From patchwork Tue Jan 9 12:14:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe Leroy X-Patchwork-Id: 13514853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C217C46CD2 for ; Tue, 9 Jan 2024 12:15:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CCF766B0093; Tue, 9 Jan 2024 07:15:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C7E2E6B0095; Tue, 9 Jan 2024 07:15:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B1FC06B0096; Tue, 9 Jan 2024 07:15:07 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id A1ECB6B0093 for ; Tue, 9 Jan 2024 07:15:07 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 7C0391A08B7 for ; Tue, 9 Jan 2024 12:15:07 +0000 (UTC) X-FDA: 81659667054.23.7A74DB3 Received: from pegase1.c-s.fr (pegase1.c-s.fr [93.17.236.30]) by imf04.hostedemail.com (Postfix) with ESMTP id 5B1D240022 for ; Tue, 9 Jan 2024 12:15:05 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=csgroup.eu; spf=pass (imf04.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1704802505; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=izlm1H+MKRgUj2l8DcDs92GC+N0/E9JUWZ0WFcLtG00=; b=iA0wA4NcrNKgbp9KcTj/Ox79YJLdN88/CmTqIIMj5OebYMkgXY/iKiGtdEgwNfD9zcyCmF EYGHRrY5e9SyWosXP6SsNApXF3NwpOyg2+kanAFTaquO9XY2Gi2DXGT1BhbL0XYf6f74gB +pO0lYoX6cPOUqNpMB/5KjUtJka2yQg= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=csgroup.eu; spf=pass (imf04.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1704802505; a=rsa-sha256; cv=none; b=00GUYGrw86Q80vS9DCgrfHL/Ca7Is9QMXgW7JTvc7lj89Is6ltknrXQuuMspfnaLMLuqYS C6tRWGkBA97GdTzoiOSRDby2uq2i4MMXw525OkbOe0oa6eCU/32oyJ/SHt5hHqiGD0lhAi DFAAMelIMW8wIp4aU3wmMwIW0H3d2rk= Received: from localhost (mailhub3.si.c-s.fr [192.168.12.233]) by localhost (Postfix) with ESMTP id 4T8VHS157Qz9v6Y; Tue, 9 Jan 2024 13:15:00 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdK_Jc1jqNjy; Tue, 9 Jan 2024 13:15:00 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4T8VHS0HC2z9v2V; Tue, 9 Jan 2024 13:15:00 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id F1DFE8B77D; Tue, 9 Jan 2024 13:14:59 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 7pM4OD5n-ewz; Tue, 9 Jan 2024 13:14:59 +0100 (CET) Received: from PO20335.idsi0.si.c-s.fr (unknown [192.168.233.126]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 26ACE8B774; Tue, 9 Jan 2024 13:14:58 +0100 (CET) From: Christophe Leroy To: linux-hardening@vger.kernel.org, Russell King , Catalin Marinas , Will Deacon , Michael Ellerman , Nicholas Piggin , "Aneesh Kumar K.V" , "Naveen N. Rao" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Gerald Schaefer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Andrew Morton , Kees Cook Cc: Christophe Leroy , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-mm@kvack.org, steven.price@arm.com, Phong Tran , mark.rutland@arm.com, Greg KH Subject: [PATCH 1/4] arm: ptdump: Rename CONFIG_DEBUG_WX to CONFIG_ARM_DEBUG_WX Date: Tue, 9 Jan 2024 13:14:35 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1704802473; l=1302; i=christophe.leroy@csgroup.eu; s=20211009; h=from:subject:message-id; bh=SZmJpW4kyN4zUs+MdMT6CDyMhbW9dyNyADl5ScxgQbU=; b=ZRUK6aNuwLf82oScWI/2o5V02OBwPHgNwHRpA6tH0OpUPTRtOVcXbXukUs0gIeW4L5Tm9Mi8E t1ySRzRI5ipD9FZVb5uHd+bEWidm7yIlzdJbDqOzk/F2uTz/mSpvamx X-Developer-Key: i=christophe.leroy@csgroup.eu; a=ed25519; pk=HIzTzUj91asvincQGOFx6+ZF5AoUuP9GdOtQChs7Mm0= X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 5B1D240022 X-Stat-Signature: qm11fhedtsoweswjyt8uidapskej6uim X-HE-Tag: 1704802505-224243 X-HE-Meta: U2FsdGVkX1+/ldef9hsipirPVyTAURyKf5zhj+6gsTDEzbhJC4+SrT3uGPR69H3LQnrGImK/aE0ik6tHdrjn70/WDGeJXMxcDCWD0PxyI5+a21GiVnKKcumSHWz2tm7yxR7Eghe8YAxF+guZ22siOPdyPzh9nH/b0Qgseb0wvFVrbPKfyGnhEvwS+54wMZpKeFoflrCXV+XDMxWM7nY9HSKOf3bVpvufc1paae7YGEBzMBidEpLtdlrlq9BPOfUjH2Md8iJ3Utfw4leP7prLYnEEY+p0QoAnXiyIQEWdUDyIphvyMyMiKSoSZIeddNNDYFLUlhQ3lvKNBtpFeAosWvDDEXbUk0670HlkLlmg816+5RCYl31aspD4dvlZf53U466h5QYpHQNVkKzMWm11BWPbhOVM9pm3pswc158tsbJ1PbGJnC81PUVppxp/g4WbUi2gvQQUl47GkFUNAQ4QimXp1XR06RST62RisR1HUHjG2QlTmGLiSMqBxC6juFbyVe5zQ8scTuoQ0lrN3WxRcYHfjWxL9w0vojO0JfWhxD2yMBrr1bYgzUFrdnZ2+lbelrqLFcOIw8e+5JxMxBddlUNZkyZn1M4u+sJNPIb54NdIs1qTqWg5u7oir6uZVnUkfmc+0uTNJqAmNX7tC5i8fQQjF4gG2XIg/6BuUu6hsmQ3buOwK6dTyqAT2GYQ+wsC7fQFIlUr5KtjeO1Pv6Hrcf0CGFmNFJOF+DMDmggOJVAxb2bhH47BijQo+txoPf14sl/kRQ4cmauKxzXdAy5R004Qb3yEv8T0nZWUrVL3A1lIi/f79E1gxEOKE3hy52yU8HpthHp+irl3Q04Z4BVKj4OviuMHDgUt3fE+sYd1wMkhwov3l6I0NNWwazZhjyZN//50F0mU21Ts5ao2i6qwI29/TRLOEUJ9bwZkJlbCGBc8XV7z8qy5OuGqXESiDAL9V93NeiO7OwVFXpYIbj0 gHkFhjnR LTat/WTJeBZmxgD2UAAkCeVmnUMD8HTvxBZfugRVr3HMTuVkWzIznyAbDOiZ2wrJsNLrqDJyYI713uWrtyQUu7p/LvMf2EVnnW03Q3gVPq/oJ0QQ4+VVSAnK24yOgWT+xPfpjOLr8uQpEAw8YRHgskgc+LpZLmz3zvg+nRs0PjrRloN2r2jTfGt2pRMPbgRFOvMDDt0k67yT6WUN5IfRT44JjICak9YfAQm6rc61kXO8RJvyewvtgnh/AkA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: CONFIG_DEBUG_WX is a core option defined in mm/Kconfig.debug To avoid any future conflict, rename ARM version into CONFIG_ARM_DEBUG_WX. Signed-off-by: Christophe Leroy --- arch/arm/Kconfig.debug | 2 +- arch/arm/include/asm/ptdump.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug index fc2b41d41447..141151d632f6 100644 --- a/arch/arm/Kconfig.debug +++ b/arch/arm/Kconfig.debug @@ -17,7 +17,7 @@ config ARM_PTDUMP_DEBUGFS kernel. If in doubt, say "N" -config DEBUG_WX +config ARM_DEBUG_WX bool "Warn on W+X mappings at boot" depends on MMU select ARM_PTDUMP_CORE diff --git a/arch/arm/include/asm/ptdump.h b/arch/arm/include/asm/ptdump.h index aad1d034136c..46a4575146ee 100644 --- a/arch/arm/include/asm/ptdump.h +++ b/arch/arm/include/asm/ptdump.h @@ -32,10 +32,10 @@ void ptdump_check_wx(void); #endif /* CONFIG_ARM_PTDUMP_CORE */ -#ifdef CONFIG_DEBUG_WX -#define debug_checkwx() ptdump_check_wx() +#ifdef CONFIG_ARM_DEBUG_WX +#define arm_debug_checkwx() ptdump_check_wx() #else -#define debug_checkwx() do { } while (0) +#define arm_debug_checkwx() do { } while (0) #endif #endif /* __ASM_PTDUMP_H */ From patchwork Tue Jan 9 12:14:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe Leroy X-Patchwork-Id: 13514854 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6634C47073 for ; Tue, 9 Jan 2024 12:15:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 665D26B0095; Tue, 9 Jan 2024 07:15:12 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6157F6B0096; Tue, 9 Jan 2024 07:15:12 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4B61F6B0098; Tue, 9 Jan 2024 07:15:12 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 3EFAC6B0095 for ; Tue, 9 Jan 2024 07:15:12 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id F0DB61608CA for ; Tue, 9 Jan 2024 12:15:11 +0000 (UTC) X-FDA: 81659667222.10.55665F8 Received: from pegase1.c-s.fr (pegase1.c-s.fr [93.17.236.30]) by imf10.hostedemail.com (Postfix) with ESMTP id 9E581C0013 for ; Tue, 9 Jan 2024 12:15:09 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=csgroup.eu; spf=pass (imf10.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1704802509; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KNl1nYh9UcSl7AbHeDhvaOsqgqR6WfI2nTDlEqNbcII=; b=fZwn7tgWPnsM6NYVhLOERTj/bkGSOXkA4n/lnfBp6V9KYw8Ukpt+DbgIy/j/TC6ix+50aj U7Ru4OLLLv5nACWyWphGzKrMgZghDeZi3ioYtw2ibcHlh3vF74ln2XicS7uS4TgD2lDQ7h AkEmPzw1Qc63/4v4MEvbg+SG/rXN+iY= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=csgroup.eu; spf=pass (imf10.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1704802509; a=rsa-sha256; cv=none; b=IYkdExtBsokj9yf8TKoHhMBW9VmQ6Ogt/KUgjepBFeQe5m+EiY7lSTriRysdIlwBfR3BuT fwkjUVesMTzOAgTm79xBZgZFdkMhcuAhHTF/6KvHw7jQzmDahWfQIGEhUch/AHiOyWYgKq VD1wbsWpasEoG0cZsOTcBFKk1rQmHXM= Received: from localhost (mailhub3.si.c-s.fr [192.168.12.233]) by localhost (Postfix) with ESMTP id 4T8VHT5y4Kz9v6s; Tue, 9 Jan 2024 13:15:01 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4MdGbzyeBSEE; Tue, 9 Jan 2024 13:15:01 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4T8VHT4pzsz9v2V; Tue, 9 Jan 2024 13:15:01 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 9BC028B77D; Tue, 9 Jan 2024 13:15:01 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id uBzJP-3JQq-L; Tue, 9 Jan 2024 13:15:01 +0100 (CET) Received: from PO20335.idsi0.si.c-s.fr (unknown [192.168.233.126]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 053088B77E; Tue, 9 Jan 2024 13:14:59 +0100 (CET) From: Christophe Leroy To: linux-hardening@vger.kernel.org, Russell King , Catalin Marinas , Will Deacon , Michael Ellerman , Nicholas Piggin , "Aneesh Kumar K.V" , "Naveen N. Rao" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Gerald Schaefer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Andrew Morton , Kees Cook Cc: Christophe Leroy , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-mm@kvack.org, steven.price@arm.com, Phong Tran , mark.rutland@arm.com, Greg KH Subject: [PATCH 2/4] arm64, powerpc, riscv, s390, x86: Refactor CONFIG_DEBUG_WX Date: Tue, 9 Jan 2024 13:14:36 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1704802473; l=11315; i=christophe.leroy@csgroup.eu; s=20211009; h=from:subject:message-id; bh=/7r2fv5UgWErZwlk5FNzmu53iFGklb0c7kTSXPgGEHM=; b=01YQqBwyJGJIDGN7KSgjPDE5jKTdPTeM7uAcHq541R/m2p25Tc/MpyxpccE0H4QHv8KYbJfkg EJojygb2mj9BPwL+zk+tkKOnjeyHzNiyrBGrSuwP4HGM+3QWJJwAGnV X-Developer-Key: i=christophe.leroy@csgroup.eu; a=ed25519; pk=HIzTzUj91asvincQGOFx6+ZF5AoUuP9GdOtQChs7Mm0= X-Rspamd-Queue-Id: 9E581C0013 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 7r8nzspbufe77fkozxbn7yya3msr9ccq X-HE-Tag: 1704802509-488667 X-HE-Meta: U2FsdGVkX1+l1s+IW9o88rdwtcs6iTNPsrkjTMpJXXCH70qpWGlzsVdJM8blXsRbZ1k3gO5BOyZaNn+wU/ki2Bhjinln9Cq45fDdZKd8SFXXTvOx/7+zkLpKKl2oho8Lk7edK3t/AKBRvWE+fXVo4i4vqTCwFOo7J8jyfIJD7/cY29Trkj9/zAKx+LPd7IzTx6sgRC8diWv+4G1r3Jy2cSNlDxRm7dD9sm9JUq00FeojWisCwKNAF4dcNyZ/+1/u6FeBMqZnqm0w6b+otETl92GuUzGPLpo3QsCmDh292mu/FABnZ6SIwAKk9zu2oyyu5WeUbNDSCfn6QwSv5pPKRPyGKXne0OwNNRC8xASZLZOScl080vexdjnMbmpdJvxU1YeGspxMm7hDNq6BWYUhtOksL5P72v8qfWsAXpu4mYJ49WW8NUAz4hmgOK6URrPYvyADNhhoL+PutO0HoPWMn7rycmJCCfB0XbkJqpX9MgYmXdPmy48s+c/FONXxuWwjK7i4sfgZkph4BoA5KzbkBReDmkSYMYNLULrzlj4F5I6YTjkQeqxFYgTwgstV3OmggYK44+1yQRzpBbbqda30cD0Bh7F5QJXQb4EywV/g2pH4EH4FttiQoktxcExJ0SaJAvENBymqUmX8+3Xmt1n0Uv4+nHM22peFtE2CUSK1fkA+UBZ0q31BfByrfON4PUBD5pHXffzZm2J3NAnZH9TXwawH1wPk4spxvfU7fDnTbTUu2vydcw2bqN9b1spUaNPw9U8yU6U/CgGCPyajnZ9rb8vdXcExpNvoC6bSnyJuUmNEFd92yzFgAncEF9xE1iP81ubH7bgQQAJhaXFk5I+hJNEUG0SN5M1IFd1c0CzdRGrBosQgSYCFsQMfBGbIOhi0fJeyvlTKKNtC2hd+16NDIL6kwGk+ZNKYd6LMxZRB9TSEbFf+UX8equEFj9Nkn/TT5uuM9JzE1wFra/U1nZu 49OX3QH1 K/y47rxood1HPKMEweTfUHDCtaJwBafqF4Zs3hspKJR69LsliFhHqVSMs/z3FZXcI8eF/joDmkofvxu8Gbz0z0WmgcLNhK4zqKXISZxDNCoN9WxZ7RESK6r/J3BgqHx7AO/x5QToLUhCE3qbNe+pcgmJYqihLhWYoydoU7mq5jhK5PoHX7MpB/NcPnRNdNkTKQVyYi/tGYjxmnnA5lGXRkfYptg94nczh7lP29Oy6PqNcXRQp/X3JFXYxWg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: All architectures using the core ptdump functionality also implement CONFIG_DEBUG_WX, and they all do it more or less the same way, with a function called debug_checkwx() that is called by mark_rodata_ro(), which is a substitute to ptdump_check_wx() when CONFIG_DEBUG_WX is set and a no-op otherwise. Refactor by centraly defining debug_checkwx() in linux/ptdump.h and call debug_checkwx() immediately after calling mark_rodata_ro() instead of calling it at the end of every mark_rodata_ro(). On x86_32, mark_rodata_ro() first checks __supported_pte_mask has _PAGE_NX before calling debug_checkwx(). Now the check is inside the callee ptdump_walk_pgd_level_checkwx(). On powerpc_64, mark_rodata_ro() bails out early before calling ptdump_check_wx() when the MMU doesn't have KERNEL_RO feature. The check is now also done in ptdump_check_wx() as it is called outside mark_rodata_ro(). Signed-off-by: Christophe Leroy Reviewed-by: Alexandre Ghiti --- arch/arm64/include/asm/ptdump.h | 7 ------- arch/arm64/mm/mmu.c | 2 -- arch/powerpc/mm/mmu_decl.h | 6 ------ arch/powerpc/mm/pgtable_32.c | 4 ---- arch/powerpc/mm/pgtable_64.c | 3 --- arch/powerpc/mm/ptdump/ptdump.c | 3 +++ arch/riscv/include/asm/ptdump.h | 22 ---------------------- arch/riscv/mm/init.c | 3 --- arch/riscv/mm/ptdump.c | 1 - arch/s390/include/asm/ptdump.h | 14 -------------- arch/s390/mm/dump_pagetables.c | 1 - arch/s390/mm/init.c | 2 -- arch/x86/include/asm/pgtable.h | 3 +-- arch/x86/mm/dump_pagetables.c | 3 +++ arch/x86/mm/init_32.c | 2 -- arch/x86/mm/init_64.c | 2 -- include/linux/ptdump.h | 7 +++++++ init/main.c | 2 ++ 18 files changed, 16 insertions(+), 71 deletions(-) delete mode 100644 arch/riscv/include/asm/ptdump.h delete mode 100644 arch/s390/include/asm/ptdump.h diff --git a/arch/arm64/include/asm/ptdump.h b/arch/arm64/include/asm/ptdump.h index 581caac525b0..5b1701c76d1c 100644 --- a/arch/arm64/include/asm/ptdump.h +++ b/arch/arm64/include/asm/ptdump.h @@ -29,13 +29,6 @@ void __init ptdump_debugfs_register(struct ptdump_info *info, const char *name); static inline void ptdump_debugfs_register(struct ptdump_info *info, const char *name) { } #endif -void ptdump_check_wx(void); #endif /* CONFIG_PTDUMP_CORE */ -#ifdef CONFIG_DEBUG_WX -#define debug_checkwx() ptdump_check_wx() -#else -#define debug_checkwx() do { } while (0) -#endif - #endif /* __ASM_PTDUMP_H */ diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 15f6347d23b6..e011beb2e5e3 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -635,8 +635,6 @@ void mark_rodata_ro(void) section_size = (unsigned long)__init_begin - (unsigned long)__start_rodata; update_mapping_prot(__pa_symbol(__start_rodata), (unsigned long)__start_rodata, section_size, PAGE_KERNEL_RO); - - debug_checkwx(); } static void __init map_kernel_segment(pgd_t *pgdp, void *va_start, void *va_end, diff --git a/arch/powerpc/mm/mmu_decl.h b/arch/powerpc/mm/mmu_decl.h index 72341b9fb552..90dcc2844056 100644 --- a/arch/powerpc/mm/mmu_decl.h +++ b/arch/powerpc/mm/mmu_decl.h @@ -171,12 +171,6 @@ static inline void mmu_mark_rodata_ro(void) { } void __init mmu_mapin_immr(void); #endif -#ifdef CONFIG_DEBUG_WX -void ptdump_check_wx(void); -#else -static inline void ptdump_check_wx(void) { } -#endif - static inline bool debug_pagealloc_enabled_or_kfence(void) { return IS_ENABLED(CONFIG_KFENCE) || debug_pagealloc_enabled(); diff --git a/arch/powerpc/mm/pgtable_32.c b/arch/powerpc/mm/pgtable_32.c index 5c02fd08d61e..12498017da8e 100644 --- a/arch/powerpc/mm/pgtable_32.c +++ b/arch/powerpc/mm/pgtable_32.c @@ -153,7 +153,6 @@ void mark_rodata_ro(void) if (v_block_mapped((unsigned long)_stext + 1)) { mmu_mark_rodata_ro(); - ptdump_check_wx(); return; } @@ -166,9 +165,6 @@ void mark_rodata_ro(void) PFN_DOWN((unsigned long)_stext); set_memory_ro((unsigned long)_stext, numpages); - - // mark_initmem_nx() should have already run by now - ptdump_check_wx(); } #endif diff --git a/arch/powerpc/mm/pgtable_64.c b/arch/powerpc/mm/pgtable_64.c index 5ac1fd30341b..1b366526f4f2 100644 --- a/arch/powerpc/mm/pgtable_64.c +++ b/arch/powerpc/mm/pgtable_64.c @@ -150,9 +150,6 @@ void mark_rodata_ro(void) radix__mark_rodata_ro(); else hash__mark_rodata_ro(); - - // mark_initmem_nx() should have already run by now - ptdump_check_wx(); } void mark_initmem_nx(void) diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptdump.c index 2313053fe679..620d4917ebe8 100644 --- a/arch/powerpc/mm/ptdump/ptdump.c +++ b/arch/powerpc/mm/ptdump/ptdump.c @@ -343,6 +343,9 @@ void ptdump_check_wx(void) } }; + if (IS_ENABLED(CONFIG_PPC_BOOK3S_64) && !mmu_has_feature(MMU_FTR_KERNEL_RO)) + return; + ptdump_walk_pgd(&st.ptdump, &init_mm, NULL); if (st.wx_pages) diff --git a/arch/riscv/include/asm/ptdump.h b/arch/riscv/include/asm/ptdump.h deleted file mode 100644 index 3c9ea6dd5af7..000000000000 --- a/arch/riscv/include/asm/ptdump.h +++ /dev/null @@ -1,22 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * Copyright (C) 2019 SiFive - */ - -#ifndef _ASM_RISCV_PTDUMP_H -#define _ASM_RISCV_PTDUMP_H - -void ptdump_check_wx(void); - -#ifdef CONFIG_DEBUG_WX -static inline void debug_checkwx(void) -{ - ptdump_check_wx(); -} -#else -static inline void debug_checkwx(void) -{ -} -#endif - -#endif /* _ASM_RISCV_PTDUMP_H */ diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 2e011cbddf3a..55c4deb1b332 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -29,7 +29,6 @@ #include #include #include -#include #include #include #include @@ -720,8 +719,6 @@ void mark_rodata_ro(void) if (IS_ENABLED(CONFIG_64BIT)) set_kernel_memory(lm_alias(__start_rodata), lm_alias(_data), set_memory_ro); - - debug_checkwx(); } #else static __init pgprot_t pgprot_from_va(uintptr_t va) diff --git a/arch/riscv/mm/ptdump.c b/arch/riscv/mm/ptdump.c index 657c27bc07a7..075265603313 100644 --- a/arch/riscv/mm/ptdump.c +++ b/arch/riscv/mm/ptdump.c @@ -9,7 +9,6 @@ #include #include -#include #include #include diff --git a/arch/s390/include/asm/ptdump.h b/arch/s390/include/asm/ptdump.h deleted file mode 100644 index f960b2896606..000000000000 --- a/arch/s390/include/asm/ptdump.h +++ /dev/null @@ -1,14 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ - -#ifndef _ASM_S390_PTDUMP_H -#define _ASM_S390_PTDUMP_H - -void ptdump_check_wx(void); - -static inline void debug_checkwx(void) -{ - if (IS_ENABLED(CONFIG_DEBUG_WX)) - ptdump_check_wx(); -} - -#endif /* _ASM_S390_PTDUMP_H */ diff --git a/arch/s390/mm/dump_pagetables.c b/arch/s390/mm/dump_pagetables.c index d37a8f607b71..8dcb4e0c71bd 100644 --- a/arch/s390/mm/dump_pagetables.c +++ b/arch/s390/mm/dump_pagetables.c @@ -6,7 +6,6 @@ #include #include #include -#include #include #include #include diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c index 43e612bc2bcd..d2e5eff9d1de 100644 --- a/arch/s390/mm/init.c +++ b/arch/s390/mm/init.c @@ -37,7 +37,6 @@ #include #include #include -#include #include #include #include @@ -109,7 +108,6 @@ void mark_rodata_ro(void) __set_memory_ro(__start_ro_after_init, __end_ro_after_init); pr_info("Write protected read-only-after-init data: %luk\n", size >> 10); - debug_checkwx(); } int set_memory_encrypted(unsigned long vaddr, int numpages) diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index 57bab91bbf50..036ce63f3b95 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -32,6 +32,7 @@ void ptdump_walk_pgd_level(struct seq_file *m, struct mm_struct *mm); void ptdump_walk_pgd_level_debugfs(struct seq_file *m, struct mm_struct *mm, bool user); void ptdump_walk_pgd_level_checkwx(void); +#define ptdump_check_wx() ptdump_walk_pgd_level_checkwx() void ptdump_walk_user_pgd_level_checkwx(void); /* @@ -41,10 +42,8 @@ void ptdump_walk_user_pgd_level_checkwx(void); #define pgprot_decrypted(prot) __pgprot(cc_mkdec(pgprot_val(prot))) #ifdef CONFIG_DEBUG_WX -#define debug_checkwx() ptdump_walk_pgd_level_checkwx() #define debug_checkwx_user() ptdump_walk_user_pgd_level_checkwx() #else -#define debug_checkwx() do { } while (0) #define debug_checkwx_user() do { } while (0) #endif diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index e1b599ecbbc2..0008524eebe9 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -433,6 +433,9 @@ void ptdump_walk_user_pgd_level_checkwx(void) void ptdump_walk_pgd_level_checkwx(void) { + if (!(__supported_pte_mask & _PAGE_NX)) + return; + ptdump_walk_pgd_level_core(NULL, &init_mm, INIT_PGD, true, false); } diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c index b63403d7179d..5c736b707cae 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -800,6 +800,4 @@ void mark_rodata_ro(void) set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); #endif mark_nxdata_nx(); - if (__supported_pte_mask & _PAGE_NX) - debug_checkwx(); } diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index a190aae8ceaf..16e248769338 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1412,8 +1412,6 @@ void mark_rodata_ro(void) (void *)text_end, (void *)rodata_start); free_kernel_image_pages("unused kernel image (rodata/data gap)", (void *)rodata_end, (void *)_sdata); - - debug_checkwx(); } /* diff --git a/include/linux/ptdump.h b/include/linux/ptdump.h index 2a3a95586425..c10513739bf9 100644 --- a/include/linux/ptdump.h +++ b/include/linux/ptdump.h @@ -19,5 +19,12 @@ struct ptdump_state { }; void ptdump_walk_pgd(struct ptdump_state *st, struct mm_struct *mm, pgd_t *pgd); +void ptdump_check_wx(void); + +static inline void debug_checkwx(void) +{ + if (IS_ENABLED(CONFIG_DEBUG_WX)) + ptdump_check_wx(); +} #endif /* _LINUX_PTDUMP_H */ diff --git a/init/main.c b/init/main.c index e24b0780fdff..749a9f8d2c9b 100644 --- a/init/main.c +++ b/init/main.c @@ -99,6 +99,7 @@ #include #include #include +#include #include #include @@ -1408,6 +1409,7 @@ static void mark_readonly(void) */ rcu_barrier(); mark_rodata_ro(); + debug_checkwx(); rodata_test(); } else pr_info("Kernel memory protection disabled.\n"); From patchwork Tue Jan 9 12:14:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe Leroy X-Patchwork-Id: 13514855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D9A7C47077 for ; Tue, 9 Jan 2024 12:15:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 026C96B0099; Tue, 9 Jan 2024 07:15:17 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id F17646B0098; Tue, 9 Jan 2024 07:15:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB6FD6B0099; Tue, 9 Jan 2024 07:15:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id CB67D6B0096 for ; Tue, 9 Jan 2024 07:15:16 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 9F7B3C0343 for ; Tue, 9 Jan 2024 12:15:16 +0000 (UTC) X-FDA: 81659667432.22.EB5A4B7 Received: from pegase1.c-s.fr (pegase1.c-s.fr [93.17.236.30]) by imf15.hostedemail.com (Postfix) with ESMTP id 76102A0029 for ; Tue, 9 Jan 2024 12:15:14 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=none; spf=pass (imf15.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu; dmarc=pass (policy=quarantine) header.from=csgroup.eu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1704802514; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UNwJKKPPILgaSnpgYDpInvVLOEWABiARtcGCIg6ywN8=; b=iB7O/FKlzzCXpnl6UtukF7mdnAnhG1D9kHJ2CG7N4rfDskhZLDzT173VS0s4KnDOIG6aWw X5c1aOBrCy/O6Ybljh/lRA1DE56jGDaPewRrwR3qI7Ye9wEK4v/apBnwvmPrDt3BJrUG8k h2rNQ/ODN0PxwG21wP6Sj0+NkE+ccUc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1704802514; a=rsa-sha256; cv=none; b=op1mBne7eZ/duNddTbJ2iTQcrimjsyWD2VKwPxQKZOws/dMdmfnQ8whCHy5ovu8nqwSWjI vxDSKMfagAy01wy6Am8IX2AlsNf7J3UtewR4CdUpCNaSwT7E2ws6NP0btLaZhTurysZJhm FtEq/3w3GJQelripoD7pO5iaEVY7GGo= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=none; spf=pass (imf15.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu; dmarc=pass (policy=quarantine) header.from=csgroup.eu Received: from localhost (mailhub3.si.c-s.fr [192.168.12.233]) by localhost (Postfix) with ESMTP id 4T8VHW2g2sz9v7L; Tue, 9 Jan 2024 13:15:03 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8XzZft3ylMw5; Tue, 9 Jan 2024 13:15:03 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4T8VHW1lylz9v2V; Tue, 9 Jan 2024 13:15:03 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 3309B8B77E; Tue, 9 Jan 2024 13:15:03 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id e9KbMbZ3ey5e; Tue, 9 Jan 2024 13:15:03 +0100 (CET) Received: from PO20335.idsi0.si.c-s.fr (unknown [192.168.233.126]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 94A4B8B774; Tue, 9 Jan 2024 13:15:01 +0100 (CET) From: Christophe Leroy To: linux-hardening@vger.kernel.org, Russell King , Catalin Marinas , Will Deacon , Michael Ellerman , Nicholas Piggin , "Aneesh Kumar K.V" , "Naveen N. Rao" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Gerald Schaefer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Andrew Morton , Kees Cook Cc: Christophe Leroy , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-mm@kvack.org, steven.price@arm.com, Phong Tran , mark.rutland@arm.com, Greg KH Subject: [PATCH 3/4] powerpc,s390: Define ptdump_check_wx() regardless of CONFIG_DEBUG_WX Date: Tue, 9 Jan 2024 13:14:37 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1704802474; l=3171; i=christophe.leroy@csgroup.eu; s=20211009; h=from:subject:message-id; bh=gAR8VjyaAG7V6eTyCXLso37q5nl2ZEcy4Y3IXEExBcI=; b=J51UzMklatGSquOss6DQxbZMh9/Fb67T2JHhLz1lpwFrSYWGcJ1wDOpaEmQDZtFgVNu/csOyt n1ORNiqAxsCAWdzF7bTDeravP/7xGeOUEa1YEh9Fy7LFTdSnsTpNTzL X-Developer-Key: i=christophe.leroy@csgroup.eu; a=ed25519; pk=HIzTzUj91asvincQGOFx6+ZF5AoUuP9GdOtQChs7Mm0= X-Stat-Signature: dbfqhofyfcqgnzcbtexostk43zhdpj8f X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 76102A0029 X-Rspam-User: X-HE-Tag: 1704802514-327487 X-HE-Meta: U2FsdGVkX1800JS5NUjGKbsRYF2zlidwIi7PWA9seOuJcPAvt+QeI4GpLkfDcCBsAbsHMM1apygMUYLtCiJJeHHBALXgWhMNgL0uPQCzW/bzBhL9tigKie5hg4So4OWz+hXFQ/cqz1/7p5R2p1UgY8oyu+0st7wNP4xejmxV62XmY2/kq++8FaS85pQLfQipkwRV1QBLbOD3iO/KQ8pIhWmoH4aKTN0eZOpjHLpmsrBwGtH9VuPagtGPhN47fssOioc6Fh19yCZ86aLllzxSouefk4d5qJie7DdKzq4WlDMJXlJug00BKRdTrbpSc6PJH7nzqQsaUU8QhahS7QCkFszGxf8LI8qnR07eWXluC39nViSopKngadV9T6dVCaVfJTzyhwHSiFvo/Qv7Az6SPgXYNgbHM3/2A9TBaqRLpMuF1C9H/P9SN9GnKrkKhSU9qWK339DNn3WMwqP+XxcLFee8LMpxA9biIZv7MywJsoRwh6nF9iOnKOJ05NZjadji0SZVOYecyToubmuBdT36BKaVD9Hlr2s3EiByPpe9X3KIShdD+agPZe0ebMgX3Ef5yXYnCa1QkT33vtQqVqXzFO3I5t0Af8BXLqujEZlX0hSfLX8micwF4l+o5bp5z650xsrIn9uVoiWdobo5Is4zWV3uAENDbI2HIuD01p/85f8t+QEjQSrqveOkvldX23Wde6EOTk+s2WGiaeoqD+SiVdVPc1iz7gMDkF2G64xjSnwPYT2UJDSD098Q51T1dXCHki3ZLw+NFZG+hHvfVGk2iaLXSfD7ZNk5LOtD8+Q5cwt4CmPOCJsTxB00pSOsn4Pkg48uKPMylVG03nQZbumisPTx65OojeQUFD/pSuimVUwRHC2GWdJiJNKSL43VYYwcBYvmMmqgzmrCU+q9+RTZwE13VXbaPz3anixNRu80uR61XiosxEdQ+Bf7DRgf2EJGmB1bQ+QIbfGtMkwSHbU cWmTyvHg yFEJ+c+tVjNz5vp6ACkv+PQ6OQO35UxQhV7YD+mrIxVLnQYATaWJi2O7V2CMVpVJRYXzWxD2BXcgXoYSU37UpkOnLRxi67NsuLjU5I33bmYKmyydeG19LbuECumqexmrT65GvHU+uq7CLm0hWy8iiYlcoNM5chqLO56MURZDTGO3oYcxeHoNLCPztOhqKCzNtL8cSog5Ud6HBIF/Ex+hNRHHPIAwNUptsZXQGrCmhCQOuX3l+N+hxWw2CYA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Following patch will use ptdump_check_wx() regardless of CONFIG_DEBUG_WX, so define it at all times of powerpc and s390 just like other architectures. Though keep the WARN_ON_ONCE() only when CONFIG_DEBUG_WX is set. Signed-off-by: Christophe Leroy --- arch/powerpc/mm/ptdump/ptdump.c | 7 +++---- arch/s390/mm/dump_pagetables.c | 7 ++----- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/arch/powerpc/mm/ptdump/ptdump.c b/arch/powerpc/mm/ptdump/ptdump.c index 620d4917ebe8..b835c80371cd 100644 --- a/arch/powerpc/mm/ptdump/ptdump.c +++ b/arch/powerpc/mm/ptdump/ptdump.c @@ -184,13 +184,14 @@ static void note_prot_wx(struct pg_state *st, unsigned long addr) { pte_t pte = __pte(st->current_flags); - if (!IS_ENABLED(CONFIG_DEBUG_WX) || !st->check_wx) + if (!st->check_wx) return; if (!pte_write(pte) || !pte_exec(pte)) return; - WARN_ONCE(1, "powerpc/mm: Found insecure W+X mapping at address %p/%pS\n", + WARN_ONCE(IS_ENABLED(CONFIG_DEBUG_WX), + "powerpc/mm: Found insecure W+X mapping at address %p/%pS\n", (void *)st->start_address, (void *)st->start_address); st->wx_pages += (addr - st->start_address) / PAGE_SIZE; @@ -326,7 +327,6 @@ static void __init build_pgtable_complete_mask(void) pg_level[i].mask |= pg_level[i].flag[j].mask; } -#ifdef CONFIG_DEBUG_WX void ptdump_check_wx(void) { struct pg_state st = { @@ -354,7 +354,6 @@ void ptdump_check_wx(void) else pr_info("Checked W+X mappings: passed, no W+X pages found\n"); } -#endif static int __init ptdump_init(void) { diff --git a/arch/s390/mm/dump_pagetables.c b/arch/s390/mm/dump_pagetables.c index 8dcb4e0c71bd..99da5a5602a8 100644 --- a/arch/s390/mm/dump_pagetables.c +++ b/arch/s390/mm/dump_pagetables.c @@ -121,7 +121,6 @@ static void print_prot(struct seq_file *m, unsigned int pr, int level) static void note_prot_wx(struct pg_state *st, unsigned long addr) { -#ifdef CONFIG_DEBUG_WX if (!st->check_wx) return; if (st->current_prot & _PAGE_INVALID) @@ -138,10 +137,10 @@ static void note_prot_wx(struct pg_state *st, unsigned long addr) */ if (addr == PAGE_SIZE && (nospec_uses_trampoline() || !static_key_enabled(&cpu_has_bear))) return; - WARN_ONCE(1, "s390/mm: Found insecure W+X mapping at address %pS\n", + WARN_ONCE(IS_ENABLED(CONFIG_DEBUG_WX), + "s390/mm: Found insecure W+X mapping at address %pS\n", (void *)st->start_address); st->wx_pages += (addr - st->start_address) / PAGE_SIZE; -#endif /* CONFIG_DEBUG_WX */ } static void note_page(struct ptdump_state *pt_st, unsigned long addr, int level, u64 val) @@ -193,7 +192,6 @@ static void note_page(struct ptdump_state *pt_st, unsigned long addr, int level, } } -#ifdef CONFIG_DEBUG_WX void ptdump_check_wx(void) { struct pg_state st = { @@ -226,7 +224,6 @@ void ptdump_check_wx(void) (nospec_uses_trampoline() || !static_key_enabled(&cpu_has_bear)) ? "unexpected " : ""); } -#endif /* CONFIG_DEBUG_WX */ #ifdef CONFIG_PTDUMP_DEBUGFS static int ptdump_show(struct seq_file *m, void *v) From patchwork Tue Jan 9 12:14:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe Leroy X-Patchwork-Id: 13514856 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A4D3C46CD2 for ; Tue, 9 Jan 2024 12:15:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A5ED16B0096; Tue, 9 Jan 2024 07:15:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A0D636B0098; Tue, 9 Jan 2024 07:15:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8FD026B009A; Tue, 9 Jan 2024 07:15:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 812846B0096 for ; Tue, 9 Jan 2024 07:15:21 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 5FE26140330 for ; Tue, 9 Jan 2024 12:15:21 +0000 (UTC) X-FDA: 81659667642.02.001422D Received: from pegase1.c-s.fr (pegase1.c-s.fr [93.17.236.30]) by imf21.hostedemail.com (Postfix) with ESMTP id 005E11C0022 for ; Tue, 9 Jan 2024 12:15:18 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=csgroup.eu; spf=pass (imf21.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1704802519; a=rsa-sha256; cv=none; b=cxdliE9Xh1P/a9fU3M6BF6U4j6Et65aAxZxjf/gizUwO/ZRhpUprI47cXW1O8lKeFmgXik lmeCNhLAnk17kwmshZIkR7vJTkxsY5dW5CT3NOIwbW+aelK4shqbaUzSXE6GGlBzfc9RLd UhaYxSp0lkasJALUZdhnAYfUUzy5O6w= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=csgroup.eu; spf=pass (imf21.