From patchwork Tue Nov 15 09:06:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 13043342 X-Patchwork-Delegate: palmer@dabbelt.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7EA04C433FE for ; Tue, 15 Nov 2022 09:07:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=SZmh91feBUCR4obxNyqO9YSppQ79fGQIf1IpBj0wX4Q=; b=TAr/UTKihyeK6H QlblMIn6R3E4HDFXvIL8v9Y+zrkpUnZcqxOKoQh9sl4o7v2vf/rNkV4WPMqeU426h1j34Gck732ea T8qbf63bPtI6W5ju+y2EujkBkT4iNXPuMkd1pl/8lBwDLsEUImhG3GTJpwv821AfNzHUbLqaByY0Q tqcq6q0rwsrEV9e6q+UkbFjJi4ZVD3V/ukj/tp5LWSlwWEE981hbAHeBaOAiLYsk1SEr+ahMUdtCA Qz1Z4F0a1hDbJY2Ir/svP8US2aP6TboVW3KtTPrqtNbBP4XkD0A/w3mv/n+PaM332lCd7vgUxJGBY AtfkDf0eJ4e24uVO63dA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1ouruG-009AAe-9h; Tue, 15 Nov 2022 09:07:00 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1ouruD-009A8V-GL for linux-riscv@lists.infradead.org; Tue, 15 Nov 2022 09:06:58 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 03BF3B81333; Tue, 15 Nov 2022 09:06:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0DDCC433D6; Tue, 15 Nov 2022 09:06:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668503214; bh=lQ25xsrNZM5Z1Ywp9OfLkW92htJuaG7QNPDZY6Gaer0=; h=From:To:Cc:Subject:Date:From; b=BndV4nbll6dYyq+hmOudIIps0Es6DLuquMKLDoZ0ItQudlQ1X/ev70P8UrHfToCPz VdI8+mVlhmV7E7WuDj92mBMzdwGcz7K9TXpX0lVNUrkanYXOsZg8KWIAS8SgyYXzpx tpdwQ1iIXDc3jQOs7GKfcUoO/Q97l4xTs0et6XSnRxIdFP+A4wLMh5EaFwCQd6IltR Af+FHGuMSl3UvFOeiOP1i7rQRSCgBU/z0vo01MUPWHPLV8ICvhL1aFMhTc5rWWIR/P T/2eh11YZWSJITjq9FaiqRV+ZrVF4EZiI118gqIJNrVOXODK7qRZVJS/tQd41mqWne SVDwEorwYXLKw== From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-riscv@lists.infradead.org, Alexandre Ghiti , Samuel Holland Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , linux-kernel@vger.kernel.org Subject: [PATCH v2] riscv: mm: Proper page permissions after initmem free Date: Tue, 15 Nov 2022 10:06:40 +0100 Message-Id: <20221115090641.258476-1-bjorn@kernel.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221115_010657_713555_0699A644 X-CRM114-Status: GOOD ( 16.34 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org From: Björn Töpel 64-bit RISC-V kernels have the kernel image mapped separately to alias the linear map. The linear map and the kernel image map are documented as "direct mapping" and "kernel" respectively in [1]. At image load time, the linear map corresponding to the kernel image is set to PAGE_READ permission, and the kernel image map is set to PAGE_READ|PAGE_EXEC. When the initmem is freed, the pages in the linear map should be restored to PAGE_READ|PAGE_WRITE, whereas the corresponding pages in the kernel image map should be restored to PAGE_READ, by removing the PAGE_EXEC permission. This is not the case. For 64-bit kernels, only the linear map is restored to its proper page permissions at initmem free, and not the kernel image map. In practise this results in that the kernel can potentially jump to dead __init code, and start executing invalid instructions, without getting an exception. Restore the freed initmem properly, by setting both the kernel image map to the correct permissions. [1] Documentation/riscv/vm-layout.rst Fixes: e5c35fa04019 ("riscv: Map the kernel with correct permissions the first time") Signed-off-by: Björn Töpel Reviewed-by: Alexandre Ghiti Tested-by: Alexandre Ghiti --- v2: * Do not set the kernel image map to PAGE_WRITE. (Alex) * Massaged the commit message a bit. Samuel, I removed your Reviewed-by:/Tested-by: for the v2. --- arch/riscv/kernel/setup.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) base-commit: 22dce2b89d6043d5c3f68384285fff5506109317 diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index 67ec1fadcfe2..86acd690d529 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -322,10 +322,11 @@ subsys_initcall(topology_init); void free_initmem(void) { - if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) - set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), - IS_ENABLED(CONFIG_64BIT) ? - set_memory_rw : set_memory_rw_nx); + if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) { + set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), set_memory_rw_nx); + if (IS_ENABLED(CONFIG_64BIT)) + set_kernel_memory(__init_begin, __init_end, set_memory_nx); + } free_initmem_default(POISON_FREE_INITMEM); }