Message ID | 20221115090641.258476-1-bjorn@kernel.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2603033wru; Tue, 15 Nov 2022 01:10:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf46BDRS0UM6YdhQcyzPCSrFiCkbPm/5/GI0ko6GSYOFNBD9EK53Qg6iImyM1I447yZax4Sg X-Received: by 2002:aa7:cf11:0:b0:468:4cd4:f133 with SMTP id a17-20020aa7cf11000000b004684cd4f133mr915550edy.18.1668503427937; Tue, 15 Nov 2022 01:10:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668503427; cv=none; d=google.com; s=arc-20160816; b=pD27OAW4ZEG8yaVTqtDPPTTntojXutJIFldCDNJUIHO3iduksuKseJ44QFzqyy0p5Z 86TDnPXTDuWpZKFWrmWxzuQQ4iqjox9ki9frCkvkKw+uTQG1Hr9WLeGt5bZZJjMirTUN Xq7JsRFTL/XCh2DUn6sHSw/4VVYADI7YbTxX2st3VG5oh4Tq1bGS7e9OxEawZUOIMUBE k4yLBAL2/KZQyQPT3YMrix/aG8Hr8oE0NyZinTrgPo5FKsvs8NQo24ze1Mo1J6m62+Na PzQG53yzuODCbVVukws0mGPrRNqf75ek+vSYxH7jnlnoorWY0kN5EcoQ8G45LAhBLHfX LELg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Xgp0eo/R/CXlHXxmbpJuW2wVYth31UpSzeDcHNf5Yno=; b=o9j8JrILzL2oE2XJqa9frDTxJ3SXtSJrKxiwNTXxgq5f6CNSb9VxLIwFmCkY9O6lcC 9cyiAN2Lsqwz8P8APQxX5MOn9e4tJmWPpO17UTHrArl1/RXw2OE3SsHltkikLdQIXf0q fEpAzfJbT5FNtzjNOBlYB1yREYj2mppCLptkXFjMEpJX02T2Fkc6QdJ6zKeOR45UXD1r fO55DyjKDRYugikddqRIaCWAd4KSf3xVvhkBxw9sMSXN1Gtez5D0il8HLjlMGzMlWjNJ m2S2MDrfsplyA/KPnVWzeAGA4RXs3rh0W8l0nCmT+AjQerWIzrp6Qz9eXj0lerMWq0wo JiwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BndV4nbl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j16-20020aa7ca50000000b0045c13366de4si9137819edt.572.2022.11.15.01.10.03; Tue, 15 Nov 2022 01:10:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BndV4nbl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237577AbiKOJHE (ORCPT <rfc822;zwp10758@gmail.com> + 99 others); Tue, 15 Nov 2022 04:07:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37136 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231700AbiKOJG4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 15 Nov 2022 04:06:56 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A755410C4 for <linux-kernel@vger.kernel.org>; Tue, 15 Nov 2022 01:06:55 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 43BFE6157E for <linux-kernel@vger.kernel.org>; Tue, 15 Nov 2022 09:06:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0DDCC433D6; Tue, 15 Nov 2022 09:06:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668503214; bh=lQ25xsrNZM5Z1Ywp9OfLkW92htJuaG7QNPDZY6Gaer0=; h=From:To:Cc:Subject:Date:From; b=BndV4nbll6dYyq+hmOudIIps0Es6DLuquMKLDoZ0ItQudlQ1X/ev70P8UrHfToCPz VdI8+mVlhmV7E7WuDj92mBMzdwGcz7K9TXpX0lVNUrkanYXOsZg8KWIAS8SgyYXzpx tpdwQ1iIXDc3jQOs7GKfcUoO/Q97l4xTs0et6XSnRxIdFP+A4wLMh5EaFwCQd6IltR Af+FHGuMSl3UvFOeiOP1i7rQRSCgBU/z0vo01MUPWHPLV8ICvhL1aFMhTc5rWWIR/P T/2eh11YZWSJITjq9FaiqRV+ZrVF4EZiI118gqIJNrVOXODK7qRZVJS/tQd41mqWne SVDwEorwYXLKw== From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn@kernel.org> To: Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>, linux-riscv@lists.infradead.org, Alexandre Ghiti <alex@ghiti.fr>, Samuel Holland <samuel@sholland.org> Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn@rivosinc.com>, linux-kernel@vger.kernel.org Subject: [PATCH v2] riscv: mm: Proper page permissions after initmem free Date: Tue, 15 Nov 2022 10:06:40 +0100 Message-Id: <20221115090641.258476-1-bjorn@kernel.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749552650508818570?= X-GMAIL-MSGID: =?utf-8?q?1749552650508818570?= |
Series |
[v2] riscv: mm: Proper page permissions after initmem free
|
|
Commit Message
Björn Töpel
Nov. 15, 2022, 9:06 a.m. UTC
From: Björn Töpel <bjorn@rivosinc.com> 64-bit RISC-V kernels have the kernel image mapped separately to alias the linear map. The linear map and the kernel image map are documented as "direct mapping" and "kernel" respectively in [1]. At image load time, the linear map corresponding to the kernel image is set to PAGE_READ permission, and the kernel image map is set to PAGE_READ|PAGE_EXEC. When the initmem is freed, the pages in the linear map should be restored to PAGE_READ|PAGE_WRITE, whereas the corresponding pages in the kernel image map should be restored to PAGE_READ, by removing the PAGE_EXEC permission. This is not the case. For 64-bit kernels, only the linear map is restored to its proper page permissions at initmem free, and not the kernel image map. In practise this results in that the kernel can potentially jump to dead __init code, and start executing invalid instructions, without getting an exception. Restore the freed initmem properly, by setting both the kernel image map to the correct permissions. [1] Documentation/riscv/vm-layout.rst Fixes: e5c35fa04019 ("riscv: Map the kernel with correct permissions the first time") Signed-off-by: Björn Töpel <bjorn@rivosinc.com> --- v2: * Do not set the kernel image map to PAGE_WRITE. (Alex) * Massaged the commit message a bit. Samuel, I removed your Reviewed-by:/Tested-by: for the v2. --- arch/riscv/kernel/setup.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) base-commit: 22dce2b89d6043d5c3f68384285fff5506109317
Comments
Hi Björn, On 15/11/2022 10:06, Björn Töpel wrote: > From: Björn Töpel <bjorn@rivosinc.com> > > 64-bit RISC-V kernels have the kernel image mapped separately to alias > the linear map. The linear map and the kernel image map are documented > as "direct mapping" and "kernel" respectively in [1]. > > At image load time, the linear map corresponding to the kernel image > is set to PAGE_READ permission, and the kernel image map is set to > PAGE_READ|PAGE_EXEC. > > When the initmem is freed, the pages in the linear map should be > restored to PAGE_READ|PAGE_WRITE, whereas the corresponding pages in > the kernel image map should be restored to PAGE_READ, by removing the > PAGE_EXEC permission. > > This is not the case. For 64-bit kernels, only the linear map is > restored to its proper page permissions at initmem free, and not the > kernel image map. > > In practise this results in that the kernel can potentially jump to > dead __init code, and start executing invalid instructions, without > getting an exception. > > Restore the freed initmem properly, by setting both the kernel image > map to the correct permissions. > > [1] Documentation/riscv/vm-layout.rst > > Fixes: e5c35fa04019 ("riscv: Map the kernel with correct permissions the first time") > Signed-off-by: Björn Töpel <bjorn@rivosinc.com> > --- > v2: * Do not set the kernel image map to PAGE_WRITE. (Alex) > * Massaged the commit message a bit. > > Samuel, I removed your Reviewed-by:/Tested-by: for the v2. > --- > arch/riscv/kernel/setup.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c > index 67ec1fadcfe2..86acd690d529 100644 > --- a/arch/riscv/kernel/setup.c > +++ b/arch/riscv/kernel/setup.c > @@ -322,10 +322,11 @@ subsys_initcall(topology_init); > > void free_initmem(void) > { > - if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) > - set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), > - IS_ENABLED(CONFIG_64BIT) ? > - set_memory_rw : set_memory_rw_nx); > + if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) { > + set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), set_memory_rw_nx); > + if (IS_ENABLED(CONFIG_64BIT)) > + set_kernel_memory(__init_begin, __init_end, set_memory_nx); > + } > > free_initmem_default(POISON_FREE_INITMEM); > } This looks good to me, I tested it on both defconfig and rv32_defconfig on qemu, so you can add: Reviewed-by: Alexandre Ghiti <alex@ghiti.fr> Tested-by: Alexandre Ghiti <alex@ghiti.fr> Thanks, Alex > base-commit: 22dce2b89d6043d5c3f68384285fff5506109317
Hello: This patch was applied to riscv/linux.git (fixes) by Palmer Dabbelt <palmer@rivosinc.com>: On Tue, 15 Nov 2022 10:06:40 +0100 you wrote: > From: Björn Töpel <bjorn@rivosinc.com> > > 64-bit RISC-V kernels have the kernel image mapped separately to alias > the linear map. The linear map and the kernel image map are documented > as "direct mapping" and "kernel" respectively in [1]. > > At image load time, the linear map corresponding to the kernel image > is set to PAGE_READ permission, and the kernel image map is set to > PAGE_READ|PAGE_EXEC. > > [...] Here is the summary with links: - [v2] riscv: mm: Proper page permissions after initmem free https://git.kernel.org/riscv/c/6fdd5d2f8c2f You are awesome, thank you!
diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c index 67ec1fadcfe2..86acd690d529 100644 --- a/arch/riscv/kernel/setup.c +++ b/arch/riscv/kernel/setup.c @@ -322,10 +322,11 @@ subsys_initcall(topology_init); void free_initmem(void) { - if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) - set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), - IS_ENABLED(CONFIG_64BIT) ? - set_memory_rw : set_memory_rw_nx); + if (IS_ENABLED(CONFIG_STRICT_KERNEL_RWX)) { + set_kernel_memory(lm_alias(__init_begin), lm_alias(__init_end), set_memory_rw_nx); + if (IS_ENABLED(CONFIG_64BIT)) + set_kernel_memory(__init_begin, __init_end, set_memory_nx); + } free_initmem_default(POISON_FREE_INITMEM); }