Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp183341lqb; Tue, 16 Apr 2024 12:20:26 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUvdXYd6IHNze0IfJXE1ESNQp3E1TbpbugO4VnylJBacinUQq+USodTzBQjCR17g0LH9RMdm97BUzD1amjMm0QyTXgdb1SduMmexA9Xsg== X-Google-Smtp-Source: AGHT+IFqe+Iima1eJqHlAbKhEZi9a/HwnFpzYqjsoaX6HI4+kRjPqQtinsmi9L1lkf+v6OXzR20d X-Received: by 2002:a05:620a:e8f:b0:78d:3acf:c96c with SMTP id w15-20020a05620a0e8f00b0078d3acfc96cmr13687755qkm.58.1713295226170; Tue, 16 Apr 2024 12:20:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713295226; cv=pass; d=google.com; s=arc-20160816; b=n9V3zIb6RTwLhT0oorKAdortgbrxeHwflcNMR5Tt5COFfBx1o7t6vmIeV5drE5lwcS nrfpIamYfOARrnzHJfSslcUvyy9+MASV7VPD/e0vVOJuk1/8KnHb25J/pbQi+tHY/IJZ K4UVHY7It9bvL5OIJZnBDZjcv5YpqcK8iWrsd2qrsSJ9b+gkwW2ofgTkNWEPyaVp+5fH Mh2EaxHHI4Y1irjHpLwKD3dpdW038nTaeij1WUMapA00XfoPASA6nErvrM0yPPk4uQxc D8SP9hChZsgr/FvfFT2wFDhvsSiZP7Qt9lWNVP+wByG2de7pIcWIA3CoXG98QAcvqvbg Z8tg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-id:precedence:date:subject :from:cc:to:references:in-reply-to:message-id:dkim-signature; bh=bxlhcCLLu2nVwVVshKc9HTXBGPT+xoKrYdwmFjIADko=; fh=Az3JOXxalphaE6h76FG6jLDu+rmEm99i4m6L2F6LikE=; b=JWkbmQqGj7ErnmNAc6KkDF6s0pgp4qYdw0lCTHYe6QUsrwgj9xvyb5zfBhWprCDTcd KyRtlj/oJ+9fwQPT4SNhjxTB1Ak0ixr84/jRGC8GH1Gj+JKobH0mRpefg5jMIOevcrcE eJ4R2emonsQ2sRr30XU5V/ov1s3uKfKOnOkjHODrAUkfr2qjLfdM2vlKhSKwT8zLAdz1 BnVo5WnsrkOFdsEvVw0NV58Zh7+jcb42cs3//UC+AefJgZWvxOAIIaS8h5S2TKLF9Jmo 9p60/kUOLrLISlPXBbngsAOiIR+kGgOd5DUVOvwof745cd3eDbDrTHAshgFZcT3pJ3EY oG9A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@motorola.com header.s=DKIM202306 header.b="RP/rT0lu"; arc=pass (i=1 spf=pass spfdomain=motorola.com dkim=pass dkdomain=motorola.com dmarc=pass fromdomain=motorola.com); spf=pass (google.com: domain of linux-kernel+bounces-147464-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-147464-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=motorola.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id v24-20020a05620a091800b0078ee0aef6bdsi6173195qkv.235.2024.04.16.12.20.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 12:20:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-147464-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@motorola.com header.s=DKIM202306 header.b="RP/rT0lu"; arc=pass (i=1 spf=pass spfdomain=motorola.com dkim=pass dkdomain=motorola.com dmarc=pass fromdomain=motorola.com); spf=pass (google.com: domain of linux-kernel+bounces-147464-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-147464-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=motorola.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id DCDC31C22514 for ; Tue, 16 Apr 2024 19:20:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 329D4137C42; Tue, 16 Apr 2024 19:19:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=motorola.com header.i=@motorola.com header.b="RP/rT0lu" Received: from mx0b-00823401.pphosted.com (mx0b-00823401.pphosted.com [148.163.152.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E05A0137C23 for ; Tue, 16 Apr 2024 19:19:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.152.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713295190; cv=none; b=KiJ1q9wmAoDzyGXx3mVaRvWQ8ziHon0cXPoKRogz+jzds8yk1S+3VVMABsu9M6zYP6vUkSjqdvIQVHRwPUDt9ew8OGA8u0lLlu6BPy643qLbKmuJmC/z/S1ZcLm9VQNeI7jBReIPyiEWuF5wUcM+toSef9cOX4+vpxPmqeD8FQc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713295190; c=relaxed/simple; bh=1/QhQq/SNBvhM5Qukg8qId++gk6cla4fzJPkLM7SWYI=; h=Message-Id:In-Reply-To:References:To:Cc:From:Subject:Date; b=opFDhlfEk5kYNkKncZcZmS6PxmImN9GsJvFV8kMH9kxTcXWaKdzst2YHpX7iMrhM0NMaII1KjgfxSbhbrdzsqGNAYgVn36dZHF2nRlWvFAEG/sq+UBjGxGCAln0/NNaZHvkJhyhIrTfNF+FRwRk66agiOjAKyReOru81saJ2xrM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=motorola.com; spf=pass smtp.mailfrom=motorola.com; dkim=pass (2048-bit key) header.d=motorola.com header.i=@motorola.com header.b=RP/rT0lu; arc=none smtp.client-ip=148.163.152.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=motorola.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=motorola.com Received: from pps.filterd (m0355089.ppops.net [127.0.0.1]) by mx0b-00823401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 43GGKltB014625; Tue, 16 Apr 2024 19:19:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=motorola.com; h= message-id:in-reply-to:references:to:cc:from:subject:date; s= DKIM202306; bh=bxlhcCLLu2nVwVVshKc9HTXBGPT+xoKrYdwmFjIADko=; b=R P/rT0luOjR5Tc+kJKMZ7XmGq7XLTVOYOty15m6179Fn2yM62v4KuHW3xu80sOZH6 0uxTedg/kHgnCirjUr67K3jDCBayRawwd5ZrFIKtcgcC1y2Y+eWgN+OSEHJ63HHU OQ0wix/aQOy/wBP/4X9C/9cLB5QbdgcgcbOg5EUO79WIkINVPFg+Fk3Hmi8DS33o WD2ntpRpoZGV0f4tjklC8QLJT6E5eFwHq8qjSjSGtSY1cvRem+UNKbFOYFR1zv1r JChKCLYb1VT7WyBbPCAkhVpy6enF21Sas6lIDBW6FhcjcbCLmXTRNhNDYoObSz+r S5xQvNsAkQK0dLy5oDIjw== Received: from va32lpfpp02.lenovo.com ([104.232.228.22]) by mx0b-00823401.pphosted.com (PPS) with ESMTPS id 3xhctp42v1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 16 Apr 2024 19:19:22 +0000 (GMT) Received: from va32lmmrp02.lenovo.com (va32lmmrp02.mot.com [10.62.176.191]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by va32lpfpp02.lenovo.com (Postfix) with ESMTPS id 4VJv3t0jpxz53xyZ; Tue, 16 Apr 2024 19:19:22 +0000 (UTC) Received: from ilclbld243.mot.com (ilclbld243.mot.com [100.64.22.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: mbland) by va32lmmrp02.lenovo.com (Postfix) with ESMTPSA id 4VJv3t0W4Hz2SlV8; Tue, 16 Apr 2024 19:19:22 +0000 (UTC) Message-Id: <20240416122254.868007168-5-mbland@motorola.com> In-Reply-To: <20240416122254.868007168-1-mbland@motorola.com> References: <20240416122254.868007168-1-mbland@motorola.com> To: linux-arm-kernel@lists.infradead.org Cc: Maxwell Bland , Catalin Marinas , Will Deacon , Ard Biesheuvel , Maxwell Bland , Mark Rutland , Greg Kroah-Hartman , Christoph Hellwig , Christophe Leroy , David Hildenbrand , Conor Dooley , linux-kernel@vger.kernel.org From: Maxwell Bland Subject: [PATCH 4/5 RESEND] arm64: dynamic enforcement of PXNTable Date: Tue, 16 Apr 2024 14:18:18 -0500 X-Proofpoint-GUID: DROmJMmX7G07KTG0qxdXMD6DZ-9Y4P3A X-Proofpoint-ORIG-GUID: DROmJMmX7G07KTG0qxdXMD6DZ-9Y4P3A X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-16_17,2024-04-16_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxscore=0 impostorscore=0 suspectscore=0 phishscore=0 adultscore=0 mlxlogscore=738 clxscore=1015 malwarescore=0 lowpriorityscore=0 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2404010003 definitions=main-2404160122 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: PXNTable is enforced during the init process to ensure that regions of user memory and kernel data cannot be executed from, preventing attacks which write to writable kernel pages and then modify the kernel's page tables to make this code executable. This patch ensures this protection is also preserved for dynamically allocated pages/pagetables, making it so that all PMDs populated outside of the module code region are PXNTable by default. Signed-off-by: Maxwell Bland --- arch/arm64/include/asm/pgalloc.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h index 5785272144e8..2376b4e7915c 100644 --- a/arch/arm64/include/asm/pgalloc.h +++ b/arch/arm64/include/asm/pgalloc.h @@ -12,6 +12,7 @@ #include #include #include +#include #define __HAVE_ARCH_PGD_FREE #define __HAVE_ARCH_PUD_FREE @@ -119,6 +120,12 @@ static inline void __pmd_populate(pmd_t *pmdp, phys_addr_t ptep, set_pmd(pmdp, __pmd(__phys_to_pmd_val(ptep) | prot)); } +static inline bool vaddr_is_data(unsigned long vaddr) +{ + return ((vaddr + PMD_SIZE < MODULES_ASLR_START || vaddr >= MODULES_ASLR_END) && + (vaddr + PMD_SIZE < (unsigned long) _text || vaddr >= (unsigned long) _etext)); +} + /* * Populate the pmdp entry with a pointer to the pte. This pmd is part * of the mm address space. @@ -127,8 +134,11 @@ static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep, unsigned long vaddr) { + pmdval_t pmd = PMD_TYPE_TABLE | PMD_TABLE_UXN; VM_BUG_ON(mm && mm != &init_mm); - __pmd_populate(pmdp, __pa(ptep), PMD_TYPE_TABLE | PMD_TABLE_UXN); + if (vaddr_is_data(vaddr)) + pmd |= PMD_TABLE_PXN; + __pmd_populate(pmdp, __pa(ptep), pmd); } static inline void -- 2.39.2