From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F8FCC28CF5 for ; Wed, 26 Jan 2022 17:30:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id E610F4A0FE; Wed, 26 Jan 2022 12:30:36 -0500 (EST) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@kernel.org Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UjmYf2tCxDKP; Wed, 26 Jan 2022 12:30:35 -0500 (EST) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id AB58B4A5A0; Wed, 26 Jan 2022 12:30:35 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 41C354A4BE for ; Wed, 26 Jan 2022 12:30:33 -0500 (EST) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTcVgIaQXMSZ for ; Wed, 26 Jan 2022 12:30:32 -0500 (EST) Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 3F06D4A49C for ; Wed, 26 Jan 2022 12:30:32 -0500 (EST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C094161B29; Wed, 26 Jan 2022 17:30:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EBE1EC340ED; Wed, 26 Jan 2022 17:30:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1643218231; bh=NkDHn/GFNzvHawPVS9Op4WAl8MYqnxITPT90mOH4U9k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qP1am5qxgM0KkzyrIl6Q0mpR9YjjeqfvI5J0rwwQx0TyqI9pm+FolKFUmQQC4Lb2j 6D3/AgEm7K9ZYjsNC54LVuPMc3AlZld8YT0Jk2T5r21VW9jONWm+xbnKvSBOm77nlg wH4RqgWTqzYiIETCdUHnMdnH6L9TLZLNaGaFicbQQQiIt/uCINcYITkMApXsIBkuLB aYp3FNu2h5QX3XJlx+AcdcLAWgetZ7voTk8+2k6VFSNMLT7vMML9ysXdCUDRFMPYJx IHkxukLBMOuUNYfpJvCo24OdcibMD1Dik30im1JLNlIb+GaYOYZVOtZn3Lh9yfc1PA 0Vcq6K5mZpxBA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Subject: [RFC PATCH 04/12] arm64: mm: remap PGD pages r/o in the linear region after allocation Date: Wed, 26 Jan 2022 18:30:03 +0100 Message-Id: <20220126173011.3476262-5-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220126173011.3476262-1-ardb@kernel.org> References: <20220126173011.3476262-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2460; h=from:subject; bh=NkDHn/GFNzvHawPVS9Op4WAl8MYqnxITPT90mOH4U9k=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBh8YUTOXbAUibor0RdzEKRaxJDrNYFfRidvP8AjwRP cwb0lxuJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYfGFEwAKCRDDTyI5ktmPJF8DC/ 9RAU2RHO/xy49vf4HfxCaKH83qITUHRcA6r89bUF/uVIsCSLeyZu+YTSVYzVbR0oXkOvhePQUSGjBY fvk161grsqB5b5VoZDT/OvYggUxZ59BPeuBNzXYJ5C/XcD12JX9iNQvtND/f9oZTsPX3c4ztmwMppH ak+KB8FI3rug+zIflF7vXnshCCkPPC+pVlaszPqQYupXLi/gt1JmKoSP7+BUfUTJKnPk/HBh1T0jRW MdqFeYWyU/bQz8befC9PuUO02UDcFECd7eAk2FFib0WKtMO6XbOY8HWbM32M66nAOtsOkYwBtSTWGx SSgTnGgokH7pQMkzM2loNpUvAwzHw5JsRLnXQxigbV8f1+aSHLZpBs21XN2mNSwwB8ZZ/zcFEhvJyA 9HraR1/POsV2WVoUC6CREUfB7YYT5GZZZn2tpWVcHinY6iopviXhB3G1gpK1eWeWEEUta13iIQY52U U3xV+Wn3b6sZOOBTd4c0mMonkJYtbsMQV1MSFq7CnsEP0= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Cc: Marc Zyngier , kvmarm@lists.cs.columbia.edu, linux-hardening@vger.kernel.org, Catalin Marinas , Will Deacon X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu As the first step in restricting write access to all page tables via the linear mapping, remap the page at the root PGD level of a user space page table hierarchy read-only after allocation, so that it can only be manipulated using the dedicated fixmap based API. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 7 ++++-- arch/arm64/mm/pgd.c | 25 ++++++++++++++------ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index acfae9b41cc8..a52c3162beae 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -394,8 +394,11 @@ static phys_addr_t __pgd_pgtable_alloc(int shift) void *ptr = (void *)__get_free_page(GFP_PGTABLE_KERNEL); BUG_ON(!ptr); - /* Ensure the zeroed page is visible to the page table walker */ - dsb(ishst); + if (page_tables_are_ro()) + set_pgtable_ro(ptr); + else + /* Ensure the zeroed page is visible to the page table walker */ + dsb(ishst); return __pa(ptr); } diff --git a/arch/arm64/mm/pgd.c b/arch/arm64/mm/pgd.c index 4a64089e5771..637d6eceeada 100644 --- a/arch/arm64/mm/pgd.c +++ b/arch/arm64/mm/pgd.c @@ -9,8 +9,10 @@ #include #include #include +#include #include +#include #include #include #include @@ -20,24 +22,33 @@ static struct kmem_cache *pgd_cache __ro_after_init; pgd_t *pgd_alloc(struct mm_struct *mm) { gfp_t gfp = GFP_PGTABLE_USER; + pgd_t *pgd; - if (PGD_SIZE == PAGE_SIZE) - return (pgd_t *)__get_free_page(gfp); - else + if (PGD_SIZE < PAGE_SIZE && !page_tables_are_ro()) return kmem_cache_alloc(pgd_cache, gfp); + + pgd = (pgd_t *)__get_free_page(gfp); + if (!pgd) + return NULL; + if (page_tables_are_ro()) + set_pgtable_ro(pgd); + return pgd; } void pgd_free(struct mm_struct *mm, pgd_t *pgd) { - if (PGD_SIZE == PAGE_SIZE) - free_page((unsigned long)pgd); - else + if (PGD_SIZE < PAGE_SIZE && !page_tables_are_ro()) { kmem_cache_free(pgd_cache, pgd); + } else { + if (page_tables_are_ro()) + set_pgtable_rw(pgd); + free_page((unsigned long)pgd); + } } void __init pgtable_cache_init(void) { - if (PGD_SIZE == PAGE_SIZE) + if (PGD_SIZE == PAGE_SIZE || page_tables_are_ro()) return; #ifdef CONFIG_ARM64_PA_BITS_52 -- 2.30.2 _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A09DC28CF5 for ; Wed, 26 Jan 2022 17:30:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243728AbiAZRac (ORCPT ); Wed, 26 Jan 2022 12:30:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243708AbiAZRac (ORCPT ); Wed, 26 Jan 2022 12:30:32 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F126C06161C for ; Wed, 26 Jan 2022 09:30:32 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C066261B14 for ; Wed, 26 Jan 2022 17:30:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EBE1EC340ED; Wed, 26 Jan 2022 17:30:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1643218231; bh=NkDHn/GFNzvHawPVS9Op4WAl8MYqnxITPT90mOH4U9k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qP1am5qxgM0KkzyrIl6Q0mpR9YjjeqfvI5J0rwwQx0TyqI9pm+FolKFUmQQC4Lb2j 6D3/AgEm7K9ZYjsNC54LVuPMc3AlZld8YT0Jk2T5r21VW9jONWm+xbnKvSBOm77nlg wH4RqgWTqzYiIETCdUHnMdnH6L9TLZLNaGaFicbQQQiIt/uCINcYITkMApXsIBkuLB aYp3FNu2h5QX3XJlx+AcdcLAWgetZ7voTk8+2k6VFSNMLT7vMML9ysXdCUDRFMPYJx IHkxukLBMOuUNYfpJvCo24OdcibMD1Dik30im1JLNlIb+GaYOYZVOtZn3Lh9yfc1PA 0Vcq6K5mZpxBA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: kvmarm@lists.cs.columbia.edu, linux-hardening@vger.kernel.org, Ard Biesheuvel , Will Deacon , Marc Zyngier , Fuad Tabba , Quentin Perret , Mark Rutland , James Morse , Catalin Marinas Subject: [RFC PATCH 04/12] arm64: mm: remap PGD pages r/o in the linear region after allocation Date: Wed, 26 Jan 2022 18:30:03 +0100 Message-Id: <20220126173011.3476262-5-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220126173011.3476262-1-ardb@kernel.org> References: <20220126173011.3476262-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2460; h=from:subject; bh=NkDHn/GFNzvHawPVS9Op4WAl8MYqnxITPT90mOH4U9k=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBh8YUTOXbAUibor0RdzEKRaxJDrNYFfRidvP8AjwRP cwb0lxuJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYfGFEwAKCRDDTyI5ktmPJF8DC/ 9RAU2RHO/xy49vf4HfxCaKH83qITUHRcA6r89bUF/uVIsCSLeyZu+YTSVYzVbR0oXkOvhePQUSGjBY fvk161grsqB5b5VoZDT/OvYggUxZ59BPeuBNzXYJ5C/XcD12JX9iNQvtND/f9oZTsPX3c4ztmwMppH ak+KB8FI3rug+zIflF7vXnshCCkPPC+pVlaszPqQYupXLi/gt1JmKoSP7+BUfUTJKnPk/HBh1T0jRW MdqFeYWyU/bQz8befC9PuUO02UDcFECd7eAk2FFib0WKtMO6XbOY8HWbM32M66nAOtsOkYwBtSTWGx SSgTnGgokH7pQMkzM2loNpUvAwzHw5JsRLnXQxigbV8f1+aSHLZpBs21XN2mNSwwB8ZZ/zcFEhvJyA 9HraR1/POsV2WVoUC6CREUfB7YYT5GZZZn2tpWVcHinY6iopviXhB3G1gpK1eWeWEEUta13iIQY52U U3xV+Wn3b6sZOOBTd4c0mMonkJYtbsMQV1MSFq7CnsEP0= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org As the first step in restricting write access to all page tables via the linear mapping, remap the page at the root PGD level of a user space page table hierarchy read-only after allocation, so that it can only be manipulated using the dedicated fixmap based API. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 7 ++++-- arch/arm64/mm/pgd.c | 25 ++++++++++++++------ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index acfae9b41cc8..a52c3162beae 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -394,8 +394,11 @@ static phys_addr_t __pgd_pgtable_alloc(int shift) void *ptr = (void *)__get_free_page(GFP_PGTABLE_KERNEL); BUG_ON(!ptr); - /* Ensure the zeroed page is visible to the page table walker */ - dsb(ishst); + if (page_tables_are_ro()) + set_pgtable_ro(ptr); + else + /* Ensure the zeroed page is visible to the page table walker */ + dsb(ishst); return __pa(ptr); } diff --git a/arch/arm64/mm/pgd.c b/arch/arm64/mm/pgd.c index 4a64089e5771..637d6eceeada 100644 --- a/arch/arm64/mm/pgd.c +++ b/arch/arm64/mm/pgd.c @@ -9,8 +9,10 @@ #include #include #include +#include #include +#include #include #include #include @@ -20,24 +22,33 @@ static struct kmem_cache *pgd_cache __ro_after_init; pgd_t *pgd_alloc(struct mm_struct *mm) { gfp_t gfp = GFP_PGTABLE_USER; + pgd_t *pgd; - if (PGD_SIZE == PAGE_SIZE) - return (pgd_t *)__get_free_page(gfp); - else + if (PGD_SIZE < PAGE_SIZE && !page_tables_are_ro()) return kmem_cache_alloc(pgd_cache, gfp); + + pgd = (pgd_t *)__get_free_page(gfp); + if (!pgd) + return NULL; + if (page_tables_are_ro()) + set_pgtable_ro(pgd); + return pgd; } void pgd_free(struct mm_struct *mm, pgd_t *pgd) { - if (PGD_SIZE == PAGE_SIZE) - free_page((unsigned long)pgd); - else + if (PGD_SIZE < PAGE_SIZE && !page_tables_are_ro()) { kmem_cache_free(pgd_cache, pgd); + } else { + if (page_tables_are_ro()) + set_pgtable_rw(pgd); + free_page((unsigned long)pgd); + } } void __init pgtable_cache_init(void) { - if (PGD_SIZE == PAGE_SIZE) + if (PGD_SIZE == PAGE_SIZE || page_tables_are_ro()) return; #ifdef CONFIG_ARM64_PA_BITS_52 -- 2.30.2 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 84CC0C2BA4C for ; Wed, 26 Jan 2022 17:50:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=1nHwafQ9/z/B+uQwpNCtDBUmcFWIsLYiD8H2lTHxDns=; b=dBJvwHFx0wFAUw C/hEgGZtSyQ9h6Kb+XT7kyk/kCx0QBPXC8QIpWYTyjiInQncbZcwWGL7H2RcwKhaRpQ6xmRV/OcOE 8zvEbIlYOteVmapc4rKC6Aov4c+hTvHdH9rgsq863qb53k28oLyKQb0D5b9lh7pskJgF2AenbVX/M Kc/t6XSOjG1U0WtjRigaGUhY+UgEImPXmsE/HWervsQ7PboVh/hPDThnVFTl4BYiAF11WkpL5k6Y+ 5n3YmVm2nMq6tiGBZ7uQa5kO8cKkMK+2xptMj0jlN+f35WAqGfqPX9huPyg75jq9GuKInCALc54qy 6WdENuZEuczOY/LkWReA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nCmQ8-00D7XZ-4R; Wed, 26 Jan 2022 17:49:24 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nCm7s-00D0qn-Al for linux-arm-kernel@lists.infradead.org; Wed, 26 Jan 2022 17:30:37 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C094161B29; Wed, 26 Jan 2022 17:30:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EBE1EC340ED; Wed, 26 Jan 2022 17:30:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1643218231; bh=NkDHn/GFNzvHawPVS9Op4WAl8MYqnxITPT90mOH4U9k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qP1am5qxgM0KkzyrIl6Q0mpR9YjjeqfvI5J0rwwQx0TyqI9pm+FolKFUmQQC4Lb2j 6D3/AgEm7K9ZYjsNC54LVuPMc3AlZld8YT0Jk2T5r21VW9jONWm+xbnKvSBOm77nlg wH4RqgWTqzYiIETCdUHnMdnH6L9TLZLNaGaFicbQQQiIt/uCINcYITkMApXsIBkuLB aYp3FNu2h5QX3XJlx+AcdcLAWgetZ7voTk8+2k6VFSNMLT7vMML9ysXdCUDRFMPYJx IHkxukLBMOuUNYfpJvCo24OdcibMD1Dik30im1JLNlIb+GaYOYZVOtZn3Lh9yfc1PA 0Vcq6K5mZpxBA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: kvmarm@lists.cs.columbia.edu, linux-hardening@vger.kernel.org, Ard Biesheuvel , Will Deacon , Marc Zyngier , Fuad Tabba , Quentin Perret , Mark Rutland , James Morse , Catalin Marinas Subject: [RFC PATCH 04/12] arm64: mm: remap PGD pages r/o in the linear region after allocation Date: Wed, 26 Jan 2022 18:30:03 +0100 Message-Id: <20220126173011.3476262-5-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220126173011.3476262-1-ardb@kernel.org> References: <20220126173011.3476262-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2460; h=from:subject; bh=NkDHn/GFNzvHawPVS9Op4WAl8MYqnxITPT90mOH4U9k=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBh8YUTOXbAUibor0RdzEKRaxJDrNYFfRidvP8AjwRP cwb0lxuJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYfGFEwAKCRDDTyI5ktmPJF8DC/ 9RAU2RHO/xy49vf4HfxCaKH83qITUHRcA6r89bUF/uVIsCSLeyZu+YTSVYzVbR0oXkOvhePQUSGjBY fvk161grsqB5b5VoZDT/OvYggUxZ59BPeuBNzXYJ5C/XcD12JX9iNQvtND/f9oZTsPX3c4ztmwMppH ak+KB8FI3rug+zIflF7vXnshCCkPPC+pVlaszPqQYupXLi/gt1JmKoSP7+BUfUTJKnPk/HBh1T0jRW MdqFeYWyU/bQz8befC9PuUO02UDcFECd7eAk2FFib0WKtMO6XbOY8HWbM32M66nAOtsOkYwBtSTWGx SSgTnGgokH7pQMkzM2loNpUvAwzHw5JsRLnXQxigbV8f1+aSHLZpBs21XN2mNSwwB8ZZ/zcFEhvJyA 9HraR1/POsV2WVoUC6CREUfB7YYT5GZZZn2tpWVcHinY6iopviXhB3G1gpK1eWeWEEUta13iIQY52U U3xV+Wn3b6sZOOBTd4c0mMonkJYtbsMQV1MSFq7CnsEP0= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220126_093032_499668_CCA8FC93 X-CRM114-Status: GOOD ( 16.36 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org As the first step in restricting write access to all page tables via the linear mapping, remap the page at the root PGD level of a user space page table hierarchy read-only after allocation, so that it can only be manipulated using the dedicated fixmap based API. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 7 ++++-- arch/arm64/mm/pgd.c | 25 ++++++++++++++------ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index acfae9b41cc8..a52c3162beae 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -394,8 +394,11 @@ static phys_addr_t __pgd_pgtable_alloc(int shift) void *ptr = (void *)__get_free_page(GFP_PGTABLE_KERNEL); BUG_ON(!ptr); - /* Ensure the zeroed page is visible to the page table walker */ - dsb(ishst); + if (page_tables_are_ro()) + set_pgtable_ro(ptr); + else + /* Ensure the zeroed page is visible to the page table walker */ + dsb(ishst); return __pa(ptr); } diff --git a/arch/arm64/mm/pgd.c b/arch/arm64/mm/pgd.c index 4a64089e5771..637d6eceeada 100644 --- a/arch/arm64/mm/pgd.c +++ b/arch/arm64/mm/pgd.c @@ -9,8 +9,10 @@ #include #include #include +#include #include +#include #include #include #include @@ -20,24 +22,33 @@ static struct kmem_cache *pgd_cache __ro_after_init; pgd_t *pgd_alloc(struct mm_struct *mm) { gfp_t gfp = GFP_PGTABLE_USER; + pgd_t *pgd; - if (PGD_SIZE == PAGE_SIZE) - return (pgd_t *)__get_free_page(gfp); - else + if (PGD_SIZE < PAGE_SIZE && !page_tables_are_ro()) return kmem_cache_alloc(pgd_cache, gfp); + + pgd = (pgd_t *)__get_free_page(gfp); + if (!pgd) + return NULL; + if (page_tables_are_ro()) + set_pgtable_ro(pgd); + return pgd; } void pgd_free(struct mm_struct *mm, pgd_t *pgd) { - if (PGD_SIZE == PAGE_SIZE) - free_page((unsigned long)pgd); - else + if (PGD_SIZE < PAGE_SIZE && !page_tables_are_ro()) { kmem_cache_free(pgd_cache, pgd); + } else { + if (page_tables_are_ro()) + set_pgtable_rw(pgd); + free_page((unsigned long)pgd); + } } void __init pgtable_cache_init(void) { - if (PGD_SIZE == PAGE_SIZE) + if (PGD_SIZE == PAGE_SIZE || page_tables_are_ro()) return; #ifdef CONFIG_ARM64_PA_BITS_52 -- 2.30.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel