Commit 672c0ae0 authored by Jan Beulich's avatar Jan Beulich Committed by Ingo Molnar

x86/mm: Consider effective protection attributes in W+X check

Using just the leaf page table entry flags would cause a false warning
in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
Hand through both the current entry's flags as well as the accumulated
effective value (the latter as pgprotval_t instead of pgprot_t, as it's
not an actual entry's value).

This in particular eliminates the false W+X warning when running under
Xen, as commit:

  2cc42bac ("x86-64/Xen: eliminate W+X mappings")

had to make the necessary adjustment in L2 rather than L1 (the reason is
explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
set in L2.
Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/5A8FDE8902000078001AABBB@prv-mh.provo.novell.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent c46dacb7
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
struct pg_state { struct pg_state {
int level; int level;
pgprot_t current_prot; pgprot_t current_prot;
pgprotval_t effective_prot;
unsigned long start_address; unsigned long start_address;
unsigned long current_address; unsigned long current_address;
const struct addr_marker *marker; const struct addr_marker *marker;
...@@ -235,9 +236,9 @@ static unsigned long normalize_addr(unsigned long u) ...@@ -235,9 +236,9 @@ static unsigned long normalize_addr(unsigned long u)
* print what we collected so far. * print what we collected so far.
*/ */
static void note_page(struct seq_file *m, struct pg_state *st, static void note_page(struct seq_file *m, struct pg_state *st,
pgprot_t new_prot, int level) pgprot_t new_prot, pgprotval_t new_eff, int level)
{ {
pgprotval_t prot, cur; pgprotval_t prot, cur, eff;
static const char units[] = "BKMGTPE"; static const char units[] = "BKMGTPE";
/* /*
...@@ -247,23 +248,24 @@ static void note_page(struct seq_file *m, struct pg_state *st, ...@@ -247,23 +248,24 @@ static void note_page(struct seq_file *m, struct pg_state *st,
*/ */
prot = pgprot_val(new_prot); prot = pgprot_val(new_prot);
cur = pgprot_val(st->current_prot); cur = pgprot_val(st->current_prot);
eff = st->effective_prot;
if (!st->level) { if (!st->level) {
/* First entry */ /* First entry */
st->current_prot = new_prot; st->current_prot = new_prot;
st->effective_prot = new_eff;
st->level = level; st->level = level;
st->marker = address_markers; st->marker = address_markers;
st->lines = 0; st->lines = 0;
pt_dump_seq_printf(m, st->to_dmesg, "---[ %s ]---\n", pt_dump_seq_printf(m, st->to_dmesg, "---[ %s ]---\n",
st->marker->name); st->marker->name);
} else if (prot != cur || level != st->level || } else if (prot != cur || new_eff != eff || level != st->level ||
st->current_address >= st->marker[1].start_address) { st->current_address >= st->marker[1].start_address) {
const char *unit = units; const char *unit = units;
unsigned long delta; unsigned long delta;
int width = sizeof(unsigned long) * 2; int width = sizeof(unsigned long) * 2;
pgprotval_t pr = pgprot_val(st->current_prot);
if (st->check_wx && (pr & _PAGE_RW) && !(pr & _PAGE_NX)) { if (st->check_wx && (eff & _PAGE_RW) && !(eff & _PAGE_NX)) {
