Re: [PATCH v2] x86/mm: Refuse W^X violations
From: Dave Hansen
Date: Thu Sep 22 2022 - 11:00:46 EST
On 9/22/22 00:46, Peter Zijlstra wrote:
> On Wed, Sep 21, 2022 at 08:09:13PM -0700, Guenter Roeck wrote:
>
>> Oh well, that "helped" to hide one of the crashes. Here is another one.
>> This is with PAE enabled and booting through efi32.
>
>> [ 1.086592] efi_runtime_update_mappings+0x36/0x42
>> [ 1.086717] efi_enter_virtual_mode+0x351/0x36e
>> [ 1.086860] start_kernel+0x57d/0x60f
>> [ 1.086956] ? set_intr_gate+0x42/0x55
>> [ 1.087079] i386_start_kernel+0x43/0x45
>> [ 1.087272] startup_32_smp+0x161/0x164
>
> Does this help? Dave; perhaps we should just let i386 be i386 and let it
> bitrot :/
How about we just turn off enforcement for now so that the poor i386
folks can at least boot? I have the feeling we're going to get bored
with even the warnings if they persist for too long, though.
Untested patch to make i386 violations harmless is attached.diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index 20b1e24baa85..c899c55d8304 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -585,6 +585,8 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long start,
static inline pgprot_t verify_rwx(pgprot_t old, pgprot_t new, unsigned long start,
unsigned long pfn, unsigned long npg)
{
+ /* Just warn on i386, there are still too many issues there: */
+ bool refuse = IS_ENABLED(CONFIG_X86_64);
unsigned long end;
/* Only enforce when NX is supported: */
@@ -598,13 +600,17 @@ static inline pgprot_t verify_rwx(pgprot_t old, pgprot_t new, unsigned long star
return new;
end = start + npg * PAGE_SIZE - 1;
- WARN_ONCE(1, "CPA refuse W^X violation: %016llx -> %016llx range: 0x%016lx - 0x%016lx PFN %lx\n",
+ WARN_ONCE(1, "CPA %sW^X violation: %016llx -> %016llx range: 0x%016lx - 0x%016lx PFN %lx\n",
+ refuse ? "refuse " : "",
(unsigned long long)pgprot_val(old),
(unsigned long long)pgprot_val(new),
start, end, pfn);
/* refuse the transition into WX */
- return old;
+ if (refuse)
+ return old;
+
+ return new;
}
/*