LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Andi Kleen <ak@suse.de>
To: mingo@elte.hu, tglx@linutronix.de, linux-kernel@vger.kernel.org
Subject: [PATCH] [2/5] Support range checking for required/advisory protections
Date: Fri, 8 Feb 2008 14:27:45 +0100 (CET) [thread overview]
Message-ID: <20080208132745.30F891B41BB@basil.firstfloor.org> (raw)
In-Reply-To: <20080208227.168531243@suse.de>
Previously these checks would only check a single address, which is ok
for 4k pages, but not for large pages
Needed for followup patches
Signed-off-by: Andi Kleen <ak@suse.de>
---
arch/x86/mm/pageattr.c | 31 ++++++++++++++++++++-----------
1 file changed, 20 insertions(+), 11 deletions(-)
Index: linux/arch/x86/mm/pageattr.c
===================================================================
--- linux.orig/arch/x86/mm/pageattr.c
+++ linux/arch/x86/mm/pageattr.c
@@ -35,6 +35,13 @@ within(unsigned long addr, unsigned long
return addr >= start && addr < end;
}
+static inline int
+within_range(unsigned long addr_start, unsigned long addr_end,
+ unsigned long start, unsigned long end)
+{
+ return addr_end >= start && addr_start < end;
+}
+
/*
* Flushing functions
*/
@@ -149,7 +156,8 @@ static unsigned long virt_to_highmap(voi
* right (again, ioremap() on BIOS memory is not uncommon) so this function
* checks and fixes these known static required protection bits.
*/
-static inline pgprot_t required_static_prot(pgprot_t prot, unsigned long address)
+static inline pgprot_t
+required_static_prot(pgprot_t prot, unsigned long start, unsigned long end)
{
pgprot_t forbidden = __pgprot(0);
@@ -157,19 +165,21 @@ static inline pgprot_t required_static_p
* The BIOS area between 640k and 1Mb needs to be executable for
* PCI BIOS based config access (CONFIG_PCI_GOBIOS) support.
*/
- if (within(__pa(address), BIOS_BEGIN, BIOS_END))
+ if (within_range(__pa(start), __pa(end), BIOS_BEGIN, BIOS_END))
pgprot_val(forbidden) |= _PAGE_NX;
/*
* The kernel text needs to be executable for obvious reasons
* Does not cover __inittext since that is gone later on
*/
- if (within(address, (unsigned long)_text, (unsigned long)_etext))
+ if (within_range(start, end,
+ (unsigned long)_text, (unsigned long)_etext))
pgprot_val(forbidden) |= _PAGE_NX;
/*
* Do the same for the x86-64 high kernel mapping
*/
- if (within(address, virt_to_highmap(_text), virt_to_highmap(_etext)))
+ if (within_range(start, end,
+ virt_to_highmap(_text), virt_to_highmap(_etext)))
pgprot_val(forbidden) |= _PAGE_NX;
@@ -178,17 +188,18 @@ static inline pgprot_t required_static_p
return prot;
}
-static inline pgprot_t advised_static_prot(pgprot_t prot, unsigned long address)
+static inline pgprot_t
+advised_static_prot(pgprot_t prot, unsigned long start, unsigned long end)
{
#ifdef CONFIG_DEBUG_RODATA
/* The .rodata section needs to be read-only */
- if (within(address, (unsigned long)__start_rodata,
+ if (within_range(start, end, (unsigned long)__start_rodata,
(unsigned long)__end_rodata))
pgprot_val(prot) &= ~_PAGE_RW;
/*
* Do the same for the x86-64 high kernel mapping
*/
- if (within(address, virt_to_highmap(__start_rodata),
+ if (within_range(start, end, virt_to_highmap(__start_rodata),
virt_to_highmap(__end_rodata)))
pgprot_val(prot) &= ~_PAGE_RW;
#endif
@@ -322,8 +333,8 @@ try_preserve_large_page(pte_t *kpte, uns
pgprot_val(new_prot) &= ~pgprot_val(cpa->mask_clr);
pgprot_val(new_prot) |= pgprot_val(cpa->mask_set);
- new_prot = required_static_prot(new_prot, address);
- new_prot = advised_static_prot(new_prot, address);
+ new_prot = required_static_prot(new_prot, address, address + psize - 1);
+ new_prot = advised_static_prot(new_prot, address, address + psize - 1);
/*
* If there are no changes, return. maxpages has been updated
@@ -447,6 +458,7 @@ repeat:
BUG_ON(PageCompound(kpte_page));
if (level == PG_LEVEL_4K) {
+ unsigned long end = address + PAGE_SIZE - 1;
pte_t new_pte, old_pte = *kpte;
pgprot_t new_prot = pte_pgprot(old_pte);
@@ -461,8 +473,8 @@ repeat:
pgprot_val(new_prot) &= ~pgprot_val(cpa->mask_clr);
pgprot_val(new_prot) |= pgprot_val(cpa->mask_set);
- new_prot = required_static_prot(new_prot, address);
- new_prot = advised_static_prot(new_prot, address);
+ new_prot = required_static_prot(new_prot, address, end);
+ new_prot = advised_static_prot(new_prot, address, end);
/*
* We need to keep the pfn from the existing PTE,
next prev parent reply other threads:[~2008-02-08 13:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-08 13:27 [PATCH] [1/5] CPA: Split static_protections into required_static_prot and advised_static_prot Andi Kleen
2008-02-08 13:27 ` Andi Kleen [this message]
2008-02-08 13:27 ` [PATCH] [3/5] CPA: Make advised protection check truly advisory Andi Kleen
2008-02-08 13:27 ` [PATCH] [4/5] Don't use inline for the protection checks Andi Kleen
2008-02-08 13:27 ` [PATCH] [5/5] Switch i386 early boot page table initilization over to use required_static_prot() Andi Kleen
2008-02-08 16:36 [PATCH] [0/5] pageattr protection patchkit v2 for the latest kernel Andi Kleen
2008-02-08 16:36 ` [PATCH] [2/5] Support range checking for required/advisory protections Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080208132745.30F891B41BB@basil.firstfloor.org \
--to=ak@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=tglx@linutronix.de \
--subject='Re: [PATCH] [2/5] Support range checking for required/advisory protections' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).