Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Jan Beulich]

>>> On 23.02.18 at 08:49,  wrote:

> * Jan Beulich  wrote:
> 
>> >>> On 21.02.18 at 17:53,  wrote:
>> 
>> > * Jan Beulich  wrote:
>> > 
>> >> Using just the leaf page table entry flags would cause a false warning
>> >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
>> >> Hand through both the current entry's flags as well as the accumulated
>> >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
>> >> not an actual entry's value).
>> >> 
>> >> This in particular eliminates the false W+X warning when running under
>> >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
>> >> make the necessary adjustment in L2 rather than L1 (the reason is
>> >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
>> >> set in L2.
>> >> 
>> >> Signed-off-by: Jan Beulich 
>> >> Reviewed-by: Juergen Gross 
>> >> ---
>> >> v2: Re-base onto tip tree. Add Xen related paragraph to description.
>> >> ---
>> >>  arch/x86/mm/dump_pagetables.c |   92 
>> > ++
>> >>  1 file changed, 57 insertions(+), 35 deletions(-)
>> > 
>> > There's a build failure with CONFIG_KASAN=y enabled:
>> > 
>> >  arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
>> >  arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
>> > ‘note_page’
>> >  arch/x86/mm/dump_pagetables.c:238:13: note: declared here
>> 
>> Oh, I see. Question though is what to pass as the extra argument:
>> Do I need to pass in the caller's effective rights, or should I take
>> kasan_page_table()'s checking against kasan_zero_p?d as an
>> indication that the effective permission is zero here? I'm sorry for
>> this probably trivial question, but I know nothing about how KASAN
>> works.
> 
> I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to
> help us out here?

Actually, the "zero" in the names of the symbols meanwhile makes
me be pretty sure passing 0 for the effective permissions here is
exactly what is wanted. I'm about to produce v3.

Jan

Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Jan Beulich]

>>> On 23.02.18 at 08:49,  wrote:

> * Jan Beulich  wrote:
> 
>> >>> On 21.02.18 at 17:53,  wrote:
>> 
>> > * Jan Beulich  wrote:
>> > 
>> >> Using just the leaf page table entry flags would cause a false warning
>> >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
>> >> Hand through both the current entry's flags as well as the accumulated
>> >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
>> >> not an actual entry's value).
>> >> 
>> >> This in particular eliminates the false W+X warning when running under
>> >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
>> >> make the necessary adjustment in L2 rather than L1 (the reason is
>> >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
>> >> set in L2.
>> >> 
>> >> Signed-off-by: Jan Beulich 
>> >> Reviewed-by: Juergen Gross 
>> >> ---
>> >> v2: Re-base onto tip tree. Add Xen related paragraph to description.
>> >> ---
>> >>  arch/x86/mm/dump_pagetables.c |   92 
>> > ++
>> >>  1 file changed, 57 insertions(+), 35 deletions(-)
>> > 
>> > There's a build failure with CONFIG_KASAN=y enabled:
>> > 
>> >  arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
>> >  arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
>> > ‘note_page’
>> >  arch/x86/mm/dump_pagetables.c:238:13: note: declared here
>> 
>> Oh, I see. Question though is what to pass as the extra argument:
>> Do I need to pass in the caller's effective rights, or should I take
>> kasan_page_table()'s checking against kasan_zero_p?d as an
>> indication that the effective permission is zero here? I'm sorry for
>> this probably trivial question, but I know nothing about how KASAN
>> works.
> 
> I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to
> help us out here?

Actually, the "zero" in the names of the symbols meanwhile makes
me be pretty sure passing 0 for the effective permissions here is
exactly what is wanted. I'm about to produce v3.

Jan

Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Ingo Molnar]

* Jan Beulich  wrote:

> >>> On 21.02.18 at 17:53,  wrote:
> 
> > * Jan Beulich  wrote:
> > 
> >> Using just the leaf page table entry flags would cause a false warning
> >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
> >> Hand through both the current entry's flags as well as the accumulated
> >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
> >> not an actual entry's value).
> >> 
> >> This in particular eliminates the false W+X warning when running under
> >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
> >> make the necessary adjustment in L2 rather than L1 (the reason is
> >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
> >> set in L2.
> >> 
> >> Signed-off-by: Jan Beulich 
> >> Reviewed-by: Juergen Gross 
> >> ---
> >> v2: Re-base onto tip tree. Add Xen related paragraph to description.
> >> ---
> >>  arch/x86/mm/dump_pagetables.c |   92 
> > ++
> >>  1 file changed, 57 insertions(+), 35 deletions(-)
> > 
> > There's a build failure with CONFIG_KASAN=y enabled:
> > 
> >  arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
> >  arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
> > ‘note_page’
> >  arch/x86/mm/dump_pagetables.c:238:13: note: declared here
> 
> Oh, I see. Question though is what to pass as the extra argument:
> Do I need to pass in the caller's effective rights, or should I take
> kasan_page_table()'s checking against kasan_zero_p?d as an
> indication that the effective permission is zero here? I'm sorry for
> this probably trivial question, but I know nothing about how KASAN
> works.

I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to
help us out here?

Thanks,

Ingo

Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Ingo Molnar]

* Jan Beulich  wrote:

> >>> On 21.02.18 at 17:53,  wrote:
> 
> > * Jan Beulich  wrote:
> > 
> >> Using just the leaf page table entry flags would cause a false warning
> >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
> >> Hand through both the current entry's flags as well as the accumulated
> >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
> >> not an actual entry's value).
> >> 
> >> This in particular eliminates the false W+X warning when running under
> >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
> >> make the necessary adjustment in L2 rather than L1 (the reason is
> >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
> >> set in L2.
> >> 
> >> Signed-off-by: Jan Beulich 
> >> Reviewed-by: Juergen Gross 
> >> ---
> >> v2: Re-base onto tip tree. Add Xen related paragraph to description.
> >> ---
> >>  arch/x86/mm/dump_pagetables.c |   92 
> > ++
> >>  1 file changed, 57 insertions(+), 35 deletions(-)
> > 
> > There's a build failure with CONFIG_KASAN=y enabled:
> > 
> >  arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
> >  arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
> > ‘note_page’
> >  arch/x86/mm/dump_pagetables.c:238:13: note: declared here
> 
> Oh, I see. Question though is what to pass as the extra argument:
> Do I need to pass in the caller's effective rights, or should I take
> kasan_page_table()'s checking against kasan_zero_p?d as an
> indication that the effective permission is zero here? I'm sorry for
> this probably trivial question, but I know nothing about how KASAN
> works.

I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to
help us out here?

Thanks,

Ingo

Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Jan Beulich]

>>> On 21.02.18 at 17:53,  wrote:

> * Jan Beulich  wrote:
> 
>> Using just the leaf page table entry flags would cause a false warning
>> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
>> Hand through both the current entry's flags as well as the accumulated
>> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
>> not an actual entry's value).
>> 
>> This in particular eliminates the false W+X warning when running under
>> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
>> make the necessary adjustment in L2 rather than L1 (the reason is
>> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
>> set in L2.
>> 
>> Signed-off-by: Jan Beulich 
>> Reviewed-by: Juergen Gross 
>> ---
>> v2: Re-base onto tip tree. Add Xen related paragraph to description.
>> ---
>>  arch/x86/mm/dump_pagetables.c |   92 
> ++
>>  1 file changed, 57 insertions(+), 35 deletions(-)
> 
> There's a build failure with CONFIG_KASAN=y enabled:
> 
>  arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
>  arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
> ‘note_page’
>  arch/x86/mm/dump_pagetables.c:238:13: note: declared here

Oh, I see. Question though is what to pass as the extra argument:
Do I need to pass in the caller's effective rights, or should I take
kasan_page_table()'s checking against kasan_zero_p?d as an
indication that the effective permission is zero here? I'm sorry for
this probably trivial question, but I know nothing about how KASAN
works.

Jan

Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Jan Beulich]

>>> On 21.02.18 at 17:53,  wrote:

> * Jan Beulich  wrote:
> 
>> Using just the leaf page table entry flags would cause a false warning
>> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
>> Hand through both the current entry's flags as well as the accumulated
>> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
>> not an actual entry's value).
>> 
>> This in particular eliminates the false W+X warning when running under
>> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
>> make the necessary adjustment in L2 rather than L1 (the reason is
>> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
>> set in L2.
>> 
>> Signed-off-by: Jan Beulich 
>> Reviewed-by: Juergen Gross 
>> ---
>> v2: Re-base onto tip tree. Add Xen related paragraph to description.
>> ---
>>  arch/x86/mm/dump_pagetables.c |   92 
> ++
>>  1 file changed, 57 insertions(+), 35 deletions(-)
> 
> There's a build failure with CONFIG_KASAN=y enabled:
> 
>  arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
>  arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
> ‘note_page’
>  arch/x86/mm/dump_pagetables.c:238:13: note: declared here

Oh, I see. Question though is what to pass as the extra argument:
Do I need to pass in the caller's effective rights, or should I take
kasan_page_table()'s checking against kasan_zero_p?d as an
indication that the effective permission is zero here? I'm sorry for
this probably trivial question, but I know nothing about how KASAN
works.

Jan

Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Ingo Molnar]

* Jan Beulich  wrote:

> Using just the leaf page table entry flags would cause a false warning
> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
> Hand through both the current entry's flags as well as the accumulated
> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
> not an actual entry's value).
> 
> This in particular eliminates the false W+X warning when running under
> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
> make the necessary adjustment in L2 rather than L1 (the reason is
> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
> set in L2.
> 
> Signed-off-by: Jan Beulich 
> Reviewed-by: Juergen Gross 
> ---
> v2: Re-base onto tip tree. Add Xen related paragraph to description.
> ---
>  arch/x86/mm/dump_pagetables.c |   92 
> ++
>  1 file changed, 57 insertions(+), 35 deletions(-)

There's a build failure with CONFIG_KASAN=y enabled:

 arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
 arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
‘note_page’
 arch/x86/mm/dump_pagetables.c:238:13: note: declared here

Thanks,

Ingo

Re: [PATCH v2] x86: consider effective protection attributes in W+X check

[Ingo Molnar]

* Jan Beulich  wrote:

> Using just the leaf page table entry flags would cause a false warning
> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
> Hand through both the current entry's flags as well as the accumulated
> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
> not an actual entry's value).
> 
> This in particular eliminates the false W+X warning when running under
> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
> make the necessary adjustment in L2 rather than L1 (the reason is
> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
> set in L2.
> 
> Signed-off-by: Jan Beulich 
> Reviewed-by: Juergen Gross 
> ---
> v2: Re-base onto tip tree. Add Xen related paragraph to description.
> ---
>  arch/x86/mm/dump_pagetables.c |   92 
> ++
>  1 file changed, 57 insertions(+), 35 deletions(-)

There's a build failure with CONFIG_KASAN=y enabled:

 arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
 arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function 
‘note_page’
 arch/x86/mm/dump_pagetables.c:238:13: note: declared here

Thanks,

Ingo