From patchwork Tue Jul 19 23:49:09 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Collingbourne <pcc@google.com>
X-Patchwork-Id: 12923182
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 0E976C43334
	for <linux-arm-kernel@archiver.kernel.org>;
 Tue, 19 Jul 2022 23:50:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version:
	Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=Ruem6goTt+FySkj19ZUQAcqQTeOYthGnB2DD0gRh1F0=; b=ywv
	tPLqK7b61BTb9MLfBMyq3HTKeu/6ShQjJ7Llb6sbcVYIv0FfcOqLaLOAEiGtvF9ZHsKHgKv5ie/Ru
	e2kCTxdEbdd0Xv+CrjVj+TmR2pO/4oLQqOYjn6zIdGanbdL9lKfgiXptHytfAb3fbysxtgbyGHFTs
	qBuwARGRF/1qprB+HAj1AlVzo+TSGesZOvxmYhUt95/LuNnnCCt/2PPF3s8vhOs0OY/gYXgse7Nql
	qxmB0vlHrisJeT5+Hrtr8CWbCRp+Hox2+oT9WHm6ubl/x/9Mc0epmHgwi/a5QDAaTkzYU6fRmAQQS
	YAWKtgHXKsEY9qOIIu+r4MdaAlwgw7Q==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1oDwy1-00EeW8-3G; Tue, 19 Jul 2022 23:49:29 +0000
Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1oDwxy-00EeRs-8Y
	for linux-arm-kernel@lists.infradead.org; Tue, 19 Jul 2022 23:49:27 +0000
Received: by mail-yb1-xb4a.google.com with SMTP id
 m123-20020a253f81000000b0066ff6484995so8869673yba.22
        for <linux-arm-kernel@lists.infradead.org>;
 Tue, 19 Jul 2022 16:49:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:message-id:mime-version:subject:from:to:cc;
        bh=Po9Y/gTzarxHrhYTITOFvy2JwCB88ahX2IAz9RZr3y8=;
        b=CBu2FxXInNBIGTHwxBQtN5BTaJRj7DzoWL4LiKBMXadUQbInajt5azKCCiPzvAQ2J9
         CVjHorJd7GhmvuW+i3r5vx7Ts7ORtSrQRK5lkPKjyAWwsKDXXgzjUxUqd5Cm7QZRadoj
         I/5wl2Gdb2OS9eYMPLprZwp0dyEzNeIU818n4HNyVB/FvhgZtHUX0/B0HhZBFfcfl/2V
         GQFkwSL4KPAzxWPurFrezGFbWZNdNhXKzINPET3WMavcLTlDaaFAVqhlq6s8Eje3laRB
         iyxpICNm3o2cFMK0uXovPZy50k6nWEo+CRYAy+db/Q8jGblRWoqBy47K71sPfYSu/lMj
         8z6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
        bh=Po9Y/gTzarxHrhYTITOFvy2JwCB88ahX2IAz9RZr3y8=;
        b=1FWO+VRCnk17g0BKtUILWcjFKtwUl/oT2pGj7y950Mx7Y70vveUs77ZeZf24Uj1X7S
         HsKM5xDBdnJjBeiypoQBT8ff7IYb+PXwD4nM3FT4P9mAry7RmFZL/C9G9OAc71ukKzIR
         B3j84OxYWAaArlZRfNAIPu+SKC+K41PAlc9vsrXWvnGJHunvQbbwi0zlWzpsTGpFaz1i
         Ql/7DVh2pUqQ94JGpvJfOOuJmj0GBJGBQDlEKPSqc3PL8ICNEZG9L/OC9WsyDvyCyKzx
         AxQHFfnuwfFyjCZW/dI6l9+1KuAS3jirYcSWGlVjgg7EUwYeMQZIi33qMo9PAo3FFHgQ
         kzxA==
X-Gm-Message-State: AJIora8QoANQfQJ7nDOgif4PjKo5KeAFMh/xhu/qp2M4U0KdNtuokrHj
	cr4WWl1OJ+AhgJ/lvjFpEEm2gww=
X-Google-Smtp-Source: 
 AGRyM1uaSZq7mthNo3vJmYZMkFYqfacvzy6A82uZNxJZGnURkqGX0BU/D616Fm+/JRRyoh8h3aWTqE0=
X-Received: from pcc-desktop.svl.corp.google.com
 ([2620:15c:2ce:200:966b:4dac:ab6b:a57a])
 (user=pcc job=sendgmr) by 2002:a81:a102:0:b0:31e:6264:3c3c with SMTP id
 y2-20020a81a102000000b0031e62643c3cmr4235308ywg.476.1658274560855; Tue, 19
 Jul 2022 16:49:20 -0700 (PDT)
Date: Tue, 19 Jul 2022 16:49:09 -0700
Message-Id: <20220719234909.1398992-1-pcc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.37.0.170.g444d1eabd0-goog
Subject: [PATCH] arm64: set UXN on swapper page tables
From: Peter Collingbourne <pcc@google.com>
To: Will Deacon <will@kernel.org>
Cc: Peter Collingbourne <pcc@google.com>, Marc Zyngier <maz@kernel.org>,
 linux-arm-kernel@lists.infradead.org,
	Catalin Marinas <catalin.marinas@arm.com>, stable@vger.kernel.org
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220719_164926_318753_D39998CB 
X-CRM114-Status: GOOD (  14.25  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On a system that implements FEAT_EPAN, read/write access to the idmap
is denied because UXN is not set on the swapper PTEs. As a result,
idmap_kpti_install_ng_mappings panics the kernel when accessing
__idmap_kpti_flag. Fix it by setting UXN on these PTEs.

Fixes: 18107f8a2df6 ("arm64: Support execute-only permissions with Enhanced PAN")
Cc: <stable@vger.kernel.org> # 5.15
Link: https://linux-review.googlesource.com/id/Ic452fa4b4f74753e54f71e61027e7222a0fae1b1
Signed-off-by: Peter Collingbourne <pcc@google.com>
Acked-by: Will Deacon <will@kernel.org>
---
This fix is no longer needed since commit c3cee924bd85 ("arm64: head:
cover entire kernel image in initial ID map"), which moved __idmap_kpti_flag
to .data, but that commit is currently only present in next.

 arch/arm64/include/asm/kernel-pgtable.h | 4 ++--
 arch/arm64/kernel/head.S                | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h
index 96dc0f7da258..a971d462f531 100644
--- a/arch/arm64/include/asm/kernel-pgtable.h
+++ b/arch/arm64/include/asm/kernel-pgtable.h
@@ -103,8 +103,8 @@
 /*
  * Initial memory map attributes.
  */
-#define SWAPPER_PTE_FLAGS	(PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
-#define SWAPPER_PMD_FLAGS	(PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
+#define SWAPPER_PTE_FLAGS	(PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_UXN)
+#define SWAPPER_PMD_FLAGS	(PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PMD_SECT_UXN)
 
 #if ARM64_KERNEL_USES_PMD_MAPS
 #define SWAPPER_MM_MMUFLAGS	(PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index 6a98f1a38c29..8a93a0a7489b 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -285,7 +285,7 @@ SYM_FUNC_START_LOCAL(__create_page_tables)
 	subs	x1, x1, #64
 	b.ne	1b
 
-	mov	x7, SWAPPER_MM_MMUFLAGS
+	mov_q	x7, SWAPPER_MM_MMUFLAGS
 
 	/*
 	 * Create the identity mapping.