| Message ID | 20201112064855.99578-1-wangkefeng.wang@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | riscv: Fix W+X mapping warning | expand |
On Wed, Nov 11, 2020 at 10:44 PM Kefeng Wang <wangkefeng.wang@huawei.com> wrote: > > When boot with DEBUG_WX triggers the WX warning, > riscv/mm: Found insecure W+X mapping at address ffffffe000000000/0xffffffe000000000 > WARNING: CPU: 1 PID: 1 at arch/riscv/mm/ptdump.c:236 note_page+0x248/0x25a > ... > Checked W+X mappings: failed, 512 W+X pages found > > The kernel_page_tables shows first 2M(kernel image) is with W attribute, > Use _start instead of text_start in mark_rodata_ro(). > > Before, > 0xffffffe000000000-0xffffffe000200000 0x0000000080200000 2M PMD D A . . X W R V > 0xffffffe000200000-0xffffffe000a00000 0x0000000080400000 8M PMD D A . . X . R V > 0xffffffe000a00000-0xffffffe001000000 0x0000000080c00000 6M PMD D A . . . . R V > 0xffffffe001000000-0xffffffe17fe00000 0x0000000081200000 6126M PMD D A . . . W R V > > After, > 0xffffffe000000000-0xffffffe000a00000 0x0000000080200000 10M PMD D A . . X . R V > 0xffffffe000a00000-0xffffffe001000000 0x0000000080c00000 6M PMD D A . . . . R V > 0xffffffe001000000-0xffffffe17fe00000 0x0000000081200000 6126M PMD D A . . . W R V > This is already fixed by the following series. https://patchwork.kernel.org/project/linux-riscv/list/?series=377843 > Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> > --- > arch/riscv/mm/init.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > index 1d330bde9cf1..d739a46d9fc4 100644 > --- a/arch/riscv/mm/init.c > +++ b/arch/riscv/mm/init.c > @@ -624,13 +624,13 @@ static inline void setup_vm_final(void) > #ifdef CONFIG_STRICT_KERNEL_RWX > void mark_rodata_ro(void) > { > - unsigned long text_start = (unsigned long)_text; > + unsigned long start = (unsigned long)_start; > unsigned long text_end = (unsigned long)_etext; > unsigned long rodata_start = (unsigned long)__start_rodata; > unsigned long data_start = (unsigned long)_data; > unsigned long max_low = (unsigned long)(__va(PFN_PHYS(max_low_pfn))); > > - set_memory_ro(text_start, (text_end - text_start) >> PAGE_SHIFT); > + set_memory_ro(start, (text_end - start) >> PAGE_SHIFT); > set_memory_ro(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT); > set_memory_nx(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT); > set_memory_nx(data_start, (max_low - data_start) >> PAGE_SHIFT); > -- > 2.26.2 > > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
On 2020/11/12 15:10, Atish Patra wrote: > On Wed, Nov 11, 2020 at 10:44 PM Kefeng Wang <wangkefeng.wang@huawei.com> wrote: >> When boot with DEBUG_WX triggers the WX warning, >> riscv/mm: Found insecure W+X mapping at address ffffffe000000000/0xffffffe000000000 >> WARNING: CPU: 1 PID: 1 at arch/riscv/mm/ptdump.c:236 note_page+0x248/0x25a >> ... >> Checked W+X mappings: failed, 512 W+X pages found >> >> The kernel_page_tables shows first 2M(kernel image) is with W attribute, >> Use _start instead of text_start in mark_rodata_ro(). >> >> Before, >> 0xffffffe000000000-0xffffffe000200000 0x0000000080200000 2M PMD D A . . X W R V >> 0xffffffe000200000-0xffffffe000a00000 0x0000000080400000 8M PMD D A . . X . R V >> 0xffffffe000a00000-0xffffffe001000000 0x0000000080c00000 6M PMD D A . . . . R V >> 0xffffffe001000000-0xffffffe17fe00000 0x0000000081200000 6126M PMD D A . . . W R V >> >> After, >> 0xffffffe000000000-0xffffffe000a00000 0x0000000080200000 10M PMD D A . . X . R V >> 0xffffffe000a00000-0xffffffe001000000 0x0000000080c00000 6M PMD D A . . . . R V >> 0xffffffe001000000-0xffffffe17fe00000 0x0000000081200000 6126M PMD D A . . . W R V >> > This is already fixed by the following series. > https://patchwork.kernel.org/project/linux-riscv/list/?series=377843 Got it. >
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 1d330bde9cf1..d739a46d9fc4 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -624,13 +624,13 @@ static inline void setup_vm_final(void) #ifdef CONFIG_STRICT_KERNEL_RWX void mark_rodata_ro(void) { - unsigned long text_start = (unsigned long)_text; + unsigned long start = (unsigned long)_start; unsigned long text_end = (unsigned long)_etext; unsigned long rodata_start = (unsigned long)__start_rodata; unsigned long data_start = (unsigned long)_data; unsigned long max_low = (unsigned long)(__va(PFN_PHYS(max_low_pfn))); - set_memory_ro(text_start, (text_end - text_start) >> PAGE_SHIFT); + set_memory_ro(start, (text_end - start) >> PAGE_SHIFT); set_memory_ro(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT); set_memory_nx(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT); set_memory_nx(data_start, (max_low - data_start) >> PAGE_SHIFT);
When boot with DEBUG_WX triggers the WX warning, riscv/mm: Found insecure W+X mapping at address ffffffe000000000/0xffffffe000000000 WARNING: CPU: 1 PID: 1 at arch/riscv/mm/ptdump.c:236 note_page+0x248/0x25a ... Checked W+X mappings: failed, 512 W+X pages found The kernel_page_tables shows first 2M(kernel image) is with W attribute, Use _start instead of text_start in mark_rodata_ro(). Before, 0xffffffe000000000-0xffffffe000200000 0x0000000080200000 2M PMD D A . . X W R V 0xffffffe000200000-0xffffffe000a00000 0x0000000080400000 8M PMD D A . . X . R V 0xffffffe000a00000-0xffffffe001000000 0x0000000080c00000 6M PMD D A . . . . R V 0xffffffe001000000-0xffffffe17fe00000 0x0000000081200000 6126M PMD D A . . . W R V After, 0xffffffe000000000-0xffffffe000a00000 0x0000000080200000 10M PMD D A . . X . R V 0xffffffe000a00000-0xffffffe001000000 0x0000000080c00000 6M PMD D A . . . . R V 0xffffffe001000000-0xffffffe17fe00000 0x0000000081200000 6126M PMD D A . . . W R V Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> --- arch/riscv/mm/init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)