Commit Graph

7 Commits

Author SHA1 Message Date
Steve Capper 072b1b62a6 ARM64: mm: Make PAGE_NONE pages read only and no-execute.
If we consider the following code sequence:

	my_pte = pte_modify(entry, myprot);
	x = pte_write(my_pte);
	y = pte_exec(my_pte);

If myprot comes from a PROT_NONE page, then x and y will both be
true which is undesireable behaviour.

This patch sets the no-execute and read-only bits for PAGE_NONE
such that the code above will return false for both x and y.

Signed-off-by: Steve Capper <steve.capper@linaro.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
2013-06-14 09:42:46 +01:00
Will Deacon a6fadf7e67 arm64: mm: introduce present, faulting entries for PAGE_NONE
This is mostly a port of dbf62d5006 ("ARM: mm: introduce L_PTE_VALID
for page table entries") and 26ffd0d43b ("ARM: mm: introduce present,
faulting entries for PAGE_NONE") from ARM, which makes use of present,
faulting page table entries for page table entries mapped as PROT_NONE.

The main difference with this implementation is that we can make use of
the two pte type bits in order to avoid allocating a software bit for
identifying PROT_NONE pages, instead reserving the 10b suffix for these
types of mappings.

This is required to prevent users from accessing such pages via syscalls
such as read/write over a pipe.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-01-10 10:48:48 +00:00
Will Deacon 02522463c8 arm64: mm: only wrprotect clean ptes if they are present
Marking non-present ptes as read-only can corrupt file ptes, breaking
things like swap and file mappings.

This patch ensures that we only manipulate user pte bits when the pte
is marked present.

Cc: <stable@vger.kernel.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2013-01-10 10:43:44 +00:00
Linus Torvalds 97ebe8f55a Main AArch64 changes:
- Generic execve, kernel_thread, fork/vfork/clone.
 - Preparatory patches for KVM support (initialising EL2 mode for later
   installing KVM support, hypervisor stub).
 - Signal handling corner case fix (alternative signal stack set up for a
   SEGV handler, which is raised in response to RLIMIT_STACK being
   reached).
 - Sub-nanosecond timer error fix.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
 iQIcBAABAgAGBQJQx1TPAAoJEGvWsS0AyF7xSrEP/R7KPhKSKIJKW0n3nP/uGe5g
 isUiTM+y4koGzeHShao8I7VUXZLJptYHiviy12Rf0S/IK0L25P1p29ABLndd8SPB
 5lqQehLz35bAIzmRXypvz4szpCwlRXPzEcHX7cnid0Nv27A9hVpfssYM2HIKLIJN
 1AXZAxjlNmPHCc+hd+QOnP8d7h6KGiZWqiC1lsuU12Ma4oZIwiS225oxUdMg5d4I
 AxfWAvVLy14eNxDRqBgA0W2Jxe62TD82LrgD4tP88mbwWsFIyE5dea2yYShOJnBe
 mwLWw4Jovfe5VLSn00yggqM5JPp36sM/7Bka5EZaGKY2HllVtSwqnshUChG3fw3/
 fepN4nB0L8lPgTMfQAUjNKqZWgt2vwIGC+7GLX+Sg6/kOidRaxsQgU710gNvceZu
 E417RTtW4WM8IA+euCTiq3huJt7iOt8APSblpPWnrf8M7ntJKV4ESTOhtN30mR2D
 ZYeMZp1DYrET3Pxkd+bMdaRYGhMqAlpfCF096H+A4FscicbDLC+KincWtW/YpOXE
 voWDxE/Rd+3nAhCVL+A2HUSw9lNddsFvxRR9hQWfQ3uvMiDp7AS6O4EAYcK60GiA
 YsEnksMQr/ksscNf/7nvpY6DBNkeuZjj9IGfbFYVqWZ80f//8NEoJCNDzNPlATHU
 ddPpD5ZayUQ3UUMulQGg
 =fQ+2
 -----END PGP SIGNATURE-----

Merge tag 'arm64-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64

Pull ARM64 updates from Catalin Marinas:

 - Generic execve, kernel_thread, fork/vfork/clone.

