From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 91C7DC54E67 for ; Thu, 14 Mar 2024 09:48:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: Mime-Version:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=uGDT4aaMoBsHG/WUimt8YLaIS3pzEaVq3dpU0lvz3WA=; b=K82 dbKbZ3k8QwryFY0vxzajqsV/SZU7QQG3hQLw/vNUWjyJYmFbFnwDwkxTqXw3iv9hYro8tsnAWqcwx 8UYrIEfsRWcW4JKg7ZHfIB04OAvVuxu4jzjGmRtXLLB1GH2HRgMV0WVDhxzOzfNF2JwdRelngEj4i 7bkqvA5wAn5JtCf5XtPg1YVBkt74afJNegSBRkZOiU717AS0S4ISgHgXRxXV57qmz4Mj4MgizD+cR xL7eO9ApirtIqDcxogTMVDUb5ncdLO4My+hNxM3itJrQ+39dzEVCwQN0G3EaT1eIODpXYOGYQWgXu KA8Qv03dbtuuuVFriDkHyNdVrnorrmg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rkhhF-0000000DmWP-0BTl; Thu, 14 Mar 2024 09:48:21 +0000 Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rkhhB-0000000DmUt-1eyZ for linux-arm-kernel@lists.infradead.org; Thu, 14 Mar 2024 09:48:19 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-60cbba6f571so16419187b3.1 for ; Thu, 14 Mar 2024 02:48:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710409691; x=1711014491; darn=lists.infradead.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=Bnyod1z7A900vsR557WHO3Bq8P194ThVvwXLjY1oz80=; b=gxkSfGXdCfqyPasbvB40J+dnFx8So95Qp6bA0I1cCartuCchCzAP7o0rZzB2blsJzc oU9HZTkztJKsE/Sxo887U37IjIuvokYMoNLWMfaBwsC9hSZxEmIWJ0ptapqCPldNzvhy hFTq0RI6jja51e8uBkgC39vB+LZ3J1wEpt0bq4iCQbUb7z+q1ssz8RrPcHAfVeT34g2h GAgR1VxHFXVYJoKPIU1iHL7f5Vjf9uUrRwxteK9affbwGf9Nzae4xSg1uc+HdY7caI2s HJIGzeguIZRQMeoo5IvHuHqAJeXkD6Am2eJANRNv7+P/BfHW+o+Wduiknok9Fs1Cepza A1eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710409691; x=1711014491; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Bnyod1z7A900vsR557WHO3Bq8P194ThVvwXLjY1oz80=; b=Aqump9OtU77V+4eDThyuOB/NdJlAjeLWI9VKGjr7g7pM4TE9GCi5PFiNtDClu49ida JEvI0MmryLPCsk1frmrV1e4Fb+q/ILJAirrVzbIJUbbgWhm4dQNGiXtO/zh8E/tQPbNa qenh36fXmYwAUK7gs1gFcohjYRQyaI7KfkjxU8Fy+fBTzE1Sb7epxqIV48Sxvls0BfGV SrQ8MiRuE0Y5lObHr4soXq2qXEttmUudhuWr9fpwgRyJXD/Kn/fB7KeyYSP3m6i2B4os 4QB7NL4Gb9oDJdYCp+10Qsz9aj5FcpQuPBm1K5jP8YuMtxhiotSSv3RyjICLxJDEwDNT Txdg== X-Gm-Message-State: AOJu0Yy/+06pn1+jkGJdip/R0uLtUz5N+w+zb5Q/7K/bZuBUrrwa/Uvx sMT53LahsAZoiK8QJDdxN1eI3HNbNP1VEhGvy0AdNnhn3MMMM2ZD9iFR/PFi5LVBsrg0J3lL2AL lhCCzf6MQJUOjpWU9buAaDZaqErDR3um2YsCIEjG/RO9qOR6eCwiSyo1q4+CSREBez/rG9cVSim YKCSgXYw8Bk8aMJZEw99towElE8a0RVHRKcfD4dMAU X-Google-Smtp-Source: AGHT+IEE6CL0j07ia/iFMKlxlCB55WaMNjBgHOqOMaubGbdV81zctAAG8YmSfSwWyb6dI5mKcR0s0+2r X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a05:690c:996:b0:60a:512a:1b22 with SMTP id ce22-20020a05690c099600b0060a512a1b22mr25199ywb.2.1710409691608; Thu, 14 Mar 2024 02:48:11 -0700 (PDT) Date: Thu, 14 Mar 2024 10:48:05 +0100 Mime-Version: 1.0 X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2473; i=ardb@kernel.org; h=from:subject; bh=elSTF2DFFNNGQf4JlQUNAzYx+vt8cR5xJgyK5CMpYzk=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIfXT8av3Xy8947bmb3j/JvnEboXVWr8eKF77U9TQkCUtU /vhZU9pRykLgxgHg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjI/I+MDBOU3KS5ky580jrM 9/HJicvtM5cGBjFOX7yqTszFuNGC2Y+RYaNL5aS7PoUHf32Pn9bHtPrsocabol7vvr8QCTqx5tZ xKTYA X-Mailer: git-send-email 2.44.0.278.ge034bb2e1d-goog Message-ID: <20240314094804.3094098-4-ardb+git@google.com> Subject: [PATCH 0/2] arm64: Implement WXN using MDWE hook From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: Ard Biesheuvel , Joey Gouly , Catalin Marinas , Will Deacon , Marc Zyngier , Mark Rutland , Ryan Roberts , Anshuman Khandual , Kees Cook X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240314_024817_496556_6BE35A01 X-CRM114-Status: GOOD ( 14.77 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Ard Biesheuvel While the patches to implement WXN support were under review, the kernel grew another hook in the mmap()/mprotect() code that is more suitable for introducing a check against an arch-defined policy whether mappings that are both writable and executable are permitted at all. So add this hook, and wire up WXN support on top of it. This supersedes cb1a393c40ee mm: add arch hook to validate mmap() prot flag 50e3ed0f93f4 arm64: mm: add support for WXN memory translation attribute which have been reverted in the arm64/for-next core tree. Catalin raised the question how this is supposed to interoperate with Permission Indirection and Permission Overlays, and -while those new CPU features are entirely undocumented as of yet- the conclusion seems to be that WXN is only useful on cores that lack those new features, as they are mutually exclusive with WXN, and disabling them just in favor of WXN seems unwise. Given that WXN is too coarse grained to honour the existing user space ABI seamlessly, PIE/POE seem better suited to harden the use of RW vs RX mappings in user space (but WXN would seem more appropriate for the kernel if it were limited to EL1 only). However, Linux/arm64 is deployed widely on systems running vertically integrated software stacks, where the ability to harden both the kernel and user space in this manner is believed to be a useful feature. Link: https://lore.kernel.org/all/ZfHG0oeDcF8N0ZOX@arm.com/T/#u Cc: Joey Gouly Cc: Catalin Marinas Cc: Will Deacon Cc: Marc Zyngier Cc: Mark Rutland Cc: Ryan Roberts Cc: Anshuman Khandual Cc: Kees Cook Ard Biesheuvel (2): mm: Add arch hook to map_deny_write_exec() arm64: mm: add support for WXN memory translation attribute arch/arm64/Kconfig | 11 +++++++ arch/arm64/include/asm/cpufeature.h | 8 +++++ arch/arm64/include/asm/mman.h | 16 ++++++++++ arch/arm64/include/asm/mmu_context.h | 30 +++++++++++++++++- arch/arm64/kernel/pi/idreg-override.c | 4 ++- arch/arm64/kernel/pi/map_kernel.c | 23 ++++++++++++++ arch/arm64/mm/proc.S | 6 ++++ include/linux/mman.h | 32 ++++++++++++++------ 8 files changed, 119 insertions(+), 11 deletions(-) -- 2.44.0.278.ge034bb2e1d-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel