diff mbox series

riscv: Fix W+X mapping warning

Message ID 20201112064855.99578-1-wangkefeng.wang@huawei.com (mailing list archive)
State New, archived
Headers show
Series riscv: Fix W+X mapping warning | expand

Commit Message

Kefeng Wang Nov. 12, 2020, 6:48 a.m. UTC
When boot with DEBUG_WX triggers the WX warning,
  riscv/mm: Found insecure W+X mapping at address ffffffe000000000/0xffffffe000000000
  WARNING: CPU: 1 PID: 1 at arch/riscv/mm/ptdump.c:236 note_page+0x248/0x25a
  ...
  Checked W+X mappings: failed, 512 W+X pages found

The kernel_page_tables shows first 2M(kernel image) is with W attribute,
Use _start instead of text_start in mark_rodata_ro().

Before,
0xffffffe000000000-0xffffffe000200000    0x0000000080200000         2M PMD     D A . . X W R V
0xffffffe000200000-0xffffffe000a00000    0x0000000080400000         8M PMD     D A . . X . R V
0xffffffe000a00000-0xffffffe001000000    0x0000000080c00000         6M PMD     D A . . . . R V
0xffffffe001000000-0xffffffe17fe00000    0x0000000081200000      6126M PMD     D A . . . W R V

After,
0xffffffe000000000-0xffffffe000a00000    0x0000000080200000        10M PMD     D A . . X . R V
0xffffffe000a00000-0xffffffe001000000    0x0000000080c00000         6M PMD     D A . . . . R V
0xffffffe001000000-0xffffffe17fe00000    0x0000000081200000      6126M PMD     D A . . . W R V

Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
---
 arch/riscv/mm/init.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Atish Patra Nov. 12, 2020, 7:10 a.m. UTC | #1
On Wed, Nov 11, 2020 at 10:44 PM Kefeng Wang <wangkefeng.wang@huawei.com> wrote:
>
> When boot with DEBUG_WX triggers the WX warning,
>   riscv/mm: Found insecure W+X mapping at address ffffffe000000000/0xffffffe000000000
>   WARNING: CPU: 1 PID: 1 at arch/riscv/mm/ptdump.c:236 note_page+0x248/0x25a
>   ...
>   Checked W+X mappings: failed, 512 W+X pages found
>
> The kernel_page_tables shows first 2M(kernel image) is with W attribute,
> Use _start instead of text_start in mark_rodata_ro().
>
> Before,
> 0xffffffe000000000-0xffffffe000200000    0x0000000080200000         2M PMD     D A . . X W R V
> 0xffffffe000200000-0xffffffe000a00000    0x0000000080400000         8M PMD     D A . . X . R V
> 0xffffffe000a00000-0xffffffe001000000    0x0000000080c00000         6M PMD     D A . . . . R V
> 0xffffffe001000000-0xffffffe17fe00000    0x0000000081200000      6126M PMD     D A . . . W R V
>
> After,
> 0xffffffe000000000-0xffffffe000a00000    0x0000000080200000        10M PMD     D A . . X . R V
> 0xffffffe000a00000-0xffffffe001000000    0x0000000080c00000         6M PMD     D A . . . . R V
> 0xffffffe001000000-0xffffffe17fe00000    0x0000000081200000      6126M PMD     D A . . . W R V
>

This is already fixed by the following series.
https://patchwork.kernel.org/project/linux-riscv/list/?series=377843

> Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
> ---
>  arch/riscv/mm/init.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
> index 1d330bde9cf1..d739a46d9fc4 100644
> --- a/arch/riscv/mm/init.c
> +++ b/arch/riscv/mm/init.c
> @@ -624,13 +624,13 @@ static inline void setup_vm_final(void)
>  #ifdef CONFIG_STRICT_KERNEL_RWX
>  void mark_rodata_ro(void)
>  {
> -       unsigned long text_start = (unsigned long)_text;
> +       unsigned long start = (unsigned long)_start;
>         unsigned long text_end = (unsigned long)_etext;
>         unsigned long rodata_start = (unsigned long)__start_rodata;
>         unsigned long data_start = (unsigned long)_data;
>         unsigned long max_low = (unsigned long)(__va(PFN_PHYS(max_low_pfn)));
>
> -       set_memory_ro(text_start, (text_end - text_start) >> PAGE_SHIFT);
> +       set_memory_ro(start, (text_end - start) >> PAGE_SHIFT);
>         set_memory_ro(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
>         set_memory_nx(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
>         set_memory_nx(data_start, (max_low - data_start) >> PAGE_SHIFT);
> --
> 2.26.2
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Kefeng Wang Nov. 12, 2020, 7:29 a.m. UTC | #2
On 2020/11/12 15:10, Atish Patra wrote:
> On Wed, Nov 11, 2020 at 10:44 PM Kefeng Wang <wangkefeng.wang@huawei.com> wrote:
>> When boot with DEBUG_WX triggers the WX warning,
>>    riscv/mm: Found insecure W+X mapping at address ffffffe000000000/0xffffffe000000000
>>    WARNING: CPU: 1 PID: 1 at arch/riscv/mm/ptdump.c:236 note_page+0x248/0x25a
>>    ...
>>    Checked W+X mappings: failed, 512 W+X pages found
>>
>> The kernel_page_tables shows first 2M(kernel image) is with W attribute,
>> Use _start instead of text_start in mark_rodata_ro().
>>
>> Before,
>> 0xffffffe000000000-0xffffffe000200000    0x0000000080200000         2M PMD     D A . . X W R V
>> 0xffffffe000200000-0xffffffe000a00000    0x0000000080400000         8M PMD     D A . . X . R V
>> 0xffffffe000a00000-0xffffffe001000000    0x0000000080c00000         6M PMD     D A . . . . R V
>> 0xffffffe001000000-0xffffffe17fe00000    0x0000000081200000      6126M PMD     D A . . . W R V
>>
>> After,
>> 0xffffffe000000000-0xffffffe000a00000    0x0000000080200000        10M PMD     D A . . X . R V
>> 0xffffffe000a00000-0xffffffe001000000    0x0000000080c00000         6M PMD     D A . . . . R V
>> 0xffffffe001000000-0xffffffe17fe00000    0x0000000081200000      6126M PMD     D A . . . W R V
>>
> This is already fixed by the following series.
> https://patchwork.kernel.org/project/linux-riscv/list/?series=377843

Got it.

>
diff mbox series

Patch

diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
index 1d330bde9cf1..d739a46d9fc4 100644
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -624,13 +624,13 @@  static inline void setup_vm_final(void)
 #ifdef CONFIG_STRICT_KERNEL_RWX
 void mark_rodata_ro(void)
 {
-	unsigned long text_start = (unsigned long)_text;
+	unsigned long start = (unsigned long)_start;
 	unsigned long text_end = (unsigned long)_etext;
 	unsigned long rodata_start = (unsigned long)__start_rodata;
 	unsigned long data_start = (unsigned long)_data;
 	unsigned long max_low = (unsigned long)(__va(PFN_PHYS(max_low_pfn)));
 
-	set_memory_ro(text_start, (text_end - text_start) >> PAGE_SHIFT);
+	set_memory_ro(start, (text_end - start) >> PAGE_SHIFT);
 	set_memory_ro(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
 	set_memory_nx(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
 	set_memory_nx(data_start, (max_low - data_start) >> PAGE_SHIFT);