WARN_ONCE(1, WARN_ONCE(1,
"x86/mm: Found insecure W+X mapping at address %p/%pS\n", "x86/mm: Found insecure W+X mapping at address %p/%pS\n",
(void *)st->start_address, (void *)st->start_address,
...@@ -317,21 +319,30 @@ static void note_page(struct seq_file *m, struct pg_state *st, ...@@ -317,21 +319,30 @@ static void note_page(struct seq_file *m, struct pg_state *st,
st->start_address = st->current_address; st->start_address = st->current_address;
st->current_prot = new_prot; st->current_prot = new_prot;
st->effective_prot = new_eff;
st->level = level; st->level = level;
} }
} }
static void walk_pte_level(struct seq_file *m, struct pg_state *st, pmd_t addr, unsigned long P) static inline pgprotval_t effective_prot(pgprotval_t prot1, pgprotval_t prot2)
{
return (prot1 & prot2 & (_PAGE_USER | _PAGE_RW)) |
((prot1 | prot2) & _PAGE_NX);
}
static void walk_pte_level(struct seq_file *m, struct pg_state *st, pmd_t addr,
pgprotval_t eff_in, unsigned long P)
{ {
int i; int i;
pte_t *start; pte_t *start;
pgprotval_t prot; pgprotval_t prot, eff;
start = (pte_t *)pmd_page_vaddr(addr); start = (pte_t *)pmd_page_vaddr(addr);
for (i = 0; i < PTRS_PER_PTE; i++) { for (i = 0; i < PTRS_PER_PTE; i++) {
prot = pte_flags(*start); prot = pte_flags(*start);
eff = effective_prot(eff_in, prot);
st->current_address = normalize_addr(P + i * PTE_LEVEL_MULT); st->current_address = normalize_addr(P + i * PTE_LEVEL_MULT);
note_page(m, st, __pgprot(prot), 5); note_page(m, st, __pgprot(prot), eff, 5);
start++; start++;
} }
} }
...@@ -351,7 +362,7 @@ static inline bool kasan_page_table(struct seq_file *m, struct pg_state *st, ...@@ -351,7 +362,7 @@ static inline bool kasan_page_table(struct seq_file *m, struct pg_state *st,
(pgtable_l5_enabled && __pa(pt) == __pa(kasan_zero_p4d)) || (pgtable_l5_enabled && __pa(pt) == __pa(kasan_zero_p4d)) ||
__pa(pt) == __pa(kasan_zero_pud)) { __pa(pt) == __pa(kasan_zero_pud)) {
pgprotval_t prot = pte_flags(kasan_zero_pte[0]); pgprotval_t prot = pte_flags(kasan_zero_pte[0]);
note_page(m, st, __pgprot(prot), 5); note_page(m, st, __pgprot(prot), 0, 5);
return true; return true;
} }
return false; return false;
...@@ -366,42 +377,45 @@ static inline bool kasan_page_table(struct seq_file *m, struct pg_state *st, ...@@ -366,42 +377,45 @@ static inline bool kasan_page_table(struct seq_file *m, struct pg_state *st,
#if PTRS_PER_PMD > 1 #if PTRS_PER_PMD > 1
static void walk_pmd_level(struct seq_file *m, struct pg_state *st, pud_t addr, unsigned long P) static void walk_pmd_level(struct seq_file *m, struct pg_state *st, pud_t addr,
pgprotval_t eff_in, unsigned long P)
{ {
int i; int i;
pmd_t *start, *pmd_start; pmd_t *start, *pmd_start;
pgprotval_t prot; pgprotval_t prot, eff;
pmd_start = start = (pmd_t *)pud_page_vaddr(addr); pmd_start = start = (pmd_t *)pud_page_vaddr(addr);
for (i = 0; i < PTRS_PER_PMD; i++) { for (i = 0; i < PTRS_PER_PMD; i++) {
st->current_address = normalize_addr(P + i * PMD_LEVEL_MULT); st->current_address = normalize_addr(P + i * PMD_LEVEL_MULT);
if (!pmd_none(*start)) { if (!pmd_none(*start)) {
if (pmd_large(*start) || !pmd_present(*start)) {
prot = pmd_flags(*start); prot = pmd_flags(*start);
note_page(m, st, __pgprot(prot), 4); eff = effective_prot(eff_in, prot);
if (pmd_large(*start) || !pmd_present(*start)) {
note_page(m, st, __pgprot(prot), eff, 4);
} else if (!kasan_page_table(m, st, pmd_start)) { } else if (!kasan_page_table(m, st, pmd_start)) {
walk_pte_level(m, st, *start, walk_pte_level(m, st, *start, eff,
P + i * PMD_LEVEL_MULT); P + i * PMD_LEVEL_MULT);
} }
} else } else
note_page(m, st, __pgprot(0), 4); note_page(m, st, __pgprot(0), 0, 4);
start++; start++;
} }
} }
#else #else
#define walk_pmd_level(m,s,a,p) walk_pte_level(m,s,__pmd(pud_val(a)),p) #define walk_pmd_level(m,s,a,e,p) walk_pte_level(m,s,__pmd(pud_val(a)),e,p)
#define pud_large(a) pmd_large(__pmd(pud_val(a))) #define pud_large(a) pmd_large(__pmd(pud_val(a)))
#define pud_none(a) pmd_none(__pmd(pud_val(a))) #define pud_none(a) pmd_none(__pmd(pud_val(a)))
#endif #endif
#if PTRS_PER_PUD > 1 #if PTRS_PER_PUD > 1
static void walk_pud_level(struct seq_file *m, struct pg_state *st, p4d_t addr, unsigned long P) static void walk_pud_level(struct seq_file *m, struct pg_state *st, p4d_t addr,
pgprotval_t eff_in, unsigned long P)
{ {
int i; int i;
pud_t *start, *pud_start; pud_t *start, *pud_start;
pgprotval_t prot; pgprotval_t prot, eff;
pud_t *prev_pud = NULL; pud_t *prev_pud = NULL;
pud_start = start = (pud_t *)p4d_page_vaddr(addr); pud_start = start = (pud_t *)p4d_page_vaddr(addr);
...@@ -409,15 +423,16 @@ static void walk_pud_level(struct seq_file *m, struct pg_state *st, p4d_t addr, ...@@ -409,15 +423,16 @@ static void walk_pud_level(struct seq_file *m, struct pg_state *st, p4d_t addr,
for (i = 0; i < PTRS_PER_PUD; i++) { for (i = 0; i < PTRS_PER_PUD; i++) {
st->current_address = normalize_addr(P + i * PUD_LEVEL_MULT); st->current_address = normalize_addr(P + i * PUD_LEVEL_MULT);
if (!pud_none(*start)) { if (!pud_none(*start)) {
if (pud_large(*start) || !pud_present(*start)) {
prot = pud_flags(*start); prot = pud_flags(*start);
note_page(m, st, __pgprot(prot), 3); eff = effective_prot(eff_in, prot);
if (pud_large(*start) || !pud_present(*start)) {
note_page(m, st, __pgprot(prot), eff, 3);
} else if (!kasan_page_table(m, st, pud_start)) { } else if (!kasan_page_table(m, st, pud_start)) {
walk_pmd_level(m, st, *start, walk_pmd_level(m, st, *start, eff,
P + i * PUD_LEVEL_MULT); P + i * PUD_LEVEL_MULT);
} }
} else } else
note_page(m, st, __pgprot(0), 3); note_page(m, st, __pgprot(0), 0, 3);
prev_pud = start; prev_pud = start;
start++; start++;
...@@ -425,34 +440,36 @@ static void walk_pud_level(struct seq_file *m, struct pg_state *st, p4d_t addr, ...@@ -425,34 +440,36 @@ static void walk_pud_level(struct seq_file *m, struct pg_state *st, p4d_t addr,
} }
#else #else
#define walk_pud_level(m,s,a,p) walk_pmd_level(m,s,__pud(p4d_val(a)),p) #define walk_pud_level(m,s,a,e,p) walk_pmd_level(m,s,__pud(p4d_val(a)),e,p)
#define p4d_large(a) pud_large(__pud(p4d_val(a))) #define p4d_large(a) pud_large(__pud(p4d_val(a)))
#define p4d_none(a) pud_none(__pud(p4d_val(a))) #define p4d_none(a) pud_none(__pud(p4d_val(a)))
#endif #endif
static void walk_p4d_level(struct seq_file *m, struct pg_state *st, pgd_t addr, unsigned long P) static void walk_p4d_level(struct seq_file *m, struct pg_state *st, pgd_t addr,
