Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp248137imm;
        Thu, 16 Aug 2018 19:44:16 -0700 (PDT)
X-Google-Smtp-Source: AA+uWPzQJJ9I9hnJ0dNM6k0N/2stjq12sYcBDKA+6Yi6GCDaraO9eUeev+cQH04bCkozqZtYpo7s
X-Received: by 2002:a17:902:b112:: with SMTP id q18-v6mr31139043plr.284.1534473856095;
        Thu, 16 Aug 2018 19:44:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1534473856; cv=none;
        d=google.com; s=arc-20160816;
        b=fzXmvoSBpxH7km1XBPZRsD4oDhGBUu5SuEPfpEWr5YAgQ7C1OCMJrJb9sdaF/CMjPx
         Rar7BgHfSdtCT/ovL6iAEexag7POuJANOAXQ/IggGBPpDa32Ti9LOclThTzwIbf2oHdW
         1PnRCtJmgYu2mqx/aOUFz9ueDqPW8Wv96oBvHHD7ieHc0XkYdpaOUvUpCW+8gFqls8qp
         8gYrsmOoFKQpNb9p1VyKfgjU7+F+zEEOi8AGt5V56FxIqrhN8Y6LUQKY1VkTnM7j8jLu
         hOSqbH8d/C8tm3pse6fj0KuG/RBFfqjiPqQ0XNIsxSR9mv7XRf31BQc9dcj1p2R4zesA
         sWfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :arc-authentication-results;
        bh=q3Ehl4jzx2+vk3zmJK5QK5N5T+sOxWQInLp7MkNUGwY=;
        b=Vt/fyXVq4a11JAkXEBFbdTKjHwXkYXClvtN49EB55AjylLlbAWsSxnwNRHgs88xVGs
         hnhYX3YdqUVcONQ08chgrOwUnQjjiKxeRSZISIAZoYWXHuFfT9QdrTixUfXb66rnI2Aj
         Hbtc4NuQX0gujVG2Z7ONQ7qRgs2xj+vEO0FIvNe0CDtrdaUbJDlc7SWi0pWSjum1mKJF
         EIYj0YJ3KBju6UhI7gMAWa2HfHga0M9mWz3V5KwqN5OU4rYYozc6Qv3f9zupBXbBuY7b
         wQGwLTClJaZ5s6WmUwBA698AfK+jh9VgSZnTWvo+OiOFzbrtsOB1W9ffl9aQD60lgG3E
         4zAw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c2-v6si965775pge.124.2018.08.16.19.43.59;
        Thu, 16 Aug 2018 19:44:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726281AbeHQFo1 (ORCPT <rfc822;zcyberian@gmail.com> + 99 others);
        Fri, 17 Aug 2018 01:44:27 -0400
Received: from belmont79srvr.owm.bell.net ([184.150.200.79]:40896 "EHLO
        mtlfep01.bell.net" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1725833AbeHQFo1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Aug 2018 01:44:27 -0400
Received: from bell.net mtlfep01 184.150.200.30 by mtlfep01.bell.net
          with ESMTP
          id <20180817024253.UDH10498.mtlfep01.bell.net@mtlspm01.bell.net>
          for <linux-kernel@vger.kernel.org>;
          Thu, 16 Aug 2018 22:42:53 -0400
Received: from arcusix ([70.55.50.38]) by mtlspm01.bell.net with ESMTP
          id <20180817024253.KFNI28394.mtlspm01.bell.net@arcusix>;
          Thu, 16 Aug 2018 22:42:53 -0400
Message-ID: <a5d99f4f367cfa553471e4cad1d0c80e52ac0a9f.camel@sympatico.ca>
Subject: Re: [PATCH] x86/mm/pti: Move user W+X check into pti_finalize()
From:   "David H. Gutteridge" <dhgutteridge@sympatico.ca>
To:     Joerg Roedel <joro@8bytes.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>,
        "H . Peter Anvin" <hpa@zytor.com>
Cc:     x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Juergen Gross <jgross@suse.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Borislav Petkov <bp@alien8.de>, Jiri Kosina <jkosina@suse.cz>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Brian Gerst <brgerst@gmail.com>,
        David Laight <David.Laight@aculab.com>,
        Denys Vlasenko <dvlasenk@redhat.com>,
        Eduardo Valentin <eduval@amazon.com>,
        Greg KH <gregkh@linuxfoundation.org>,
        Will Deacon <will.deacon@arm.com>, aliguori@amazon.com,
        daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com,
        Andrea Arcangeli <aarcange@redhat.com>,
        Waiman Long <llong@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        jroedel@suse.de
Date:   Thu, 16 Aug 2018 22:42:48 -0400
In-Reply-To: <1533727000-9172-1-git-send-email-joro@8bytes.org>
References: <1533727000-9172-1-git-send-email-joro@8bytes.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.5 (3.28.5-1.fc28) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Cloudmark-Analysis: v=2.2 cv=IaFoYSia c=1 sm=0 tr=0 a=e5NqWeyudnn36+hvbsSv9g==:17 a=IkcTkHD0fZMA:10 a=dapMudl6Dx4A:10 a=k_m-kdumAAAA:8 a=_Z2vyQx0aRbNF4byCkgA:9 a=QEXdDO2ut3YA:10 a=2aFmp3DG3lfw9CblUY6y:22
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2018-08-08 at 13:16 +0200, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
> 
> The user page-table gets the updated kernel mappings in
> pti_finalize(), which runs after the RO+X permissions got
> applied to the kernel page-table in mark_readonly().
> 
> But with CONFIG_DEBUG_WX enabled, the user page-table is
> already checked in mark_readonly() for insecure mappings.
> This causes false-positive warnings, because the user
> page-table did not get the updated mappings yet.
> 
> Move the W+X check for the user page-table into
> pti_finalize() after it updated all required mappings.
> 
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
>  arch/x86/include/asm/pgtable.h | 7 +++++--
>  arch/x86/mm/dump_pagetables.c  | 3 +--
>  arch/x86/mm/pti.c              | 2 ++
>  3 files changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/x86/include/asm/pgtable.h
> b/arch/x86/include/asm/pgtable.h
> index e39088cb..a1cb333 100644
> --- a/arch/x86/include/asm/pgtable.h
> +++ b/arch/x86/include/asm/pgtable.h
> @@ -30,11 +30,14 @@ int __init __early_make_pgtable(unsigned long
> address, pmdval_t pmd);
>  void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
>  void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd,
> bool user);
>  void ptdump_walk_pgd_level_checkwx(void);
> +void ptdump_walk_user_pgd_level_checkwx(void);
>  
>  #ifdef CONFIG_DEBUG_WX
> -#define debug_checkwx() ptdump_walk_pgd_level_checkwx()
> +#define debug_checkwx()		ptdump_walk_pgd_level_checkwx()
> +#define debug_checkwx_user()	ptdump_walk_user_pgd_level_checkwx()
>  #else
> -#define debug_checkwx() do { } while (0)
> +#define debug_checkwx()		do { } while (0)
> +#define debug_checkwx_user()	do { } while (0)
>  #endif
>  
>  /*
> diff --git a/arch/x86/mm/dump_pagetables.c
> b/arch/x86/mm/dump_pagetables.c
> index ccd92c4..b8ab901 100644
> --- a/arch/x86/mm/dump_pagetables.c
> +++ b/arch/x86/mm/dump_pagetables.c
> @@ -569,7 +569,7 @@ void ptdump_walk_pgd_level_debugfs(struct seq_file
> *m, pgd_t *pgd, bool user)
>  }
>  EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs);
>  
> -static void ptdump_walk_user_pgd_level_checkwx(void)
> +void ptdump_walk_user_pgd_level_checkwx(void)
>  {
>  #ifdef CONFIG_PAGE_TABLE_ISOLATION
>  	pgd_t *pgd = INIT_PGD;
> @@ -586,7 +586,6 @@ static void
> ptdump_walk_user_pgd_level_checkwx(void)
>  void ptdump_walk_pgd_level_checkwx(void)
>  {
>  	ptdump_walk_pgd_level_core(NULL, NULL, true, false);
> -	ptdump_walk_user_pgd_level_checkwx();
>  }
>  
>  static int __init pt_dump_init(void)
> diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
> index 69a9d60..026a89a 100644
> --- a/arch/x86/mm/pti.c
> +++ b/arch/x86/mm/pti.c
> @@ -628,4 +628,6 @@ void pti_finalize(void)
>  	 */
>  	pti_clone_entry_text();
>  	pti_clone_kernel_text();
> +
> +	debug_checkwx_user();
>  }

I've tested this in a VM and on an Atom laptop, as usual. No
regressions noted.

(The version I tested was the latter pulled into tip:
[ tglx: Folded !NX supported fix ])

Tested-by: David H. Gutteridge <dhgutteridge@sympatico.ca>

Regards,

Dave