Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp303176rdd; Tue, 9 Jan 2024 04:55:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IGc3SThL+gEpKQa1TXopQZeSi7talaQ6Hy7A4UL3k5hH4gHjl60zTFKfjmGxv5aJB+XT+Tm X-Received: by 2002:a50:bb2f:0:b0:557:38dc:3052 with SMTP id y44-20020a50bb2f000000b0055738dc3052mr2145060ede.164.1704804911847; Tue, 09 Jan 2024 04:55:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704804911; cv=none; d=google.com; s=arc-20160816; b=hEP5NHEnkLqebH1yIVqnWifiMOmrdI6PiF7irPYe/Ndz8A+GglAHreVAuyTyTwGqnx iLv2BVe0jg07P+yCsN5bLcBRUXjLDwG1TSO57JBCMbfYJ8T+b7LqrrRrCt9abnEb9kfT stOJSlGeGEMyMHq02wSqSwUccWJEl7/BszDbkuiMdsakSVD/5gdXcMaBL6GGgoRlWWtb ufcgeDkbGOl4vlVIZ0WZ3E9h9oWET8bVv4ghFHs5ACxndaufEhQzIFHX3M8Psey5oBp5 TJ0D9/ffIffwCAvBeo7nmYkrEe+Vp+nVmou//Ojy0sng4P4jPVHGnnJrEGoUZqly+rrE urfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=GwuCjaYINzyhfhSLKZ0z6S3VirK3zPRNihSiFHIC/sc=; fh=4xUtkHKnwYh+sXekUYTWxnHF1j5PwFy/Mti0OJPztgY=; b=dRjJK7Qiy2QHrrzoIosyp0dJGZxPbqS8vgKkcMehcJi5Sly2AefYs1toc6TR7hEQKF gNwBTC9f9NkevsaeS3g3S3TG7gii0LIM1Xj6Nl+iBVkWaLcWjxrTGqEMRig4vuUxCvmx SEwk8cH7bojX5v0LJ6UKL/elZgaNya8mOnybiQUr2Kd8A2OeYp423t/siQ/5CBgsuOQD 0VG7iXeXmeRdPbrIjeBEASPOUIAFzHll3lpdhgYA1fnhwEBRiIudrOf5SHTB+ecHuqKC oBztQbv6WF0JVeqnNJYBiKGQ0kQk8J1OOfwNSbw3/IrtOoYejAmdCK0I+9fJuo8jJqx3 3vfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-20857-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20857-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id q25-20020a50cc99000000b005572213b5dbsi717817edi.628.2024.01.09.04.55.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 04:55:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20857-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-20857-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20857-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 6CD2C1F2512A for ; Tue, 9 Jan 2024 12:55:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3305E38F9B; Tue, 9 Jan 2024 12:54:52 +0000 (UTC) Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E5B438DDF; Tue, 9 Jan 2024 12:54:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ghiti.fr Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ghiti.fr Received: by mail.gandi.net (Postfix) with ESMTPSA id 019D5FF813; Tue, 9 Jan 2024 12:54:38 +0000 (UTC) Message-ID: <955d3fda-fe94-44c1-8479-d1b46e2f1140@ghiti.fr> Date: Tue, 9 Jan 2024 13:54:38 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 2/4] arm64, powerpc, riscv, s390, x86: Refactor CONFIG_DEBUG_WX Content-Language: en-US To: Christophe Leroy , linux-hardening@vger.kernel.org, Russell King , Catalin Marinas , Will Deacon , Michael Ellerman , Nicholas Piggin , "Aneesh Kumar K.V" , "Naveen N. Rao" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Gerald Schaefer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Andrew Morton , Kees Cook Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-mm@kvack.org, steven.price@arm.com, Phong Tran , mark.rutland@arm.com, Greg KH References: From: Alexandre Ghiti In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-GND-Sasl: alex@ghiti.fr Hi Christophe, On 09/01/2024 13:14, Christophe Leroy wrote: > All architectures using the core ptdump functionality also implement > CONFIG_DEBUG_WX, and they all do it more or less the same way, with a > function called debug_checkwx() that is called by mark_rodata_ro(), > which is a substitute to ptdump_check_wx() when CONFIG_DEBUG_WX is > set and a no-op otherwise. > > Refactor by centraly defining debug_checkwx() in linux/ptdump.h and > call debug_checkwx() immediately after calling mark_rodata_ro() > instead of calling it at the end of every mark_rodata_ro(). > > On x86_32, mark_rodata_ro() first checks __supported_pte_mask has > _PAGE_NX before calling debug_checkwx(). Now the check is inside the > callee ptdump_walk_pgd_level_checkwx(). > > On powerpc_64, mark_rodata_ro() bails out early before calling > ptdump_check_wx() when the MMU doesn't have KERNEL_RO feature. The > check is now also done in ptdump_check_wx() as it is called outside > mark_rodata_ro(). > > Signed-off-by: Christophe Leroy > --- > arch/arm64/include/asm/ptdump.h | 7 ------- > arch/arm64/mm/mmu.c | 2 -- > arch/powerpc/mm/mmu_decl.h | 6 ------ > arch/powerpc/mm/pgtable_32.c | 4 ---- > arch/powerpc/mm/pgtable_64.c | 3 --- > arch/powerpc/mm/ptdump/ptdump.c | 3 +++ > arch/riscv/include/asm/ptdump.h | 22 ---------------------- > arch/riscv/mm/init.c | 3 --- > arch/riscv/mm/ptdump.c | 1 - > arch/s390/include/asm/ptdump.h | 14 -------------- > arch/s390/mm/dump_pagetables.c | 1 - > arch/s390/mm/init.c | 2 -- > arch/x86/include/asm/pgtable.h | 3 +-- > arch/x86/mm/dump_pagetables.c | 3 +++ > arch/x86/mm/init_32.c | 2 -- > arch/x86/mm/init_64.c | 2 -- > include/linux/ptdump.h | 7 +++++++ > init/main.c | 2 ++ > 18 files changed, 16 insertions(+), 71 deletions(-) > delete mode 100644 arch/riscv/include/asm/ptdump.h > delete mode 100644 arch/s390/include/asm/ptdump.h > > diff --git a/arch/arm64/include/asm/ptdump.h b/arch/arm64/include/asm/ptdump.h > index 581caac525b0..5b1701c76d1c 100644 > --- a/arch/arm64/include/asm/ptdump.h > +++ b/arch/arm64/include/asm/ptdump.h > @@ -29,13 +29,6 @@ void __init ptdump_debugfs_register(struct ptdump_info *info, const char *name); > static inline void ptdump_debugfs_register(struct ptdump_info *info, > const char *name) { } > #endif > -void ptdump_check_wx(void); > #endif /* CONFIG_PTDUMP_CORE */ > > -#ifdef CONFIG_DEBUG_WX > -#define debug_checkwx() ptdump_check_wx() > -#else > -#define debug_checkwx() do { } while (0) > -#endif > - > #endif /* __ASM_PTDUMP_H */ > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c > index 15f6347d23b6..e011beb2e5e3 100644 > --- a/arch/arm64/mm/mmu.c > +++ b/arch/arm64/mm/mmu.c > @@ -635,8 +635,6 @@ void mark_rodata_ro(void) > section_size = (unsigned long)__init_begin - (unsigned long)__start_rodata; > update_mapping_prot(__pa_symbol(__start_rodata), (unsigned long)__start_rodata, > section_size, PAGE_KERNEL_RO); > - > - debug_checkwx(); > } > > static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end, > diff --git a/arch/powerpc/mm/mmu_decl.h b/arch/powerpc/mm/mmu_decl.h > index 72341b9fb552..90dcc2844056 100644 > --- a/arch/powerpc/mm/mmu_decl.h > +++ b/arch/powerpc/mm/mmu_decl.h > @@ -171,12 +171,6 @@ static inline void mmu_mark_rodata_ro(void) { } > void __init mmu_mapin_immr(void); > #endif > > -#ifdef CONFIG_DEBUG_WX > -void ptdump_check_wx(void); > -#else > -static inline void ptdump_check_wx(void) { } > -#endif > - > static inline bool debug_pagealloc_enabled_or_kfence(void) > { > return IS_ENABLED(CONFIG_KFENCE) || debug_pagealloc_enabled(); > diff --git a/arch/powerpc/mm/pgtable_32.c b/arch/powerpc/mm/pgtable_32.c > index 5c02fd08d61e..12498017da8e 100644 > --- a/arch/powerpc/mm/pgtable_32.c > +++ b/arch/powerpc/mm/pgtable_32.c > @@ -153,7 +153,6 @@ void mark_rodata_ro(void) > > if (v_block_mapped((unsigned long)_stext + 1)) { > mmu_mark_rodata_ro(); > - ptdump_check_wx(); > return; > } > > @@ -166,9 +165,6 @@ void mark_rodata_ro(void) > PFN_DOWN((unsigned long)_stext); > > set_memory_ro((unsigned long)_stext, numpages); > - > - // mark_initmem_nx() should have already run by now > - ptdump_check_wx(); > } > #endif > > diff --git a/arch/powerpc/mm/pgtable_64.c b/arch/powerpc/mm/pgtable_64.c > index 5ac1fd30341b..1b366526f4f2 100644 > --- a/arch/powerpc/mm/pgtable_64.c > +++ b/arch/powerpc/mm/pgtable_64.c > @@ -150,9 +150,6 @@ void mark_rodata_ro(void) > radix__mark_rodata_ro(); > else > hash__mark_rodata_ro(); > - > - // mark_initmem_nx() should have already run by now > - ptdump_check_wx(); > } > > void mark_initmem_nx(void) > diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptdump.c > index 2313053fe679..620d4917ebe8 100644 > --- a/arch/powerpc/mm/ptdump/ptdump.c > +++ b/arch/powerpc/mm/ptdump/ptdump.c > @@ -343,6 +343,9 @@ void ptdump_check_wx(void) > } > }; > > + if (IS_ENABLED(CONFIG_PPC_BOOK3S_64) && !mmu_has_feature(MMU_FTR_KERNEL_RO)) > + return; > + > ptdump_walk_pgd(&st.ptdump, &init_mm, NULL); > > if (st.wx_pages) > diff --git a/arch/riscv/include/asm/ptdump.h b/arch/riscv/include/asm/ptdump.h > deleted file mode 100644 > index 3c9ea6dd5af7..000000000000 > --- a/arch/riscv/include/asm/ptdump.h > +++ /dev/null > @@ -1,22 +0,0 @@ > -/* SPDX-License-Identifier: GPL-2.0 */ > -/* > - * Copyright (C) 2019 SiFive > - */ > - > -#ifndef _ASM_RISCV_PTDUMP_H > -#define _ASM_RISCV_PTDUMP_H > - > -void ptdump_check_wx(void); > - > -#ifdef CONFIG_DEBUG_WX > -static inline void debug_checkwx(void) > -{ > - ptdump_check_wx(); > -} > -#else > -static inline void debug_checkwx(void) > -{ > -} > -#endif > - > -#endif /* _ASM_RISCV_PTDUMP_H */ > diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > index 2e011cbddf3a..55c4deb1b332 100644 > --- a/arch/riscv/mm/init.c > +++ b/arch/riscv/mm/init.c > @@ -29,7 +29,6 @@ > #include > #include > #include > -#include > #include > #include > #include > @@ -720,8 +719,6 @@ void mark_rodata_ro(void) > if (IS_ENABLED(CONFIG_64BIT)) > set_kernel_memory(lm_alias(__start_rodata), lm_alias(_data), > set_memory_ro); > - > - debug_checkwx(); > } > #else > static __init pgprot_t pgprot_from_va(uintptr_t va) > diff --git a/arch/riscv/mm/ptdump.c b/arch/riscv/mm/ptdump.c > index 657c27bc07a7..075265603313 100644 > --- a/arch/riscv/mm/ptdump.c > +++ b/arch/riscv/mm/ptdump.c > @@ -9,7 +9,6 @@ > #include > #include > > -#include > #include > #include > For riscv, you can add: Reviewed-by: Alexandre Ghiti Thanks, Alex > diff --git a/arch/s390/include/asm/ptdump.h b/arch/s390/include/asm/ptdump.h > deleted file mode 100644 > index f960b2896606..000000000000 > --- a/arch/s390/include/asm/ptdump.h > +++ /dev/null > @@ -1,14 +0,0 @@ > -/* SPDX-License-Identifier: GPL-2.0 */ > - > -#ifndef _ASM_S390_PTDUMP_H > -#define _ASM_S390_PTDUMP_H > - > -void ptdump_check_wx(void); > - > -static inline void debug_checkwx(void) > -{ > - if (IS_ENABLED(CONFIG_DEBUG_WX)) > - ptdump_check_wx(); > -} > - > -#endif /* _ASM_S390_PTDUMP_H */ > diff --git a/arch/s390/mm/dump_pagetables.c b/arch/s390/mm/dump_pagetables.c > index d37a8f607b71..8dcb4e0c71bd 100644 > --- a/arch/s390/mm/dump_pagetables.c > +++ b/arch/s390/mm/dump_pagetables.c > @@ -6,7 +6,6 @@ > #include > #include > #include > -#include > #include > #include > #include > diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c > index 43e612bc2bcd..d2e5eff9d1de 100644 > --- a/arch/s390/mm/init.c > +++ b/arch/s390/mm/init.c > @@ -37,7 +37,6 @@ > #include > #include > #include > -#include > #include > #include > #include > @@ -109,7 +108,6 @@ void mark_rodata_ro(void) > > __set_memory_ro(__start_ro_after_init, __end_ro_after_init); > pr_info("Write protected read-only-after-init data: %luk\n", size >> 10); > - debug_checkwx(); > } > > int set_memory_encrypted(unsigned long vaddr, int numpages) > diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h > index 57bab91bbf50..036ce63f3b95 100644 > --- a/arch/x86/include/asm/pgtable.h > +++ b/arch/x86/include/asm/pgtable.h > @@ -32,6 +32,7 @@ void ptdump_walk_pgd_level(struct seq_file *m, struct mm_struct *mm); > void ptdump_walk_pgd_level_debugfs(struct seq_file *m, struct mm_struct *mm, > bool user); > void ptdump_walk_pgd_level_checkwx(void); > +#define ptdump_check_wx() ptdump_walk_pgd_level_checkwx() > void ptdump_walk_user_pgd_level_checkwx(void); > > /* > @@ -41,10 +42,8 @@ void ptdump_walk_user_pgd_level_checkwx(void); > #define pgprot_decrypted(prot) __pgprot(cc_mkdec(pgprot_val(prot))) > > #ifdef CONFIG_DEBUG_WX > -#define debug_checkwx() ptdump_walk_pgd_level_checkwx() > #define debug_checkwx_user() ptdump_walk_user_pgd_level_checkwx() > #else > -#define debug_checkwx() do { } while (0) > #define debug_checkwx_user() do { } while (0) > #endif > > diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c > index e1b599ecbbc2..0008524eebe9 100644 > --- a/arch/x86/mm/dump_pagetables.c > +++ b/arch/x86/mm/dump_pagetables.c > @@ -433,6 +433,9 @@ void ptdump_walk_user_pgd_level_checkwx(void) > > void ptdump_walk_pgd_level_checkwx(void) > { > + if (!(__supported_pte_mask & _PAGE_NX)) > + return; > + > ptdump_walk_pgd_level_core(NULL, &init_mm, INIT_PGD, true, false); > } > > diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c > index b63403d7179d..5c736b707cae 100644 > --- a/arch/x86/mm/init_32.c > +++ b/arch/x86/mm/init_32.c > @@ -800,6 +800,4 @@ void mark_rodata_ro(void) > set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); > #endif > mark_nxdata_nx(); > - if (__supported_pte_mask & _PAGE_NX) > - debug_checkwx(); > } > diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c > index a190aae8ceaf..16e248769338 100644 > --- a/arch/x86/mm/init_64.c > +++ b/arch/x86/mm/init_64.c > @@ -1412,8 +1412,6 @@ void mark_rodata_ro(void) > (void *)text_end, (void *)rodata_start); > free_kernel_image_pages("unused kernel image (rodata/data gap)", > (void *)rodata_end, (void *)_sdata); > - > - debug_checkwx(); > } > > /* > diff --git a/include/linux/ptdump.h b/include/linux/ptdump.h > index 2a3a95586425..c10513739bf9 100644 > --- a/include/linux/ptdump.h > +++ b/include/linux/ptdump.h > @@ -19,5 +19,12 @@ struct ptdump_state { > }; > > void ptdump_walk_pgd(struct ptdump_state *st, struct mm_struct *mm, pgd_t *pgd); > +void ptdump_check_wx(void); > + > +static inline void debug_checkwx(void) > +{ > + if (IS_ENABLED(CONFIG_DEBUG_WX)) > + ptdump_check_wx(); > +} > > #endif /* _LINUX_PTDUMP_H */ > diff --git a/init/main.c b/init/main.c > index e24b0780fdff..749a9f8d2c9b 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -99,6 +99,7 @@ > #include > #include > #include > +#include > #include > > #include > @@ -1408,6 +1409,7 @@ static void mark_readonly(void) > */ > rcu_barrier(); > mark_rodata_ro(); > + debug_checkwx(); > rodata_test(); > } else > pr_info("Kernel memory protection disabled.\n");