Re: [PATCH v2] x86: consider effective protection attributes in W+X check
>>> On 23.02.18 at 08:49,wrote: > * Jan Beulich wrote: > >> >>> On 21.02.18 at 17:53, wrote: >> >> > * Jan Beulich wrote: >> > >> >> Using just the leaf page table entry flags would cause a false warning >> >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. >> >> Hand through both the current entry's flags as well as the accumulated >> >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's >> >> not an actual entry's value). >> >> >> >> This in particular eliminates the false W+X warning when running under >> >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to >> >> make the necessary adjustment in L2 rather than L1 (the reason is >> >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is >> >> set in L2. >> >> >> >> Signed-off-by: Jan Beulich >> >> Reviewed-by: Juergen Gross >> >> --- >> >> v2: Re-base onto tip tree. Add Xen related paragraph to description. >> >> --- >> >> arch/x86/mm/dump_pagetables.c | 92 >> > ++ >> >> 1 file changed, 57 insertions(+), 35 deletions(-) >> > >> > There's a build failure with CONFIG_KASAN=y enabled: >> > >> > arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: >> > arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function >> > ‘note_page’ >> > arch/x86/mm/dump_pagetables.c:238:13: note: declared here >> >> Oh, I see. Question though is what to pass as the extra argument: >> Do I need to pass in the caller's effective rights, or should I take >> kasan_page_table()'s checking against kasan_zero_p?d as an >> indication that the effective permission is zero here? I'm sorry for >> this probably trivial question, but I know nothing about how KASAN >> works. > > I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to > help us out here? Actually, the "zero" in the names of the symbols meanwhile makes me be pretty sure passing 0 for the effective permissions here is exactly what is wanted. I'm about to produce v3. Jan
Re: [PATCH v2] x86: consider effective protection attributes in W+X check
>>> On 23.02.18 at 08:49, wrote: > * Jan Beulich wrote: > >> >>> On 21.02.18 at 17:53, wrote: >> >> > * Jan Beulich wrote: >> > >> >> Using just the leaf page table entry flags would cause a false warning >> >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. >> >> Hand through both the current entry's flags as well as the accumulated >> >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's >> >> not an actual entry's value). >> >> >> >> This in particular eliminates the false W+X warning when running under >> >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to >> >> make the necessary adjustment in L2 rather than L1 (the reason is >> >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is >> >> set in L2. >> >> >> >> Signed-off-by: Jan Beulich >> >> Reviewed-by: Juergen Gross >> >> --- >> >> v2: Re-base onto tip tree. Add Xen related paragraph to description. >> >> --- >> >> arch/x86/mm/dump_pagetables.c | 92 >> > ++ >> >> 1 file changed, 57 insertions(+), 35 deletions(-) >> > >> > There's a build failure with CONFIG_KASAN=y enabled: >> > >> > arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: >> > arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function >> > ‘note_page’ >> > arch/x86/mm/dump_pagetables.c:238:13: note: declared here >> >> Oh, I see. Question though is what to pass as the extra argument: >> Do I need to pass in the caller's effective rights, or should I take >> kasan_page_table()'s checking against kasan_zero_p?d as an >> indication that the effective permission is zero here? I'm sorry for >> this probably trivial question, but I know nothing about how KASAN >> works. > > I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to > help us out here? Actually, the "zero" in the names of the symbols meanwhile makes me be pretty sure passing 0 for the effective permissions here is exactly what is wanted. I'm about to produce v3. Jan
Re: [PATCH v2] x86: consider effective protection attributes in W+X check
* Jan Beulichwrote: > >>> On 21.02.18 at 17:53, wrote: > > > * Jan Beulich wrote: > > > >> Using just the leaf page table entry flags would cause a false warning > >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. > >> Hand through both the current entry's flags as well as the accumulated > >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's > >> not an actual entry's value). > >> > >> This in particular eliminates the false W+X warning when running under > >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to > >> make the necessary adjustment in L2 rather than L1 (the reason is > >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is > >> set in L2. > >> > >> Signed-off-by: Jan Beulich > >> Reviewed-by: Juergen Gross > >> --- > >> v2: Re-base onto tip tree. Add Xen related paragraph to description. > >> --- > >> arch/x86/mm/dump_pagetables.c | 92 > > ++ > >> 1 file changed, 57 insertions(+), 35 deletions(-) > > > > There's a build failure with CONFIG_KASAN=y enabled: > > > > arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: > > arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function > > ‘note_page’ > > arch/x86/mm/dump_pagetables.c:238:13: note: declared here > > Oh, I see. Question though is what to pass as the extra argument: > Do I need to pass in the caller's effective rights, or should I take > kasan_page_table()'s checking against kasan_zero_p?d as an > indication that the effective permission is zero here? I'm sorry for > this probably trivial question, but I know nothing about how KASAN > works. I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to help us out here? Thanks, Ingo
Re: [PATCH v2] x86: consider effective protection attributes in W+X check
* Jan Beulich wrote: > >>> On 21.02.18 at 17:53, wrote: > > > * Jan Beulich wrote: > > > >> Using just the leaf page table entry flags would cause a false warning > >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. > >> Hand through both the current entry's flags as well as the accumulated > >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's > >> not an actual entry's value). > >> > >> This in particular eliminates the false W+X warning when running under > >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to > >> make the necessary adjustment in L2 rather than L1 (the reason is > >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is > >> set in L2. > >> > >> Signed-off-by: Jan Beulich > >> Reviewed-by: Juergen Gross > >> --- > >> v2: Re-base onto tip tree. Add Xen related paragraph to description. > >> --- > >> arch/x86/mm/dump_pagetables.c | 92 > > ++ > >> 1 file changed, 57 insertions(+), 35 deletions(-) > > > > There's a build failure with CONFIG_KASAN=y enabled: > > > > arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: > > arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function > > ‘note_page’ > > arch/x86/mm/dump_pagetables.c:238:13: note: declared here > > Oh, I see. Question though is what to pass as the extra argument: > Do I need to pass in the caller's effective rights, or should I take > kasan_page_table()'s checking against kasan_zero_p?d as an > indication that the effective permission is zero here? I'm sorry for > this probably trivial question, but I know nothing about how KASAN > works. I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to help us out here? Thanks, Ingo
Re: [PATCH v2] x86: consider effective protection attributes in W+X check
>>> On 21.02.18 at 17:53,wrote: > * Jan Beulich wrote: > >> Using just the leaf page table entry flags would cause a false warning >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. >> Hand through both the current entry's flags as well as the accumulated >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's >> not an actual entry's value). >> >> This in particular eliminates the false W+X warning when running under >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to >> make the necessary adjustment in L2 rather than L1 (the reason is >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is >> set in L2. >> >> Signed-off-by: Jan Beulich >> Reviewed-by: Juergen Gross >> --- >> v2: Re-base onto tip tree. Add Xen related paragraph to description. >> --- >> arch/x86/mm/dump_pagetables.c | 92 > ++ >> 1 file changed, 57 insertions(+), 35 deletions(-) > > There's a build failure with CONFIG_KASAN=y enabled: > > arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: > arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function > ‘note_page’ > arch/x86/mm/dump_pagetables.c:238:13: note: declared here Oh, I see. Question though is what to pass as the extra argument: Do I need to pass in the caller's effective rights, or should I take kasan_page_table()'s checking against kasan_zero_p?d as an indication that the effective permission is zero here? I'm sorry for this probably trivial question, but I know nothing about how KASAN works. Jan
Re: [PATCH v2] x86: consider effective protection attributes in W+X check
>>> On 21.02.18 at 17:53, wrote: > * Jan Beulich wrote: > >> Using just the leaf page table entry flags would cause a false warning >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. >> Hand through both the current entry's flags as well as the accumulated >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's >> not an actual entry's value). >> >> This in particular eliminates the false W+X warning when running under >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to >> make the necessary adjustment in L2 rather than L1 (the reason is >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is >> set in L2. >> >> Signed-off-by: Jan Beulich >> Reviewed-by: Juergen Gross >> --- >> v2: Re-base onto tip tree. Add Xen related paragraph to description. >> --- >> arch/x86/mm/dump_pagetables.c | 92 > ++ >> 1 file changed, 57 insertions(+), 35 deletions(-) > > There's a build failure with CONFIG_KASAN=y enabled: > > arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: > arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function > ‘note_page’ > arch/x86/mm/dump_pagetables.c:238:13: note: declared here Oh, I see. Question though is what to pass as the extra argument: Do I need to pass in the caller's effective rights, or should I take kasan_page_table()'s checking against kasan_zero_p?d as an indication that the effective permission is zero here? I'm sorry for this probably trivial question, but I know nothing about how KASAN works. Jan
Re: [PATCH v2] x86: consider effective protection attributes in W+X check
* Jan Beulichwrote: > Using just the leaf page table entry flags would cause a false warning > in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. > Hand through both the current entry's flags as well as the accumulated > effective value (the latter as pgprotval_t instead of pgprot_t, as it's > not an actual entry's value). > > This in particular eliminates the false W+X warning when running under > Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to > make the necessary adjustment in L2 rather than L1 (the reason is > explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is > set in L2. > > Signed-off-by: Jan Beulich > Reviewed-by: Juergen Gross > --- > v2: Re-base onto tip tree. Add Xen related paragraph to description. > --- > arch/x86/mm/dump_pagetables.c | 92 > ++ > 1 file changed, 57 insertions(+), 35 deletions(-) There's a build failure with CONFIG_KASAN=y enabled: arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function ‘note_page’ arch/x86/mm/dump_pagetables.c:238:13: note: declared here Thanks, Ingo
Re: [PATCH v2] x86: consider effective protection attributes in W+X check
* Jan Beulich wrote: > Using just the leaf page table entry flags would cause a false warning > in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry. > Hand through both the current entry's flags as well as the accumulated > effective value (the latter as pgprotval_t instead of pgprot_t, as it's > not an actual entry's value). > > This in particular eliminates the false W+X warning when running under > Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to > make the necessary adjustment in L2 rather than L1 (the reason is > explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is > set in L2. > > Signed-off-by: Jan Beulich > Reviewed-by: Juergen Gross > --- > v2: Re-base onto tip tree. Add Xen related paragraph to description. > --- > arch/x86/mm/dump_pagetables.c | 92 > ++ > 1 file changed, 57 insertions(+), 35 deletions(-) There's a build failure with CONFIG_KASAN=y enabled: arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’: arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function ‘note_page’ arch/x86/mm/dump_pagetables.c:238:13: note: declared here Thanks, Ingo