pgprotval_t eff_in, unsigned long P)
{ {
int i; int i;
p4d_t *start, *p4d_start; p4d_t *start, *p4d_start;
pgprotval_t prot; pgprotval_t prot, eff;
if (PTRS_PER_P4D == 1) if (PTRS_PER_P4D == 1)
return walk_pud_level(m, st, __p4d(pgd_val(addr)), P); return walk_pud_level(m, st, __p4d(pgd_val(addr)), eff_in, P);
p4d_start = start = (p4d_t *)pgd_page_vaddr(addr); p4d_start = start = (p4d_t *)pgd_page_vaddr(addr);
for (i = 0; i < PTRS_PER_P4D; i++) { for (i = 0; i < PTRS_PER_P4D; i++) {
st->current_address = normalize_addr(P + i * P4D_LEVEL_MULT); st->current_address = normalize_addr(P + i * P4D_LEVEL_MULT);
if (!p4d_none(*start)) { if (!p4d_none(*start)) {
if (p4d_large(*start) || !p4d_present(*start)) {
prot = p4d_flags(*start); prot = p4d_flags(*start);
note_page(m, st, __pgprot(prot), 2); eff = effective_prot(eff_in, prot);
if (p4d_large(*start) || !p4d_present(*start)) {
note_page(m, st, __pgprot(prot), eff, 2);
} else if (!kasan_page_table(m, st, p4d_start)) { } else if (!kasan_page_table(m, st, p4d_start)) {
walk_pud_level(m, st, *start, walk_pud_level(m, st, *start, eff,
P + i * P4D_LEVEL_MULT); P + i * P4D_LEVEL_MULT);
} }
} else } else
note_page(m, st, __pgprot(0), 2); note_page(m, st, __pgprot(0), 0, 2);
start++; start++;
} }
...@@ -483,7 +500,7 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd, ...@@ -483,7 +500,7 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
#else #else
pgd_t *start = swapper_pg_dir; pgd_t *start = swapper_pg_dir;
#endif #endif
pgprotval_t prot; pgprotval_t prot, eff;
int i; int i;
struct pg_state st = {}; struct pg_state st = {};
...@@ -499,15 +516,20 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd, ...@@ -499,15 +516,20 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
for (i = 0; i < PTRS_PER_PGD; i++) { for (i = 0; i < PTRS_PER_PGD; i++) {
st.current_address = normalize_addr(i * PGD_LEVEL_MULT); st.current_address = normalize_addr(i * PGD_LEVEL_MULT);
if (!pgd_none(*start) && !is_hypervisor_range(i)) { if (!pgd_none(*start) && !is_hypervisor_range(i)) {
if (pgd_large(*start) || !pgd_present(*start)) {
prot = pgd_flags(*start); prot = pgd_flags(*start);
note_page(m, &st, __pgprot(prot), 1); #ifdef CONFIG_X86_PAE
eff = _PAGE_USER | _PAGE_RW;
#else
eff = prot;
#endif
if (pgd_large(*start) || !pgd_present(*start)) {
note_page(m, &st, __pgprot(prot), eff, 1);
} else { } else {
walk_p4d_level(m, &st, *start, walk_p4d_level(m, &st, *start, eff,
i * PGD_LEVEL_MULT); i * PGD_LEVEL_MULT);
} }
} else } else
note_page(m, &st, __pgprot(0), 1); note_page(m, &st, __pgprot(0), 0, 1);
cond_resched(); cond_resched();
start++; start++;
...@@ -515,7 +537,7 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd, ...@@ -515,7 +537,7 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
/* Flush out the last page */ /* Flush out the last page */
st.current_address = normalize_addr(PTRS_PER_PGD*PGD_LEVEL_MULT); st.current_address = normalize_addr(PTRS_PER_PGD*PGD_LEVEL_MULT);
note_page(m, &st, __pgprot(0), 0); note_page(m, &st, __pgprot(0), 0, 0);
if (!checkwx) if (!checkwx)
return; return;
if (st.wx_pages) if (st.wx_pages)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment