,8 @@ ASSERT(__hyp_idmap_text_end - __hyp_idmap_text_start <= PAGE_SIZE, ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K, "ID map text too big or misaligned") #ifdef CONFIG_HIBERNATION -ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1)) - <= SZ_4K, "Hibernate exit text too big or misaligned") +ASSERT(__hibernate_exit_text_end - __hibernate_exit_text_start <= SZ_4K, + "Hibernate exit text is bigger than 4 KiB") #endif #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) <= 3*PAGE_SIZE, @@ -362,7 +364,7 @@ ASSERT(swapper_pg_dir - tramp_pg_dir == TRAMP_SWAPPER_OFFSET, #ifdef CONFIG_KEXEC_CORE /* kexec relocation code should fit into one KEXEC_CONTROL_PAGE_SIZE */ -ASSERT(__relocate_new_kernel_end - (__relocate_new_kernel_start & ~(SZ_4K - 1)) - <= SZ_4K, "kexec relocation code is too big or misaligned") +ASSERT(__relocate_new_kernel_end - __relocate_new_kernel_start <= SZ_4K, + "kexec relocation code is bigger than 4 KiB") ASSERT(KEXEC_CONTROL_PAGE_SIZE >= SZ_4K, "KEXEC_CONTROL_PAGE_SIZE is broken") #endif From patchwork Fri Apr 29 13:13:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 12832000 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 22D69C433F5 for ; Fri, 29 Apr 2022 13:15:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=U9ARorQ6m9ONnRRq/dkz001q+mLIQOQF98NoWzf1RZs=; b=F4C3nERyAfL9uC sJg9gDBvoWwVS2wN2VIugy9cbI2y1FS39gcrWJivNesMNy9jb83rFfL6FjRnFvST7bsCIZAFs+K57 x0d2uzrQ8bTrBmJT0nVwUyCmZmrYpqhu7NsObV+nJLaWLqMjOyiqVYq+dskNHP2g8ZJ0+hTkKURWD MloSpAoGemkz25R8scXx44Pq+QPsPYTXKcXJgDLsQkElec+rBHBl1pDYSSze6TV2wQ7QlOCEsNECh 7O65k+iyEN7BnUfaYXwei0SNAvuOkEbYLMzC3oqf/Pmygtod9ItE1ev/cpg/GIGVxEcKaOEtpNW6r peXCN5UyC1Ge/1P9teUw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkQRz-00BKLP-Re; Fri, 29 Apr 2022 13:14:23 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nkQRe-00BKIX-AX for linux-arm-kernel@lists.infradead.org; Fri, 29 Apr 2022 13:14:03 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 01AABB83549; Fri, 29 Apr 2022 13:14:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 57E68C385AF; Fri, 29 Apr 2022 13:13:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1651238040; bh=ta4kqeRaLw1HQ1KB+sWtcjfX2do2iJpkhRPxnNE9cRg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XFhs42W5LF9HH5zzYE9UZtwUsU97pWE/YvZrOgDjNEXHexwdXHh7HVy5A/WbIbYgR NQivF6wrPsQ5Uhm4HVKuN6nsdeZSyTs5ee9rBabtvH+RKScA6UqUAT+7oxewKjW1RH jccDzFi1d30rBlxiWvwukeZ6WoVcwr0YlRSg1+qbDiZce9E9dHbQdq+uyl9KvUJ288 UTNFPIiSaX3e9tDmI6fgjKWL9QHETA5OdjbV6/yAKZv9qslZRPOAv/NIfQIHBuD07X 9Ss12/4G9dHZCjYNePhfwm/plkK2eG9OTZyBE5XtZqUM5wjgU4SoW7XyboSU9zA62M YwPNcyAxBgAoA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will@kernel.org, maz@kernel.org, mark.rutland@arm.com, Ard Biesheuvel Subject: [PATCH 2/2] arm64: mm: avoid writable executable mappings in kexec/hibernate code Date: Fri, 29 Apr 2022 15:13:47 +0200 Message-Id: <20220429131347.3621090-3-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220429131347.3621090-1-ardb@kernel.org> References: <20220429131347.3621090-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=972; h=from:subject; bh=ta4kqeRaLw1HQ1KB+sWtcjfX2do2iJpkhRPxnNE9cRg=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBia+SLH7bpNSHP9KCOx+PaHI8WOyz8aXa0avcdXoN/ 52t1QuuJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYmvkiwAKCRDDTyI5ktmPJG/LC/ 4ud/BzYiJ/KhlBIBWF4gWnIoiYIsB3kocfIK2VFOTs0MC1PBHkPn6GfTcuU5Q366BofzCzpIvgEZ8Z FM8HO27evYKm5CPdQdLsMI/mYt5UZUp0QUcfIGbno+i/bTt6Wd+0BcjaAtBHxDBO9CYOvZgbY4kXl3 UIL97mIgwg7gsUXrye9iFsgeye0ebLHwnm4Euy2T4zOiUkw09jIhB7ZdeLZN5m3qnn01LXY7HW+7pw C2CCmnxMbtLiE2pogNsY2jSjY5NgFOGiC4VNG9/OIGMKuHG3sIJYqx5ENwhaZDmB24vnoeCTFPHPbM u19mosRyXhjVKftIHbji4KMmazZDo/Eij+XSw2vVFIA8hEZkkE3zNlsWAtrnQtAj4w1b1Py7klCByy PoGAqKmKJ32pMfET/Y2BeWS3EbCIrnuUn6ZyL45pJkY2QW/UKxRNlaXDIh4lXKvBObfURdV+but4wP 3+3GDOBADmqiMhjRK8NSuBiVkST4uO+Gjyz8ihSX7oN8Q= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220429_061402_549648_3096C6BB X-CRM114-Status: GOOD ( 11.82 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The temporary mappings of the low-level kexec and hibernate helpers are created with both writable and executable attributes, which is not necessary here, and generally best avoided. So use read-only, executable attributes instead. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/trans_pgd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/mm/trans_pgd.c b/arch/arm64/mm/trans_pgd.c index d7da8ca40d2e..4ea2eefbc053 100644 --- a/arch/arm64/mm/trans_pgd.c +++ b/arch/arm64/mm/trans_pgd.c @@ -238,7 +238,7 @@ int trans_pgd_idmap_page(struct trans_pgd_info *info, phys_addr_t *trans_ttbr0, int this_level, index, level_lsb, level_msb; dst_addr &= PAGE_MASK; - prev_level_entry = pte_val(pfn_pte(pfn, PAGE_KERNEL_EXEC)); + prev_level_entry = pte_val(pfn_pte(pfn, PAGE_KERNEL_ROX)); for (this_level = 3; this_level >= 0; this_level--) { levels[this_level] = trans_alloc(info);