From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0736C433E0 for ; Wed, 10 Mar 2021 10:51:30 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5DC1D64FE1 for ; Wed, 10 Mar 2021 10:51:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5DC1D64FE1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=WVSyE6CkKVlvw/W4nrFBj7Rmu6yJq5PXcjYOvtLbO2g=; b=qALC0k9CYfgmZMNiJnNfbcl9PB I8v6jOghFaBdcDEDj5WTimssaw04r2ygcNn9QCsdvBkCyUxCeShAREwYZPzAx3y980nMaE+qd9Spf ZxZQEC/c7cmU9k6i2vlnPcxiJWMRW4FBz05y6OALe8R/HketzqbIT68N9ma8LEUv5PcAuIxzdNS9z GBSSj80F/+xqk5OgGwklBoPKGHYFoWiwqyEey78zgBVfZkWVK1wkdEEcriBNrjXIb5Nq3WuZ0//zO yqlJNr07Hf7HsAXjdufOI0EEhJd9G9YhFHKbLJmm89XXMJoDRUtAyZDc6D6DP0707Z/k3eRB2FSLm 2kbiV5Mg==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lJwPc-006dVM-1c; Wed, 10 Mar 2021 10:49:56 +0000 Received: from mail.kernel.org ([198.145.29.99]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lJwPX-006dUF-7o for linux-arm-kernel@lists.infradead.org; Wed, 10 Mar 2021 10:49:53 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id EBF1D64FC4; Wed, 10 Mar 2021 10:49:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615373389; bh=1JfUPWWuYk7EC17SSS8CEhjHcm1FjrZZzPtW201UHlM=; h=From:To:Cc:Subject:Date:From; b=WQ4HwxKmqkpyDg9sZBnAksT0ZRn7KQIghpPfFvMII3fO3Z4Ov5jp+aBvsjctPYN+k BeDFwJDnHbgHZog7HvxVjPcrvu9ymx0EcZRpfV8XwTdpRK5JSCcWRsq5eJ0/d9Tjy5 tGnpqJjU6sbJ4NYwgbknvWZmofwbWsyh++/jsg9CwxC7Vb/jcQ59OV3k5x7mvEmNRo J6eAJ408dSurs7qc3/WeGQHx958paaNu5EyIcankiJHeXsfnHojnC0kxFerkh6EIYG iUAWPB6pqtx9oJXhY9sgLO4n0Nl1basda3u7MK3/1CgW/ePqyHKftCb/rJELM8bu1+ 8jv4MM6Yv7vgA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: Ard Biesheuvel , maz@kernel.org, catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com, anshuman.khandual@arm.com, qperret@google.com, kernel-team@android.com Subject: [PATCH v3 0/3] arm64: use hierarchical XN permissions for all page tables Date: Wed, 10 Mar 2021 11:49:39 +0100 Message-Id: <20210310104942.174584-1-ardb@kernel.org> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210310_104951_546313_D6C65E71 X-CRM114-Status: GOOD ( 12.63 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This series tweaks the page table population code to set the UXNTable and PXNTable bits as appropriate when page tables are being allocated and linked into a page table hierarchy. On table entries that cover the linear region, both PXN and UXN are set; for other page tables, either the UXN or PXN attribute is set on all table entries, depending on whether the hierarchy in question is intended to be used by the kernel or by user space. Doing so removes the ability for lower level mappings to grant executable permissions, which are never needed by code that works as we intend it to. And given that swapper's PGD level is mapped r/o and can only be updated via the fixmap API, the restrictions on kernel mappings cannot be trivially reverted by poking writable memory. Note that newer cores may permit hierarchical permission checks to be disabled, so that the bits can be repurposed as software bits. However, we currently do not make use of that feature, nor do we intend to, given that software bits in table descriptors are not in short supply anyway. This does not address a known exploit or vulnerability, but it applies the principle of least privilege in a way that does not result in any space or runtime overhead. Changes since v2: - add comment that FEAT_HPDS is assumed to be unused - add build bug check to ensure PXNTable will never be set on mappings in the vmalloc region inadvertently Changes since v1: - clean up some more occurrences of P?D_xxx mismatches (#1) - split the PXN and UXN macro definitions so we can apply them independently - add patch #3 to apply PXNTable xor UXNTable permissions to all user and kernel mappings, respectively Cc: maz@kernel.org Cc: catalin.marinas@arm.com Cc: will@kernel.org Cc: mark.rutland@arm.com Cc: anshuman.khandual@arm.com Cc: qperret@google.com Cc: kernel-team@android.com Ard Biesheuvel (3): arm64: mm: add missing P4D definitions and use them consistently arm64: mm: use XN table mapping attributes for the linear region arm64: mm: use XN table mapping attributes for user/kernel mappings arch/arm64/include/asm/pgalloc.h | 19 +++++---- arch/arm64/include/asm/pgtable-hwdef.h | 15 +++++++ arch/arm64/mm/kasan_init.c | 4 +- arch/arm64/mm/mmu.c | 41 +++++++++++++++----- 4 files changed, 61 insertions(+), 18 deletions(-) -- 2.30.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel