Re: hv_hypercall_pg page permissios
From: Andy Lutomirski
Date: Tue Apr 07 2020 - 17:01:34 EST
> On Apr 7, 2020, at 12:38 AM, Christoph Hellwig <hch@xxxxxx> wrote:
>
> ïOn Tue, Apr 07, 2020 at 09:28:01AM +0200, Vitaly Kuznetsov wrote:
>> Christoph Hellwig <hch@xxxxxx> writes:
>>
>>> Hi all,
>>>
>>> The x86 Hyper-V hypercall page (hv_hypercall_pg) is the only allocation
>>> in the kernel using __vmalloc with exectutable persmissions, and the
>>> only user of PAGE_KERNEL_RX. Is there any good reason it needs to
>>> be readable? Otherwise we could use vmalloc_exec and kill off
>>> PAGE_KERNEL_RX. Note that before 372b1e91343e6 ("drivers: hv: Turn off
>>> write permission on the hypercall page") it was even mapped writable..
>>
>> [There is nothing secret in the hypercall page, by reading it you can
>> figure out if you're running on Intel or AMD (VMCALL/VMMCALL) but it's
>> likely not the only possible way :-)]
>>
>> I see no reason for hv_hypercall_pg to remain readable. I just
>> smoke-tested
>
> Thanks, I have the same in my WIP tree, but just wanted to confirm this
> makes sense.
Just to make sure weâre all on the same page: x86 doesnât normally have an execute-only mode. Executable memory in the kernel is readable unless you are using fancy hypervisor-based XO support.