Patch "powerpc/mm/radix: Only add X for pages overlapping kernel text" has been added to the 4.12-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    powerpc/mm/radix: Only add X for pages overlapping kernel text

to the 4.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-mm-radix-only-add-x-for-pages-overlapping-kernel-text.patch
and it can be found in the queue-4.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 9abcc981de9775659a0f6e4a52a3448ea72e59da Mon Sep 17 00:00:00 2001
From: Michael Ellerman <mpe@ellerman.id.au>
Date: Tue, 6 Jun 2017 15:48:57 +1000
Subject: powerpc/mm/radix: Only add X for pages overlapping kernel text

From: Michael Ellerman <mpe@ellerman.id.au>

commit 9abcc981de9775659a0f6e4a52a3448ea72e59da upstream.

Currently we map the whole linear mapping with PAGE_KERNEL_X. Instead we
should check if the page overlaps the kernel text and only then add
PAGE_KERNEL_X.

Note that we still use 1G pages if they're available, so this will
typically still result in a 1G executable page at KERNELBASE. So this fix is
primarily useful for catching stray branches to high linear mapping addresses.

Without this patch, we can execute at 1G in xmon using:

  0:mon> m c000000040000000
  c000000040000000  00 l
  c000000040000000  00000000 01006038
  c000000040000004  00000000 2000804e
  c000000040000008  00000000 x
  0:mon> di c000000040000000
  c000000040000000  38600001      li      r3,1
  c000000040000004  4e800020      blr
  0:mon> p c000000040000000
  return value is 0x1

After we get a 400 as expected:

  0:mon> p c000000040000000
  *** 400 exception occurred

Fixes: 2bfd65e45e87 ("powerpc/mm/radix: Add radix callbacks for early init routines")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/mm/pgtable-radix.c |   14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

--- a/arch/powerpc/mm/pgtable-radix.c
+++ b/arch/powerpc/mm/pgtable-radix.c
@@ -19,6 +19,7 @@
 #include <asm/mmu.h>
 #include <asm/firmware.h>
 #include <asm/powernv.h>
+#include <asm/sections.h>
 
 #include <trace/events/thp.h>
 
@@ -121,7 +122,8 @@ static inline void __meminit print_mappi
 static int __meminit create_physical_mapping(unsigned long start,
 					     unsigned long end)
 {
-	unsigned long addr, mapping_size = 0;
+	unsigned long vaddr, addr, mapping_size = 0;
+	pgprot_t prot;
 
 	start = _ALIGN_UP(start, PAGE_SIZE);
 	for (addr = start; addr < end; addr += mapping_size) {
@@ -145,8 +147,14 @@ static int __meminit create_physical_map
 			start = addr;
 		}
 
-		rc = radix__map_kernel_page((unsigned long)__va(addr), addr,
-					    PAGE_KERNEL_X, mapping_size);
+		vaddr = (unsigned long)__va(addr);
+
+		if (overlaps_kernel_text(vaddr, vaddr + mapping_size))
+			prot = PAGE_KERNEL_X;
+		else
+			prot = PAGE_KERNEL;
+
+		rc = radix__map_kernel_page(vaddr, addr, prot, mapping_size);
 		if (rc)
 			return rc;
 	}


Patches currently in stable-queue which might be from mpe@ellerman.id.au are

queue-4.12/powerpc-asm-mark-cr0-as-clobbered-in-mftb.patch
queue-4.12/powerpc-mm-radix-only-add-x-for-pages-overlapping-kernel-text.patch
queue-4.12/powerpc-mm-radix-properly-clear-process-table-entry.patch
queue-4.12/powerpc-fix-emulation-of-mfocrf-in-emulate_step.patch
queue-4.12/powerpc-64-fix-atomic64_inc_not_zero-to-return-an-int.patch
queue-4.12/powerpc-pseries-fix-passing-of-pp0-in-updatepp-and-updateboltedpp.patch
queue-4.12/powerpc-perf-fix-sdar_mode-value-for-continous-sampling-on-power9.patch
queue-4.12/powerpc-fix-emulation-of-mcrf-in-emulate_step.patch
queue-4.12/powerpc-mm-radix-fix-execute-permissions-for-interrupt_vectors.patch