From patchwork Sat Nov 12 11:35:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 13041186 X-Patchwork-Delegate: palmer@dabbelt.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9A264C433FE for ; Sat, 12 Nov 2022 11:36:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=9yRDTp3/JNjKKUq0gKZISwMzO55art5x5E+uGKSR1Ps=; b=hlRm/UmDohOd1e j4YoZfMpSXWI+qxPzbkZN9SAF6IDLFdcNU3hU4ZtFHndbyuntYp9bafJ5yM6iE7i72qgnBs3THQ0M hRidjsRNcnLYDaWCobnav3fW8YKNUicMxL5VgxXQwJw5gclchmjLFznBorqY5iSZgB+71wFSiFWWX rSL1gvwf1A3Di7afh4E/ogSLSyr6ZyGpmgQ9xNTVo2dyZWNvvflIJp/MU9Mca1A0kXOPdqf1WOGVo dToUrgWYNmn8BLZVcDZ0W5Xomskn8LpSCHiLjbkc0qkeDInrVbMS8UHVhAO0L0sMkaJ17yN00Y4qv JM1oHvGP759FLhGnWlBw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1otooF-005JeH-1C; Sat, 12 Nov 2022 11:36:27 +0000 Received: from ams.source.kernel.org ([2604:1380:4601:e00::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1otooC-005JdG-M3 for linux-riscv@lists.infradead.org; Sat, 12 Nov 2022 11:36:26 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 60A2FB80735; Sat, 12 Nov 2022 11:36:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A6B5DC433D6; Sat, 12 Nov 2022 11:36:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668252979; bh=hDVkWMmXvy2usab42Pc4A58JK6SsyDaWks6I8QgP8bk=; h=From:To:Cc:Subject:Date:From; b=SjXafSr5zGyfTqqO0sFinbDUJUaU5S/UA2HoFSWvFS5lMOl+CUuzlfdh9RcQaFQNy pnNseQmagf4UeJB/kNtF0bHhmJbvvFMEh4LXdiRN5rOJ7UchYwfZHGhlgYcfXMGPoW w1J4SMKXVuV7bWpegZPcFmyz1KkzM2ciLMNAZQCsnK6dQwN2Kx1pD1uRQwi+3YSf68 v7KSJT9/V8E7HXuAHMZ45SjsL3YkRG6PcdzYEriMdI5JhTVr0kKWa+raZqQr/oV7T7 VuyCJIamdjNv+GPCZmSHQTvbfwpvJZHJ8qeehk03cGxrMkKI14Qpj3AOzu97LWUIIs 3gvvZETRV/IXA== From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-riscv@lists.infradead.org, Alexandre Ghiti Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , linux-kernel@vger.kernel.org Subject: [PATCH] riscv: mm: Proper page permissions after initmem free Date: Sat, 12 Nov 2022 12:35:43 +0100 Message-Id: <20221112113543.3165646-1-bjorn@kernel.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221112_033624_904338_2703C9E6 X-CRM114-Status: GOOD ( 14.51 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org From: Björn Töpel 64-bit RISC-V kernels have the kernel image mapped separately, and in addition to the linear map. When the kernel is loaded, the linear map of kernel image is set to PAGE_READ permission, and the kernel map is set to PAGE_READ and PAGE_EXEC. When the initmem is freed, the corresponding pages in the linear map should be restored to PAGE_READ and PAGE_WRITE. The corresponding pages in the kernel map should also be restored to PAGE_READ and PAGE_WRITE, by removing the PAGE_EXEC permission, and adding PAGE_WRITE. This is not the case. For 64-bit kernels, only the linear map is restored to its proper page permissions at initmem free, and not the kernelmap. In practise this results in that the kernel can potentially jump to dead __init code, and start executing invalid 0xcc instructions, without getting an exception. Restore the freed initmem properly, by setting both the alias (kernel map) and the linear map to the correct permissions. Fixes: e5c35fa04019 ("riscv: Map the kernel with correct permissions the first time") Signed-off-by: Björn Töpel Reviewed-by: Samuel Holland Tested-by: Samuel Holland # on D1 --- arch/riscv/kernel/setup.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) base-commit: 442bcbfd2c5401587b983e34bed0b407214735c3 diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index ad76bb59b059..361e635070fe 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -321,10 +321,12 @@ subsys_initcall(topology_init); void free_initmem(void) { - if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) - set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), - IS_ENABLED(CONFIG_64BIT) ? - set_memory_rw : set_memory_rw_nx); + if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) { + if (IS_ENABLED(CONFIG_64BIT)) + set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), + set_memory_rw); + set_kernel_memory(__init_begin, __init_end, set_memory_rw_nx); + } free_initmem_default(POISON_FREE_INITMEM); }