All of lore.kernel.org
 help / color / mirror / Atom feed
From: Catalin Marinas <catalin.marinas@arm.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	maz@kernel.org, mark.rutland@arm.com
Subject: Re: [PATCH 1/2] arm64: lds: move special code sections out of kernel exec segment
Date: Wed, 4 May 2022 19:59:24 +0100	[thread overview]
Message-ID: <YnLNDMIkbmCJwwel@arm.com> (raw)
In-Reply-To: <20220429131347.3621090-2-ardb@kernel.org>

On Fri, Apr 29, 2022 at 03:13:46PM +0200, Ard Biesheuvel wrote:
> There are a few code sections that are emitted into the kernel's
> executable .text segment simply because they contain code, but are
> actually never executed via this mapping, so they can happily live in a
> region that gets mapped without executable permissions, reducing the
> risk of being gadgetized.
> 
> Note that the kexec and hibernate region contents are always copied into
> a fresh page, and so there is no need to align them as long as the
> overall size of each is below 4 KiB.
> 
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

This patch doesn't get very far. Under qemu, defconfig:

EFI stub: Booting Linux Kernel...
EFI stub: Generating empty DTB
EFI stub: Exiting boot services...
[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x000f0510]
[    0.000000] Linux version 5.18.0-rc3-00008-gfd536ceae063 (cmarinas@gaia) (aarch64-linux-gcc (GCC) 11.1.0, ...)
[    0.000000] earlycon: pl11 at MMIO 0x0000000009000000 (options '')
[    0.000000] printk: bootconsole [pl11] enabled
[    0.000000] efi: EFI v2.70 by EDK II
[    0.000000] efi: SMBIOS 3.0=0xbbed0000 MEMATTR=0xba919018 ACPI 2.0=0xb61a0018 RNG=0xbbfdbd18 MEMRESERVE=0xb6235f18
[    0.000000] efi: seeding entropy pool
[    0.000000] Unable to handle kernel paging request at virtual address fffffbfffda351b4
[    0.000000] Mem abort info:
[    0.000000]   ESR = 0x96000007
[    0.000000]   EC = 0x25: DABT (current EL), IL = 32 bits
[    0.000000]   SET = 0, FnV = 0
[    0.000000]   EA = 0, S1PTW = 0
[    0.000000]   FSC = 0x07: level 3 translation fault
[    0.000000] Data abort info:
[    0.000000]   ISV = 0, ISS = 0x00000007
[    0.000000]   CM = 0, WnR = 0
[    0.000000] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000bf11d000
[    0.000000] [fffffbfffda351b4] pgd=00000000bf09c003, p4d=00000000bf09c003
[    0.000000] Unable to handle kernel paging request at virtual address ffff00007f09cff8
[    0.000000] Mem abort info:
[    0.000000]   ESR = 0x96000004
[    0.000000]   EC = 0x25: DABT (current EL), IL = 32 bits
[    0.000000]   SET = 0, FnV = 0
[    0.000000]   EA = 0, S1PTW = 0
[    0.000000]   FSC = 0x04: level 0 translation fault
[    0.000000] Data abort info:
[    0.000000]   ISV = 0, ISS = 0x00000004
[    0.000000]   CM = 0, WnR = 0
[    0.000000] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000bf11d000
[    0.000000] [ffff00007f09cff8] pgd=0000000000000000, p4d=0000000000000000
[    0.000000] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[    0.000000] Modules linked in:
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0-rc3-00008-gfd536ceae063 #4
[    0.000000] pstate: 620000c5 (nZCv daIF -PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[    0.000000] pc : die_kernel_fault+0x2dc/0x394
[    0.000000] lr : die_kernel_fault+0x2ac/0x394
[    0.000000] sp : ffffb594f7963ab0
[    0.000000] x29: ffffb594f7963ab0 x28: ffffb594f7973340 x27: ffffb594f5a20000
[    0.000000] x26: ffffb594f72c0000 x25: ffffb594f7214000 x24: ffffb594f7d1d000
[    0.000000] x23: 0000000000000ff8 x22: ffffb594f7963bc0 x21: ffff00007f09c000
[    0.000000] x20: 0000000096000007 x19: fffffbfffda351b4 x18: ffffffffffffffff
[    0.000000] x17: 6266666666662073 x16: 736572646461206c x15: ffffb594f7caeb38
[    0.000000] x14: 0000000000000010 x13: ffffb594f79824a0 x12: 0000000000000036
[    0.000000] x11: 0000000000000012 x10: ffffb594f79da650 x9 : ffffb594f79824a0
[    0.000000] x8 : 00000000ffffefff x7 : ffffb594f79da4a0 x6 : 00000000000001b0
[    0.000000] x5 : 000000000000bff4 x4 : 00000000fffff012 x3 : 0000000000000000
[    0.000000] x2 : 0000000000000000 x1 : 0000000040000000 x0 : ffffb594f7083618
[    0.000000] Call trace:
[    0.000000]  die_kernel_fault+0x2dc/0x394
[    0.000000]  __do_kernel_fault+0xfc/0x180
[    0.000000]  do_translation_fault+0x58/0xc0
[    0.000000]  do_mem_abort+0x44/0x94
[    0.000000]  el1_abort+0x40/0x6c
[    0.000000]  el1h_64_sync_handler+0xa4/0xd0
[    0.000000]  el1h_64_sync+0x64/0x68
[    0.000000]  paging_init+0x1e4/0x550
[    0.000000]  setup_arch+0x274/0x608
[    0.000000]  start_kernel+0x84/0x668
[    0.000000]  __primary_switched+0xc0/0xc8
[    0.000000] Code: d0003580 91186000 cb0102b5 b2503eb5 (f8776ab8)
[    0.000000] ---[ end trace 0000000000000000 ]---
[    0.000000] Kernel panic - not syncing: Attempted to kill the idle task!
[    0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2022-05-04 19:00 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-29 13:13 [PATCH 0/2] arm64: pair of minor hardening tweaks Ard Biesheuvel
2022-04-29 13:13 ` [PATCH 1/2] arm64: lds: move special code sections out of kernel exec segment Ard Biesheuvel
2022-05-04 18:59   ` Catalin Marinas [this message]
2022-05-05  7:10     ` Ard Biesheuvel
2022-04-29 13:13 ` [PATCH 2/2] arm64: mm: avoid writable executable mappings in kexec/hibernate code Ard Biesheuvel
2022-05-04 11:52 ` [PATCH 0/2] arm64: pair of minor hardening tweaks Mark Rutland
2022-05-17  8:38 ` Catalin Marinas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YnLNDMIkbmCJwwel@arm.com \
    --to=catalin.marinas@arm.com \
    --cc=ardb@kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=mark.rutland@arm.com \
    --cc=maz@kernel.org \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.