From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Dexuan Cui <decui@microsoft.com>, Christoph Hellwig <hch@lst.de>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@amacapital.net>,
Michael Kelley <mikelley@microsoft.com>,
Ju-Hyoung Lee <juhlee@microsoft.com>,
"x86\@kernel.org" <x86@kernel.org>,
"linux-hyperv\@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
KY Srinivasan <kys@microsoft.com>
Subject: RE: hv_hypercall_pg page permissios
Date: Tue, 16 Jun 2020 11:29:33 +0200 [thread overview]
Message-ID: <87blljicjm.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <HK0P153MB0322EB3EE51073CC021D4AEABF9C0@HK0P153MB0322.APCP153.PROD.OUTLOOK.COM>
Dexuan Cui <decui@microsoft.com> writes:
>> From: linux-hyperv-owner@vger.kernel.org
>> <linux-hyperv-owner@vger.kernel.org> On Behalf Of Dexuan Cui
>> Sent: Monday, June 15, 2020 10:42 AM
>> > >
>> > > Hi hch,
>> > > The patch is merged into the mainine recently, but unluckily we noticed
>> > > a warning with CONFIG_DEBUG_WX=y
>> > >
>> > > Should we revert this patch, or figure out a way to ask the DEBUG_WX
>> > > code to ignore this page?
>> >
>> > Are you sure it is hv_hypercall_pg?
>> Yes, 100% sure. I printed the value of hv_hypercall_pg and and it matched the
>> address in the warning line " x86/mm: Found insecure W+X mapping at
>> address".
>
> I did this experiment:
> 1. export vmalloc_exec and ptdump_walk_pgd_level_checkwx.
> 2. write a test module that calls them.
> 3. It turns out that every call of vmalloc_exec() triggers such a warning.
>
> vmalloc_exec() uses PAGE_KERNEL_EXEC, which is defined as
> (__PP|__RW| 0|___A| 0|___D| 0|___G)
>
> It looks the logic in note_page() is: for_each_RW_page, if the NX bit is unset,
> then report the page as an insecure W+X mapping. IMO this explains the
> warning?
Yea, bummer.
it seems we need something like PAGE_KERNEL_READONLY_EXEC but we don't
seem to have one on x86. Hypercall page is special in a way that the
guest doesn't need to write there at all. vmalloc_exec() seems to have
only one other user on x86: module_alloc() and it has other needs. On
ARM, alloc_insn_page() does the following:
arch/arm64/kernel/probes/kprobes.c: page = vmalloc_exec(PAGE_SIZE);
arch/arm64/kernel/probes/kprobes.c- if (page) {
arch/arm64/kernel/probes/kprobes.c- set_memory_ro((unsigned long)page, 1);
arch/arm64/kernel/probes/kprobes.c- set_vm_flush_reset_perms(page);
arch/arm64/kernel/probes/kprobes.c- }
What if we do the same? (almost untested):
diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
index e2137070386a..31aadfea589b 100644
--- a/arch/x86/hyperv/hv_init.c
+++ b/arch/x86/hyperv/hv_init.c
@@ -23,6 +23,7 @@
#include <linux/kernel.h>
#include <linux/cpuhotplug.h>
#include <linux/syscore_ops.h>
+#include <linux/set_memory.h>
#include <clocksource/hyperv_timer.h>
void *hv_hypercall_pg;
@@ -383,6 +384,8 @@ void __init hyperv_init(void)
wrmsrl(HV_X64_MSR_GUEST_OS_ID, 0);
goto remove_cpuhp_state;
}
+ set_memory_ro((unsigned long)hv_hypercall_pg, 1);
+ set_vm_flush_reset_perms(hv_hypercall_pg);
rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
hypercall_msr.enable = 1;
--
Vitaly
next prev parent reply other threads:[~2020-06-16 9:29 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 6:55 hv_hypercall_pg page permissios Christoph Hellwig
2020-04-07 7:28 ` Vitaly Kuznetsov
2020-04-07 7:38 ` Christoph Hellwig
2020-04-07 21:01 ` Andy Lutomirski
2020-06-12 7:48 ` Dexuan Cui
2020-06-15 8:35 ` Vitaly Kuznetsov
2020-06-15 17:41 ` Dexuan Cui
2020-06-15 19:49 ` Dexuan Cui
2020-06-16 7:23 ` Christoph Hellwig
2020-06-16 10:18 ` Peter Zijlstra
2020-06-16 10:23 ` Christoph Hellwig
2020-06-16 10:24 ` Christoph Hellwig
2020-06-16 10:31 ` Peter Zijlstra
2020-06-16 10:33 ` Christoph Hellwig
2020-06-16 10:40 ` Peter Zijlstra
2020-06-16 10:42 ` Christoph Hellwig
2020-06-16 10:52 ` Christoph Hellwig
2020-06-16 11:24 ` Peter Zijlstra
2020-06-16 14:39 ` Christoph Hellwig
2020-06-16 9:29 ` Vitaly Kuznetsov [this message]
2020-06-16 9:33 ` Christoph Hellwig
2020-06-16 9:55 ` Christoph Hellwig
2020-06-16 10:08 ` Christoph Hellwig
2020-06-16 10:50 ` Vitaly Kuznetsov
2020-06-16 10:20 ` Peter Zijlstra
2020-04-07 18:10 ` Dexuan Cui
2020-04-07 20:42 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87blljicjm.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=decui@microsoft.com \
--cc=hch@lst.de \
--cc=juhlee@microsoft.com \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mikelley@microsoft.com \
--cc=peterz@infradead.org \
--cc=stephen@networkplumber.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.