 - Preparatory patches for KVM support (initialising EL2 mode for later
   installing KVM support, hypervisor stub).

 - Signal handling corner case fix (alternative signal stack set up for
   a SEGV handler, which is raised in response to RLIMIT_STACK being
   reached).

 - Sub-nanosecond timer error fix.

* tag 'arm64-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64: (30 commits)
  arm64: Update the MAINTAINERS entry
  arm64: compat for clock_adjtime(2) is miswired
  arm64: move FP-SIMD save/restore code to a macro
  arm64: hyp: initialize vttbr_el2 to zero
  arm64: add hypervisor stub
  arm64: record boot mode when entering the kernel
  arm64: move vector entry macro to assembler.h
  arm64: add AArch32 execution modes to ptrace.h
  arm64: expand register mapping between AArch32 and AArch64
  arm64: generic timer: use virtual counter instead of physical at EL0
  arm64: vdso: defer shifting of nanosecond component of timespec
  arm64: vdso: rework __do_get_tspec register allocation and return shift
  arm64: vdso: check sequence counter even for coarse realtime operations
  arm64: vdso: fix clocksource mask when extracting bottom 56 bits
  ARM64: Remove incorrect Kconfig symbol HAVE_SPARSE_IRQ
  Documentation: Fixes a word in Documentation/arm64/memory.txt
  arm64: Make !dirty ptes read-only
  arm64: Convert empty flush_cache_{mm,page} functions to static inline
  arm64: signal: let the compiler inline compat_get_sigframe
  arm64: signal: return struct rt_sigframe from get_sigframe
  ...

Conflicts:
	arch/arm64/include/asm/unistd32.h
2012-12-12 07:49:02 -08:00
Catalin Marinas 33eaa58f85 arm64: Make !dirty ptes read-only
The AArch64 Linux port relies on the mm code to wrprotect clean ptes.
This however is not the case with newly created ptes and
PAGE_SHARED(_EXEC) is writable but !dirty.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: <stable@vger.kernel.org>
2012-11-29 15:32:13 +00:00
Catalin Marinas 8e620b0476 arm64: Distinguish between user and kernel XN bits
On AArch64, the meaning of the XN bit has changed to UXN (user). The PXN
(privileged) bit must be set to prevent kernel execution. Without the
PXN bit set, the CPU may speculatively access device memory. This patch
ensures that all the mappings that the kernel must not execute from
(including user mappings) have the PXN bit set.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2012-11-16 15:50:25 +00:00
Catalin Marinas 4f04d8f005 arm64: MMU definitions
The virtual memory layout is described in
Documentation/arm64/memory.txt. This patch adds the MMU definitions for
the 4KB and 64KB translation table configurations. The SECTION_SIZE is
2MB with 4KB page and 512MB with 64KB page configuration.

PHYS_OFFSET is calculated at run-time and stored in a variable (no
run-time code patching at this stage).

On the current implementation, both user and kernel address spaces are
512G (39-bit) each with a maximum of 256G for the RAM linear mapping.
Linux uses 3 levels of translation tables with the 4K page configuration
and 2 levels with the 64K configuration. Extending the memory space
beyond 39-bit with the 4K pages or 42-bit with 64K pages requires an
additional level of translation tables.

The SPARSEMEM configuration is global to all AArch64 platforms and
allows for 1GB sections with SPARSEMEM_VMEMMAP enabled by default.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Tony Lindgren <tony@atomide.com>
Acked-by: Nicolas Pitre <nico@linaro.org>
Acked-by: Olof Johansson <olof@lixom.net>
Acked-by: Santosh Shilimkar <santosh.shilimkar@ti.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
2012-09-17 13:41:56 +01:00