[PATCH v3 0/3] arm64: use hierarchical XN permissions for all page tables
Ard Biesheuvel
ardb at kernel.org
Wed Mar 10 10:49:39 GMT 2021
This series tweaks the page table population code to set the UXNTable and
PXNTable bits as appropriate when page tables are being allocated and linked
into a page table hierarchy. On table entries that cover the linear region,
both PXN and UXN are set; for other page tables, either the UXN or PXN
attribute is set on all table entries, depending on whether the hierarchy in
question is intended to be used by the kernel or by user space.
Doing so removes the ability for lower level mappings to grant executable
permissions, which are never needed by code that works as we intend it to.
And given that swapper's PGD level is mapped r/o and can only be updated via
the fixmap API, the restrictions on kernel mappings cannot be trivially
reverted by poking writable memory.
Note that newer cores may permit hierarchical permission checks to be disabled,
so that the bits can be repurposed as software bits. However, we currently do
not make use of that feature, nor do we intend to, given that software bits in
table descriptors are not in short supply anyway.
This does not address a known exploit or vulnerability, but it applies the
principle of least privilege in a way that does not result in any space
or runtime overhead.
Changes since v2:
- add comment that FEAT_HPDS is assumed to be unused
- add build bug check to ensure PXNTable will never be set on mappings in the
vmalloc region inadvertently
Changes since v1:
- clean up some more occurrences of P?D_xxx mismatches (#1)
- split the PXN and UXN macro definitions so we can apply them independently
- add patch #3 to apply PXNTable xor UXNTable permissions to all user and
kernel mappings, respectively
Cc: maz at kernel.org
Cc: catalin.marinas at arm.com
Cc: will at kernel.org
Cc: mark.rutland at arm.com
Cc: anshuman.khandual at arm.com
Cc: qperret at google.com
Cc: kernel-team at android.com
Ard Biesheuvel (3):
arm64: mm: add missing P4D definitions and use them consistently
arm64: mm: use XN table mapping attributes for the linear region
arm64: mm: use XN table mapping attributes for user/kernel mappings
arch/arm64/include/asm/pgalloc.h | 19 +++++----
arch/arm64/include/asm/pgtable-hwdef.h | 15 +++++++
arch/arm64/mm/kasan_init.c | 4 +-
arch/arm64/mm/mmu.c | 41 +++++++++++++++-----
4 files changed, 61 insertions(+), 18 deletions(-)
--
2.30.1
More information about the linux-arm-kernel
mailing list