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1704802519; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S4h/eBRgu6rW2Ay87oOQPbiSaA0iFoQOvLpXIcx+L4I=; b=0ehimlA2EchrrOiV/+7iVRLT6DpDpLkPI4ZhQCaG73of2bhd63IB38V6ggaiE4lTy4Akmk GQS+vc3dOXO/rA0cYXCA7t9M5EycLSJNadAkXM3uSD3zzGgkD0aVqE7JaiXy9ezxgKlkTo SnVk8rnesfp97awEaTT17VZ1VaMenbw= Received: from localhost (mailhub3.si.c-s.fr [192.168.12.233]) by localhost (Postfix) with ESMTP id 4T8VHY0sNRz9v7N; Tue, 9 Jan 2024 13:15:05 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ozAHoRKaJAh; Tue, 9 Jan 2024 13:15:05 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4T8VHY02Bvz9v2V; Tue, 9 Jan 2024 13:15:05 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id ECE6E8B774; Tue, 9 Jan 2024 13:15:04 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id FZoHIGzf4vrQ; Tue, 9 Jan 2024 13:15:04 +0100 (CET) Received: from PO20335.idsi0.si.c-s.fr (unknown [192.168.233.126]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 313958B77D; Tue, 9 Jan 2024 13:15:03 +0100 (CET) From: Christophe Leroy To: linux-hardening@vger.kernel.org, Russell King , Catalin Marinas , Will Deacon , Michael Ellerman , Nicholas Piggin , "Aneesh Kumar K.V" , "Naveen N. Rao" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Gerald Schaefer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Andrew Morton , Kees Cook Cc: Christophe Leroy , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-mm@kvack.org, steven.price@arm.com, Phong Tran , mark.rutland@arm.com, Greg KH Subject: [PATCH 4/4] ptdump: add check_wx_pages debugfs attribute Date: Tue, 9 Jan 2024 13:14:38 +0100 Message-ID: <2e8806da45a4b00249d5c449130b5f9ce78b3403.1704800524.git.christophe.leroy@csgroup.eu> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1704802474; l=1205; i=christophe.leroy@csgroup.eu; s=20211009; h=from:subject:message-id; bh=GHXEAlv0k5WPsTIzSlwSomj0miEDu7ks2lV9a6+wMCY=; b=ibzm/cyPs51Q7IIlWinvVhCDJTVa2O93PdiVEWCD+bsWH/ncfG8IK1blTnxut+3ypcbloBgn2 fQjuoG4nNpPArnos+jqQxEly3FXt6Jg7j8Ye6GzOwyRghOCV7gDmUAh X-Developer-Key: i=christophe.leroy@csgroup.eu; a=ed25519; pk=HIzTzUj91asvincQGOFx6+ZF5AoUuP9GdOtQChs7Mm0= X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 005E11C0022 X-Stat-Signature: sitd4zatitdponxj1wy4d3adh7pkjq9i X-Rspam-User: X-HE-Tag: 1704802518-283915 X-HE-Meta: U2FsdGVkX19JSOfH+hevyLqs+X4ZI/NuF4/s/z1b8zVS0bGVvTKpk5My2ecacOE5WzcuR4njVbR1ZoMrWWGwXsD9GwXNR3CfRV3G47hUIvvZen32EcURMziqdvng4vI9d769B7S6N2zA8M1SegM+rE0D1UEorFv24VtKP3dFYp1xlBiIPmr+dtSEcmVRLz04wIYU3AAspT3G9rcj7n88IQKR0DnZnrxD9fEWt5CPPeaDYbe91edMw1/x5t8MUO3e60uOW+GDZW9bErLay15tilJg1/zeHjg1g1ba0byXxJ2Tc6WlDwZa08Tq5UeR3NlclVzNdih73UQXVCZtUCslR2i0matLNX3omA6wztqcRv3V8MHfJN7ORkZBhls93TfNbMkECsluW/cVpgVRkdo3g9wwcO8GbQUw8d5qRFxko2dKu8fDbTEMy3Sam2bCqGcm3H7GFb26W9GnabSPsuRb96K7vm8httB3O37YKGT/u+X+v75QE1UfWfQEuibhudQS1xDxNa9jqlVdzQGZxl5CfBkxte/dmVENe0AOApgQ9y1ALPD7fmzKdwh+KAwxpw5HP6uNmVyaTFyxrcju+SqlCXljxmFSPa6FPY7sO2yy2aCbtCq9ZGsP//wTM27BRDSUPYfGk0Slk1LYdDO5H02jDkPQ1hpHV3axO+MS4SEOww5mMAypJLyjqNgbpNESHIO5YdGBQu6SRGuFMQUmgs7dL8nTGBwjObRzZSKoxAEht9HiEWeBvBDWBkOJnlhHC1LUl2eMZxeaJdhr67W4kbpHNFblHtOrOm0PNDgThzdatPyRMCiycI+ytepNjR8P2LGoyFLWzAtrs39lxWI+hOLtDy/6JFFRUfxXzdM7yatnykMJhHbWycbisG+6UHQFb2L3daTldWSp9sxErqad9o0tzOyz583l93ryixDojtDgmBnpfCobVph8ggqdRbJy79d8nLKWQQiZ6i+zoFW1EQE qAYih/dq zR6bps0+XGZs4XZuM8V/O8xZOwDCdctZDZ/QEwKvci1tssZXV6gDi0ZujrdHaREH6cncpYzUh04V6qQbxgkf0vT/4mPWU7PTEyt/yhmxy40+T5gzLSiiBcSqyQLo3yqMQJdVekUHbuooZYiAkAYBRU3nwPDO2iX9jFI7YJzy+y/jTGcLSYQBdtptJnnUMtfgxOP8AI3Kw7AJGMXEtg9UOm3DpvhUAEuAkH0Clc9e0U69jm/HafXYJy0M77A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a writable attribute in debugfs to trigger a W^X pages check at any time. To trigger the test, just echo any numeric value into /sys/kernel/debug/check_wx_pages The result is provided into dmesg. Signed-off-by: Christophe Leroy --- mm/ptdump.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/mm/ptdump.c b/mm/ptdump.c index 03c1bdae4a43..e154099c2584 100644 --- a/mm/ptdump.c +++ b/mm/ptdump.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include +#include #include #include @@ -163,3 +164,21 @@ void ptdump_walk_pgd(struct ptdump_state *st, struct mm_struct *mm, pgd_t *pgd) /* Flush out the last page */ st->note_page(st, 0, -1, 0); } + +static int check_wx_debugfs_set(void *data, u64 val) +{ + ptdump_check_wx(); + + return 0; +} + +DEFINE_SIMPLE_ATTRIBUTE(check_wx_fops, NULL, check_wx_debugfs_set, "%llu\n"); + +static int ptdump_debugfs_init(void) +{ + debugfs_create_file("check_wx_pages", 0200, NULL, NULL, &check_wx_fops); + + return 0; +} + +device_initcall(ptdump_debugfs_init);