Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3343482rwb; Sat, 12 Nov 2022 04:07:08 -0800 (PST) X-Google-Smtp-Source: AA0mqf4DdzNHfKaNKAA1HYu8XhPIw7HZybj/u5tFOwwIiB44lpbO/47hXptjD5b9LV2klOWalVce X-Received: by 2002:a17:90a:a67:b0:200:8f06:e9cc with SMTP id o94-20020a17090a0a6700b002008f06e9ccmr6387989pjo.7.1668254828154; Sat, 12 Nov 2022 04:07:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668254828; cv=none; d=google.com; s=arc-20160816; b=diGzz+QbMatV6IHVxH4eAHJ9cHo3i6gJ8WdA5Kduv2cGtO57fM7cM0WGy1hXgLrBBG vj1GSZEayRl/5kIGCW+9HnNMvODVkS31j4drd9BlqaFMVcRcg/PGKw1EgFpzFykDpF5L lFm/H/kSh0qf+bpDSnM6AoyjBbH/cmsnXlQ6HgDFy+mGGxrb17sQUcLNqYFqUAWUb5h9 TNPZZHgx3vrBzwfJIzuaG9ibfi1r58dqzGigJNo4emiuIae3vspnKjvSayKBIoqbfpC4 LjCgw74jq22/D3GdoRb18Wy8OSohvIbQYvpAeJO6orUBgVFSQooiwDdLAYbZPYpok0Yc 2L1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=QCajda438QlrEmvQBYVOU6UY9u9rY7Rlzg+PNgbSkFk=; b=wThU3vh7tJ52ZJaZxjyuB2hunDq5UabmyUFxRRWWnkUHxjVTJz/nWTbPii/SLvx0pk 65cxaElGKkUN7SXMLMfiVDVyacfY4ssp3sXtixKMLIOT8RPOK5BMskcc0kuzAzU6UFs8 nXQzy5H4SNiFN0Mk/dNCkX9bry6XQ65+8Um59Pn2JFR3OTtROki+KmmUunSs0OEsZLNK FzZLfrAc7wxzMhe9PN4S78vuuBLOqs0A3A/+47hEsv86Cr0t6EY8QGc9WwAstyBXcgrE IOc29X0S4pgIjpWPJXElqNNNc2i9hBcWmL8gxtkbdBJi0H1nqfbGRlV2pMm7GE9oFnIn waZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SjXafSr5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f7-20020a631f07000000b0046f729604ffsi4977904pgf.172.2022.11.12.04.06.55; Sat, 12 Nov 2022 04:07:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SjXafSr5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234825AbiKLLgZ (ORCPT + 90 others); Sat, 12 Nov 2022 06:36:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230383AbiKLLgX (ORCPT ); Sat, 12 Nov 2022 06:36:23 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC867D2EF for ; Sat, 12 Nov 2022 03:36:21 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 90788B80833 for ; Sat, 12 Nov 2022 11:36:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A6B5DC433D6; Sat, 12 Nov 2022 11:36:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668252979; bh=hDVkWMmXvy2usab42Pc4A58JK6SsyDaWks6I8QgP8bk=; h=From:To:Cc:Subject:Date:From; b=SjXafSr5zGyfTqqO0sFinbDUJUaU5S/UA2HoFSWvFS5lMOl+CUuzlfdh9RcQaFQNy pnNseQmagf4UeJB/kNtF0bHhmJbvvFMEh4LXdiRN5rOJ7UchYwfZHGhlgYcfXMGPoW w1J4SMKXVuV7bWpegZPcFmyz1KkzM2ciLMNAZQCsnK6dQwN2Kx1pD1uRQwi+3YSf68 v7KSJT9/V8E7HXuAHMZ45SjsL3YkRG6PcdzYEriMdI5JhTVr0kKWa+raZqQr/oV7T7 VuyCJIamdjNv+GPCZmSHQTvbfwpvJZHJ8qeehk03cGxrMkKI14Qpj3AOzu97LWUIIs 3gvvZETRV/IXA== From: =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= To: Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-riscv@lists.infradead.org, Alexandre Ghiti Cc: =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , linux-kernel@vger.kernel.org Subject: [PATCH] riscv: mm: Proper page permissions after initmem free Date: Sat, 12 Nov 2022 12:35:43 +0100 Message-Id: <20221112113543.3165646-1-bjorn@kernel.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Björn Töpel 64-bit RISC-V kernels have the kernel image mapped separately, and in addition to the linear map. When the kernel is loaded, the linear map of kernel image is set to PAGE_READ permission, and the kernel map is set to PAGE_READ and PAGE_EXEC. When the initmem is freed, the corresponding pages in the linear map should be restored to PAGE_READ and PAGE_WRITE. The corresponding pages in the kernel map should also be restored to PAGE_READ and PAGE_WRITE, by removing the PAGE_EXEC permission, and adding PAGE_WRITE. This is not the case. For 64-bit kernels, only the linear map is restored to its proper page permissions at initmem free, and not the kernelmap. In practise this results in that the kernel can potentially jump to dead __init code, and start executing invalid 0xcc instructions, without getting an exception. Restore the freed initmem properly, by setting both the alias (kernel map) and the linear map to the correct permissions. Fixes: e5c35fa04019 ("riscv: Map the kernel with correct permissions the first time") Signed-off-by: Björn Töpel --- arch/riscv/kernel/setup.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index ad76bb59b059..361e635070fe 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -321,10 +321,12 @@ subsys_initcall(topology_init); void free_initmem(void) { - if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) - set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), - IS_ENABLED(CONFIG_64BIT) ? - set_memory_rw : set_memory_rw_nx); + if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) { + if (IS_ENABLED(CONFIG_64BIT)) + set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), + set_memory_rw); + set_kernel_memory(__init_begin, __init_end, set_memory_rw_nx); + } free_initmem_default(POISON_FREE_INITMEM); } base-commit: 442bcbfd2c5401587b983e34bed0b407214735c3 -- 2.37.2