From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA5F0C433EF for ; Mon, 20 Sep 2021 23:21:53 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8D2E160ED8 for ; Mon, 20 Sep 2021 23:21:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8D2E160ED8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=armlinux.org.uk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6NaLTuWvUd624thKaNoBWS1yS1C3mWgwK08ZYSHYElo=; b=suhnGtl7qvvuLG Y9uLOEa9dTSPMMMxdYoelryy51a3+ZFnCGKAOb7lR8nDG8ZE8/5zE6WI+1OwtbqXbvICqgjkBKKnA eAcPCvCWZaalsMSFpu5MFYihBR6m2y18YPOVPut3qtqQbOluX975RATMwBzmO1FglK/ZQWAsfTwfE niubuw7B8djHZc2mtMiEP2rKYMTFIIcxgkLdYHndCNQU3MKB8btcVr9Rek0WdnWBLCT6noDDr4mpr prOEYePR9FxIN8WhMbB4N4hoJlfWwXytDx0eZnL9tTihpFEoD5TD4EZw5FACVJ8j/kdpAzd4+gw5a dGY/1VrBSXxD3TNOdMjw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mSSZk-003JjM-Ab; Mon, 20 Sep 2021 23:19:52 +0000 Received: from pandora.armlinux.org.uk ([2001:4d48:ad52:32c8:5054:ff:fe00:142]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mSSZg-003JiV-7U for linux-arm-kernel@lists.infradead.org; Mon, 20 Sep 2021 23:19:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=armlinux.org.uk; s=pandora-2019; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=zysJtHXOKDjA6OGj3Da4fkQ4LYofdxtOJhc2jxAqXUE=; b=mvmp6T+iaIL0DiwWjoDF1ZRsHA Hjv75fwJqghLrGV1nw5BW2Vi4lxjn2CPW3g1QHrihZ8JeDbYwHwYo7brEEXS7hyo/R83nhGb4ghmA Q5yH77bSe1uoZo3GHNXMaVJ9IWTNqjzzmdkiEqf7zThVXHBzthjlS7zmdshYAcPZxDCCcfx5Gkyw3 8DmLIzVZEpVQ4FWAX2SbSNHrKEbyGyCdzrLHraxku77P5c4dNMiU2ukFLvCK8i4pyCrzErJ07eAFW FX2U6mgJu2G+fHyRB52oeRy7uOS7YlcspY+M9wG418v9K9JqYOKYLqfWZqOGNutrJIf9Jvz73uIs6 BksxXPHA==; Received: from shell.armlinux.org.uk ([fd8f:7570:feb6:1:5054:ff:fe00:4ec]:54690) by pandora.armlinux.org.uk with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mSSZX-00027I-9h; Tue, 21 Sep 2021 00:19:39 +0100 Received: from linux by shell.armlinux.org.uk with local (Exim 4.94.2) (envelope-from ) id 1mSSZU-0002hN-IA; Tue, 21 Sep 2021 00:19:36 +0100 Date: Tue, 21 Sep 2021 00:19:36 +0100 From: "Russell King (Oracle)" To: Tim Harvey , Shawn Guo Cc: Fabio Estevam , Pengutronix Kernel Team , Linux ARM Mailing List , Lee Jones , Robin Murphy , NXP Linux Team Subject: Re: arm32 insecure W+X mapping Message-ID: References: <20210820001646.GN22278@shell.armlinux.org.uk> <381afc78-5a7f-8286-76ea-2e6c7867972d@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210920_161948_462948_307A424B X-CRM114-Status: GOOD ( 27.01 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Sep 20, 2021 at 03:53:24PM -0700, Tim Harvey wrote: > On Mon, Sep 20, 2021 at 2:13 PM Russell King (Oracle) > wrote: > > I'm not sure we are disagreeing. I don't have CONFIG_DEBUG_WX enabled, > > but in 5.13, I see in /sys/kernel/debug/kernel_page_tables: > > > > 0xf087d000-0xf087e000 4K KERNEL RW x SHD MEM/BUFFERABLE/WC > > > > and /proc/vmallocinfo has: > > > > 0xf087d000-0xf087f000 8192 imx6_pm_common_init+0x13c/0x390 phys=0x00900000 ioremap > > > > So this will give a W+X failure. > > > > Under 5.14, there is no mapping for this RAM in kernel_page_tables nor > > vmallocinfo - which is not surprising because imx6_pm_common_init() > > said it failed to find the ocram, and it only gets one shot at it. > > So there won't be a W+X failure. > > > > In other words, we are in complete agreement. > > > > Ok - makes sense. > > I