From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
maz@kernel.org, catalin.marinas@arm.com, will@kernel.org,
mark.rutland@arm.com, anshuman.khandual@arm.com,
qperret@google.com, kernel-team@android.com
Subject: [PATCH v2 0/3] arm64: use hierarchical XN permissions for all page tables
Date: Mon, 8 Mar 2021 19:15:32 +0100 [thread overview]
Message-ID: <20210308181535.16230-1-ardb@kernel.org> (raw)
This series tweaks the page table population code to set the UXNTable and
PXNTable bits as appropriate when page tables are being allocated and linked
into a page table hierarchy. On table entries that cover the linear region,
both PXN and UXN are set; for other page tables, either the UXN or PXN
attribute is set on all table entries, depending on whether the hierarchy in
question is used by the kernel or by user space.
Doing so removes the ability for lower level mappings to grant executable
permissions which are never needed by code that works as intended. And given
that swapper's PGD level is mapped r/o and can only be updated via the fixmap
API, the restrictions on kernel mappings cannot be trivially reverted by poking
writable memory.
Note that newer cores may permit hierarchical permission checks to be disabled,
so that the bits can be repurposed as software bits. However, we currently do
not make use of that feature, nor do we intend to, given that software bits in
table descriptors are not in short supply anyway.
This does not address a known exploit or vulnerability, but it applies the
principle of least privilege in a way that does not result in any space
or runtime overhead.
Changes since v1:
- clean up some more occurrences of P?D_xxx mismatches (#1)
- split the PXN and UXN macro definitions so we can apply them independently
- add patch #3 to apply PXNTable xor UXNTable permissions to all user and
kernel mappings, respectively
Cc: maz@kernel.org
Cc: catalin.marinas@arm.com
Cc: will@kernel.org
Cc: mark.rutland@arm.com
Cc: anshuman.khandual@arm.com
Cc: qperret@google.com
Cc: kernel-team@android.com
Ard Biesheuvel (3):
arm64: mm: add missing P4D definitions and use them consistently
arm64: mm: use XN table mapping attributes for the linear region
arm64: mm: use XN table mapping attributes for user/kernel mappings
arch/arm64/include/asm/pgalloc.h | 19 +++++++-----
arch/arm64/include/asm/pgtable-hwdef.h | 15 ++++++++++
arch/arm64/mm/kasan_init.c | 4 +--
arch/arm64/mm/mmu.c | 31 ++++++++++++++------
4 files changed, 51 insertions(+), 18 deletions(-)
--
2.30.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2021-03-08 18:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-08 18:15 Ard Biesheuvel [this message]
2021-03-08 18:15 ` [PATCH v2 1/3] arm64: mm: add missing P4D definitions and use them consistently Ard Biesheuvel
2021-03-09 4:56 ` Anshuman Khandual
2021-03-08 18:15 ` [PATCH v2 2/3] arm64: mm: use XN table mapping attributes for the linear region Ard Biesheuvel
2021-03-09 5:09 ` Anshuman Khandual
2021-03-09 12:36 ` Ard Biesheuvel
2021-03-10 6:48 ` Anshuman Khandual
2021-03-09 5:52 ` Anshuman Khandual
2021-03-08 18:15 ` [PATCH v2 3/3] arm64: mm: use XN table mapping attributes for user/kernel mappings Ard Biesheuvel
2021-03-09 5:40 ` Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210308181535.16230-1-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=anshuman.khandual@arm.com \
--cc=catalin.marinas@arm.com \
--cc=kernel-team@android.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=qperret@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).