From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CF07C433F5 for ; Tue, 7 Sep 2021 19:26:33 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CCABC61078 for ; Tue, 7 Sep 2021 19:26:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org CCABC61078 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=armlinux.org.uk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=jqNTAIFsbd46T+4t0A38K1oCCjGkW7+9F4us28fICgU=; b=ieclWaRmfhxXNi aKktYBJ+i1pllN7EowRUIWX1jcy5W4C9tRVXyePLscHqPYe9rPnGB8S+snUSdHybjJ0EYblRkzGhv qDYIyJHvH0XmyhJX6JmEmqoRAzSqKwq4064nuloXfD+56Z6XFg4pWAShzGE852MISFy/O3F9Qp5+7 SoLrBOk7rv1GpZlUtjClL3MoQxAWROjR5Atpn4+OKpRZ1VD7qjPj9ITfPyvKcAgD3Bpeqb0DQxeeD qWm55WtcY+6BRdrWkFV7oWhbhTSxkfzfNWr1uM6iEw+tWUTgoXZXpOqBSmfvj37qnf6tqiTypqTsQ HQyMip9pk1GhvFo3jS0g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mNgiC-004YfS-Fw; Tue, 07 Sep 2021 19:24:52 +0000 Received: from pandora.armlinux.org.uk ([2001:4d48:ad52:32c8:5054:ff:fe00:142]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mNgi8-004YN7-9P for linux-arm-kernel@lists.infradead.org; Tue, 07 Sep 2021 19:24:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=armlinux.org.uk; s=pandora-2019; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=BLp/dfFLuSO3/wzwM/6JZ/qFT2rpdPWffBDhAVxM5b4=; b=1biT8Rh4S6XPZScVf3LDCswqVQ hV4w7JtqM75OK2fcV7rGbDibsLHX6g0gxtWBxTpyllsN3N6W6l4p/tAv/bZwiuxcGl0q+y4vOoREp aEBalXcwFV93Nh8ehCtGM+zO7gqFHwdC6mi9rT8Tpzu9lD3vZlLtGQAKfa6Tdnj+7JP6bxTkiheob P1g/eEXZJOMFDc1exVUPi8WmZk9Baeg/apAhmj8p5Q4BHV03kNr7/GlBQ53rAMXKyUZSKzQkSbsmP r59oJjlsOACqGi77jZ1VUONCAEzOZHjuXel2m3EjpYpMPt9XZL5d11WQn7Yp8vlEdv9etHcI/IwYN 6bPrfkkQ==; Received: from shell.armlinux.org.uk ([fd8f:7570:feb6:1:5054:ff:fe00:4ec]:44996) by pandora.armlinux.org.uk with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mNgg6-0003fz-6q; Tue, 07 Sep 2021 20:22:40 +0100 Received: from linux by shell.armlinux.org.uk with local (Exim 4.94.2) (envelope-from ) id 1mNgg3-0004fy-4o; Tue, 07 Sep 2021 20:22:39 +0100 Date: Tue, 7 Sep 2021 20:22:39 +0100 From: "Russell King (Oracle)" To: Tim Harvey Cc: Shawn Guo , Fabio Estevam , Pengutronix Kernel Team , Linux ARM Mailing List , Lee Jones , Robin Murphy Subject: Re: arm32 insecure W+X mapping Message-ID: References: <20210819212819.GM22278@shell.armlinux.org.uk> <20210820001646.GN22278@shell.armlinux.org.uk> <381afc78-5a7f-8286-76ea-2e6c7867972d@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210907_122448_512801_39927E9D X-CRM114-Status: GOOD ( 20.73 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Sep 07, 2021 at 10:48:49AM -0700, Tim Harvey wrote: > On Fri, Aug 20, 2021 at 11:41 AM Tim Harvey wrote: > > # uname -r > > 5.13.12 > > # cat /proc/cmdline > > console=ttymxc1,115200 no_hash_pointers > > # echo 1 > /proc/sys/kernel/kptr_restrict > > # dmesg | grep insecure > > [ 13.247957] arm/mm: Found insecure W+X mapping at address 0xf087d000 > > # cat /proc/vmallocinfo | grep 0xf087d000 > > 0xf0878000-0xf087d000 20480 of_iomap+0x44/0x68 phys=0x021b0000 ioremap > > 0xf087d000-0xf087f000 8192 imx6_pm_common_init+0x118/0x36c > > phys=0x00900000 ioremap > > > > Some debugging showed me that 0xf087d000 is 'suspend_ocram_base' > > remapped from imx6q_suspend_init() (called form imx6_pm_common_init() > > [1] > > suspend_ocram_base = __arm_ioremap_exec(ocram_pbase, > > MX6Q_SUSPEND_OCRAM_SIZE, false); > > > > This should be throwing 'Checked W+X mappings: FAILED, 1 W+X pages > > found' messages for all IMX6 users that have CONFIG_SUSPEND and > > CONFIG_DEBUG_WX enabled so I'm adding the IMX6 players to the thread > > to see if they know why this happens. > > > > Shawn, Fabio and Pengutronix Kernel team, > > Do you know why we get 'Checked W+X mappings: FAILED, 1 W+X pages > found' messages for IMX6 with CONFIG_SUSPEND and CONFIG_DEBUG_WX > enabled due to to __arm_ioremap_exec call remapping ocram? [1] The current situation looks like the OCRAM is used to store some suspend/resume code (see arch/arm/mach-imx/suspend-imx6.S), along with some data. It looks like once the code has been copied and the data has been written, the mapping is left as-is - it isn't changed to be read-only-execute. However, I don't think we have any APIs to do that on iomem. set_memory_ro() could be leveraged to do it _if_ we are certain the memory is not mapped using a section mapping, but that would depend on the size and alignment of the mapping. -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last! _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel