Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 639ab3eb authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 mm changes from Ingo Molnar:
 "The main changes are: continued PAT work by Toshi Kani, plus a new
  boot time warning about insecure RWX kernel mappings, by Stephen
  Smalley.

  The new CONFIG_DEBUG_WX=y warning is marked default-y if
  CONFIG_DEBUG_RODATA=y is already eanbled, as a special exception, as
  these bugs are hard to notice and this check already found several
  live bugs"

* 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mm: Warn on W^X mappings
  x86/mm: Fix no-change case in try_preserve_large_page()
  x86/mm: Fix __split_large_page() to handle large PAT bit
  x86/mm: Fix try_preserve_large_page() to handle large PAT bit
  x86/mm: Fix gup_huge_p?d() to handle large PAT bit
  x86/mm: Fix slow_virt_to_phys() to handle large PAT bit
  x86/mm: Fix page table dump to show PAT bit
  x86/asm: Add pud_pgprot() and pmd_pgprot()
  x86/asm: Fix pud/pmd interfaces to handle large PAT bit
  x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
  x86/asm: Move PUD_PAGE macros to page_types.h
  x86/vdso32: Define PGTABLE_LEVELS to 32bit VDSO
parents 4302d506 e1a58320

arch/x86/Kconfig.debug

+35 −1
Original line number Diff line number Diff line
@@ -65,10 +65,14 @@ config EARLY_PRINTK_EFI 
	  This is useful for kernel debugging when your machine crashes very

	  early before the console code is initialized.



config X86_PTDUMP_CORE

	def_bool n



config X86_PTDUMP

	bool "Export kernel pagetable layout to userspace via debugfs"

	depends on DEBUG_KERNEL

	select DEBUG_FS

	select X86_PTDUMP_CORE

	---help---

	  Say Y here if you want to show the kernel pagetable layout in a

	  debugfs file. This information is only useful for kernel developers
@@ -79,7 +83,8 @@ config X86_PTDUMP 


config EFI_PGT_DUMP

	bool "Dump the EFI pagetable"

	depends on EFI && X86_PTDUMP

	depends on EFI

	select X86_PTDUMP_CORE

	---help---

	  Enable this if you want to dump the EFI page table before

	  enabling virtual mode. This can be used to debug miscellaneous
@@ -105,6 +110,35 @@ config DEBUG_RODATA_TEST 
	  feature as well as for the change_page_attr() infrastructure.

	  If in doubt, say "N"



config DEBUG_WX

	bool "Warn on W+X mappings at boot"

	depends on DEBUG_RODATA

	default y

	select X86_PTDUMP_CORE

	---help---

	  Generate a warning if any W+X mappings are found at boot.



	  This is useful for discovering cases where the kernel is leaving

	  W+X mappings after applying NX, as such mappings are a security risk.



	  Look for a message in dmesg output like this:



	    x86/mm: Checked W+X mappings: passed, no W+X pages found.



	  or like this, if the check failed:



	    x86/mm: Checked W+X mappings: FAILED, <N> W+X pages found.



	  Note that even if the check fails, your kernel is possibly

	  still fine, as W+X mappings are not a security hole in

	  themselves, what they do is that they make the exploitation

	  of other unfixed kernel bugs easier.



	  There is no runtime or memory usage effect of this option

	  once the kernel has booted up - it's a one time check.



	  If in doubt, say "Y".



config DEBUG_SET_MODULE_RONX

	bool "Set loadable kernel module data as NX and text as RO"

	depends on MODULES

arch/x86/entry/vdso/vdso32/vclock_gettime.c

+2 −0
Original line number Diff line number Diff line
@@ -14,11 +14,13 @@ 
 */

#undef CONFIG_64BIT

#undef CONFIG_X86_64

#undef CONFIG_PGTABLE_LEVELS

#undef CONFIG_ILLEGAL_POINTER_VALUE

#undef CONFIG_SPARSEMEM_VMEMMAP

#undef CONFIG_NR_CPUS



#define CONFIG_X86_32 1

#define CONFIG_PGTABLE_LEVELS 2

#define CONFIG_PAGE_OFFSET 0

#define CONFIG_ILLEGAL_POINTER_VALUE 0

#define CONFIG_NR_CPUS 1

arch/x86/include/asm/page_64_types.h

+0 −3
Original line number Diff line number Diff line
@@ -26,9 +26,6 @@ 
#define MCE_STACK 4

#define N_EXCEPTION_STACKS 4  /* hw limit: 7 */



#define PUD_PAGE_SIZE		(_AC(1, UL) << PUD_SHIFT)

#define PUD_PAGE_MASK		(~(PUD_PAGE_SIZE-1))



/*

 * Set __PAGE_OFFSET to the most negative possible address +

 * PGDIR_SIZE*16 (pgd slot 272).  The gap is to allow a space for a

arch/x86/include/asm/page_types.h

+3 −0
Original line number Diff line number Diff line
@@ -20,6 +20,9 @@ 
#define PMD_PAGE_SIZE		(_AC(1, UL) << PMD_SHIFT)

#define PMD_PAGE_MASK		(~(PMD_PAGE_SIZE-1))



#define PUD_PAGE_SIZE		(_AC(1, UL) << PUD_SHIFT)

#define PUD_PAGE_MASK		(~(PUD_PAGE_SIZE-1))



#define HPAGE_SHIFT		PMD_SHIFT

#define HPAGE_SIZE		(_AC(1,UL) << HPAGE_SHIFT)

#define HPAGE_MASK		(~(HPAGE_SIZE - 1))

arch/x86/include/asm/pgtable.h

+18 −7
Original line number Diff line number Diff line
@@ -19,6 +19,13 @@ 
#include <asm/x86_init.h>



void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);

void ptdump_walk_pgd_level_checkwx(void);



#ifdef CONFIG_DEBUG_WX

#define debug_checkwx() ptdump_walk_pgd_level_checkwx()

#else

#define debug_checkwx() do { } while (0)

#endif



/*

 * ZERO_PAGE is a global shared page that is always zero: used
@@ -142,12 +149,12 @@ static inline unsigned long pte_pfn(pte_t pte) 


static inline unsigned long pmd_pfn(pmd_t pmd)

{

	return (pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT;

	return (pmd_val(pmd) & pmd_pfn_mask(pmd)) >> PAGE_SHIFT;

}



static inline unsigned long pud_pfn(pud_t pud)

{

	return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT;

	return (pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT;

}



#define pte_page(pte)	pfn_to_page(pte_pfn(pte))
@@ -379,7 +386,9 @@ static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) 
	return __pgprot(preservebits | addbits);

}



#define pte_pgprot(x) __pgprot(pte_flags(x) & PTE_FLAGS_MASK)

#define pte_pgprot(x) __pgprot(pte_flags(x))

#define pmd_pgprot(x) __pgprot(pmd_flags(x))

#define pud_pgprot(x) __pgprot(pud_flags(x))



#define canon_pgprot(p) __pgprot(massage_pgprot(p))
@@ -502,14 +511,15 @@ static inline int pmd_none(pmd_t pmd) 


static inline unsigned long pmd_page_vaddr(pmd_t pmd)

{

	return (unsigned long)__va(pmd_val(pmd) & PTE_PFN_MASK);

	return (unsigned long)__va(pmd_val(pmd) & pmd_pfn_mask(pmd));

}



/*

 * Currently stuck as a macro due to indirect forward reference to

 * linux/mmzone.h's __section_mem_map_addr() definition:

 */

#define pmd_page(pmd)	pfn_to_page((pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT)

#define pmd_page(pmd)		\

	pfn_to_page((pmd_val(pmd) & pmd_pfn_mask(pmd)) >> PAGE_SHIFT)



/*

 * the pmd page can be thought of an array like this: pmd_t[PTRS_PER_PMD]
@@ -570,14 +580,15 @@ static inline int pud_present(pud_t pud) 


static inline unsigned long pud_page_vaddr(pud_t pud)

{

	return (unsigned long)__va((unsigned long)pud_val(pud) & PTE_PFN_MASK);

	return (unsigned long)__va(pud_val(pud) & pud_pfn_mask(pud));

}



/*

 * Currently stuck as a macro due to indirect forward reference to

 * linux/mmzone.h's __section_mem_map_addr() definition:

 */

#define pud_page(pud)		pfn_to_page(pud_val(pud) >> PAGE_SHIFT)

#define pud_page(pud)		\

	pfn_to_page((pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT)



/* Find an entry in the second-level page table.. */

static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)