Re: hv_hypercall_pg page permissios

[Andy Lutomirski]

> On Apr 7, 2020, at 12:38 AM, Christoph Hellwig <hch@xxxxxx> wrote:
> 
> ïOn Tue, Apr 07, 2020 at 09:28:01AM +0200, Vitaly Kuznetsov wrote:
>> Christoph Hellwig <hch@xxxxxx> writes:
>> 
>>> Hi all,
>>> 
>>> The x86 Hyper-V hypercall page (hv_hypercall_pg) is the only allocation
>>> in the kernel using __vmalloc with exectutable persmissions, and the
>>> only user of PAGE_KERNEL_RX.  Is there any good reason it needs to
>>> be readable?  Otherwise we could use vmalloc_exec and kill off
>>> PAGE_KERNEL_RX.  Note that before 372b1e91343e6 ("drivers: hv: Turn off
>>> write permission on the hypercall page") it was even mapped writable..
>> 
>> [There is nothing secret in the hypercall page, by reading it you can
>> figure out if you're running on Intel or AMD (VMCALL/VMMCALL) but it's
>> likely not the only possible way :-)]
>> 
>> I see no reason for hv_hypercall_pg to remain readable. I just
>> smoke-tested
> 
> Thanks, I have the same in my WIP tree, but just wanted to confirm this
> makes sense.

Just to make sure weâre all on the same page: x86 doesnât normally have an execute-only mode. Executable memory in the kernel is readable unless you are using fancy hypervisor-based XO support.