bisected this to cc8870bf4c3a ("ARM: imx6q: drop > of_platform_default_populate() from init_machine"). > > After that patch we get: > [ 0.133082] imx6q_suspend_init: failed to find ocram device! > > and no longer see the W+X failure. > > Fabio, I suspect this is the regression that you are hitting regarding > suspend and that this needs to be reverted. I agree - the assumption in the commit message for that commit is incomplete: imx6q_enet_phy_init(); - - of_platform_default_populate(NULL, NULL, NULL); - imx_anatop_init(); cpu_is_imx6q() ? imx6q_pm_init() : imx6dl_pm_init(); Both imx6q_pm_init() and imx6dl_pm_init(), which then eventually call into imx6q_suspend_init(), which wants the OCRAM device to exist. That only happens by that point due to the of_platform_default_populate() call just above. Shawn - please can we get cc8870bf4c3a ("ARM: imx6q: drop of_platform_default_populate() from init_machine") reverted? Thanks. > That will still leave the W+X issue needing to be fixed at some point. Yes, also agreed. I think what I'd like to see is a wrapper around set_memory_ro() that gets passed the __iomem pointer and size. change_memory_common() should accept it as the ioremap() will be located in the vmalloc area which change_memory_common() accepts. Probably something like: void __arm_iomem_set_ro(void __iomem *ptr, size_t size) { set_memory_ro((unsigned long)ptr, PAGE_ALIGN(size) / PAGE_SIZE); } in arch/arm/mm/ioremap.c would be nice, just after __arm_ioremap_exec(). I've probably just written the patch in wordy words. :) Something like this (untested): diff --git a/arch/arm/include/asm/io.h b/arch/arm/include/asm/io.h index f74944c6fe8d..c576fa7d9bf8 100644 --- a/arch/arm/include/asm/io.h +++ b/arch/arm/include/asm/io.h @@ -138,6 +138,7 @@ extern void __iomem *__arm_ioremap_caller(phys_addr_t, size_t, unsigned int, void *); extern void __iomem *__arm_ioremap_pfn(unsigned long, unsigned long, size_t, unsigned int); extern void __iomem *__arm_ioremap_exec(phys_addr_t, size_t, bool cached); +void __arm_iomem_set_ro(void __iomem *ptr, size_t size); extern void __iounmap(volatile void __iomem *addr); extern void __iomem * (*arch_ioremap_caller)(phys_addr_t, size_t, diff --git a/arch/arm/mach-imx/pm-imx6.c b/arch/arm/mach-imx/pm-imx6.c index 9244437cb1b9..5c16257872a5 100644 --- a/arch/arm/mach-imx/pm-imx6.c +++ b/arch/arm/mach-imx/pm-imx6.c @@ -571,6 +571,8 @@ static int __init imx6q_suspend_init(const struct imx6_pm_socdata *socdata) &imx6_suspend, MX6Q_SUSPEND_OCRAM_SIZE - sizeof(*pm_info)); + __arm_iomem_set_ro(suspend_ocram_base, MX6Q_SUSPEND_OCRAM_SIZE); + goto put_device; pl310_cache_map_failed: diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c index 80fb5a4a5c05..6e830b9418c9 100644 --- a/arch/arm/mm/ioremap.c +++ b/arch/arm/mm/ioremap.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include @@ -401,6 +402,11 @@ __arm_ioremap_exec(phys_addr_t phys_addr, size_t size, bool cached) __builtin_return_address(0)); } +void __arm_iomem_set_ro(void __iomem *ptr, size_t size) +{ + set_memory_ro((unsigned long)ptr, PAGE_ALIGN(size) / PAGE_SIZE); +} + void *arch_memremap_wb(phys_addr_t phys_addr, size_t size) { return (__force void *)arch_ioremap_caller(phys_addr, size, -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last! _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel