From patchwork Fri Nov 17 13:14:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 13458961 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DFDFCC197A0 for ; Fri, 17 Nov 2023 13:15:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=fBQZDIlF2wG7dsOGYUswp/zn9T3XRCKWUIEfZBVSIaE=; b=jFiCb8O5b/4UrF ybncl0KTpBanMd29k7xN2tVyazR1rost1ORgHmZVBfFQNe0cvyPgiOfnlmHOf/uar7gNik/aW/+FN 5nvgLTYP/WdqEyHzY5+rh9nqkfqMxj032CF7nBxMwh5154UcJ0aZQXLnkNk33X8DcZkmuQxtBqFbb gxWVv1/+LZyJFUtuCcxfuEG0MQ6wXs1gPgCwXXHIoLzGigeQ9DHSVxjF1uXFWdK8VgQ6MaUua8e1Z 0lDJxAn/FlZTZ2jK2NGOsEdkhxWmsjDdlm5LpwR6SdwVTYX8J5VBTLj7KMYAxSrDwEP9PY/zdVhHS mmyEGBWH8/EuRa+62Tpg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1r3ygH-006czO-1x; Fri, 17 Nov 2023 13:14:45 +0000 Received: from sin.source.kernel.org ([145.40.73.55]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1r3ygE-006cyf-2j for linux-arm-kernel@lists.infradead.org; Fri, 17 Nov 2023 13:14:44 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 9D829CE23F2; Fri, 17 Nov 2023 13:14:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A25CC433C7; Fri, 17 Nov 2023 13:14:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700226871; bh=ypuFO5+uRhmAI4jjdvcpZmvuSS1KpWFRli6mP1XtK78=; h=From:To:Cc:Subject:Date:From; b=d/37kqVtI9JQuzZovD9X/8i5A6xS4loEgzHgu7It8FO3ZodlT5fMcYk4N7KvKAxOs ahb6TJIYHzHgpk7TqeGCcdBS2EIyzGGp3XslX4wjg41ReMIBTR0v4fptbd+mOF57IB rA2eWP8N6z2aS+m8jNXmykOulhk2FqEDMEoUvRF9Y5Ze57evpVnlJ9Yn45dTBFHV71 IkZrFP4lpYLRM8r1z0bS3lFuZSsxq/hnk0p2ogx8yvj+Rg3rVK4UljAprrzdm7vMwt HAp2mAEy8o9+5/H/SL6NnBW+pj+nbLp5csbvGM653C+rmI4WHTJex4JCeOKbmFOPdQ ppC2qJaHrMWgg== From: Will Deacon To: linux-arm-kernel@lists.infradead.org Cc: kernel-team@android.com, Will Deacon , Ard Biesheuvel , Catalin Marinas , Mark Rutland Subject: [PATCH] arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y Date: Fri, 17 Nov 2023 13:14:22 +0000 Message-Id: <20231117131422.29663-1-will@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231117_051443_293811_27A82D40 X-CRM114-Status: GOOD ( 14.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When CONFIG_RODATA_FULL_DEFAULT_ENABLED=y, passing "rodata=on" on the kernel command-line (rather than "rodata=full") should turn off the "full" behaviour, leaving writable linear aliases of read-only kernel memory. Unfortunately, the option has no effect in this situation and the only way to disable the "rodata=full" behaviour is to disable rodata protection entirely by passing "rodata=off". Fix this by parsing the "on" and "off" options in the arch code, additionally enforcing that 'rodata_full' cannot be set without also setting 'rodata_enabled', allowing us to simplify a couple of checks in the process. Cc: Ard Biesheuvel Cc: Catalin Marinas Cc: Mark Rutland Signed-off-by: Will Deacon Reviewed-by: Russell King (Oracle) Reviewed-by: Ard Biesheuvel --- arch/arm64/include/asm/setup.h | 17 +++++++++++++++-- arch/arm64/mm/pageattr.c | 7 +++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/arch/arm64/include/asm/setup.h b/arch/arm64/include/asm/setup.h index f4af547ef54c..2e4d7da74fb8 100644 --- a/arch/arm64/include/asm/setup.h +++ b/arch/arm64/include/asm/setup.h @@ -21,9 +21,22 @@ static inline bool arch_parse_debug_rodata(char *arg) extern bool rodata_enabled; extern bool rodata_full; - if (arg && !strcmp(arg, "full")) { + if (!arg) + return false; + + if (!strcmp(arg, "full")) { + rodata_enabled = rodata_full = true; + return true; + } + + if (!strcmp(arg, "off")) { + rodata_enabled = rodata_full = false; + return true; + } + + if (!strcmp(arg, "on")) { rodata_enabled = true; - rodata_full = true; + rodata_full = false; return true; } diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c index 8e2017ba5f1b..924843f1f661 100644 --- a/arch/arm64/mm/pageattr.c +++ b/arch/arm64/mm/pageattr.c @@ -29,8 +29,8 @@ bool can_set_direct_map(void) * * KFENCE pool requires page-granular mapping if initialized late. */ - return (rodata_enabled && rodata_full) || debug_pagealloc_enabled() || - arm64_kfence_can_set_direct_map(); + return rodata_full || debug_pagealloc_enabled() || + arm64_kfence_can_set_direct_map(); } static int change_page_range(pte_t *ptep, unsigned long addr, void *data) @@ -105,8 +105,7 @@ static int change_memory_common(unsigned long addr, int numpages, * If we are manipulating read-only permissions, apply the same * change to the linear mapping of the pages that back this VM area. */ - if (rodata_enabled && - rodata_full && (pgprot_val(set_mask) == PTE_RDONLY || + if (rodata_full && (pgprot_val(set_mask) == PTE_RDONLY || pgprot_val(clear_mask) == PTE_RDONLY)) { for (i = 0; i < area->nr_pages; i++) { __change_memory_common((u64)page_address(area->pages[i]),