Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-29 06:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
5bd5a45266
linux/arch/x86/kernel
History
Matthieu Castet 5bd5a45266 x86: Add NX protection for kernel data 
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.

The following steps are taken to achieve this:

 1. Linker script is adjusted so .text always starts and ends on a page bound
 2. Linker script is adjusted so .rodata always start and end on a page boundary
 3. NX is set for all pages from _etext through _end in mark_rodata_ro.
 4. free_init_pages() sets released memory NX in arch/x86/mm/init.c
 5. bios rom is set to x when pcibios is used.

The results of patch application may be observed in the diff of kernel page
table dumps:

pcibios:

 -- data_nx_pt_before.txt       2009-10-13 07:48:59.000000000 -0400
 ++ data_nx_pt_after.txt        2009-10-13 07:26:46.000000000 -0400
  0x00000000-0xc0000000           3G                           pmd
  ---[ Kernel Mapping ]---
 -0xc0000000-0xc0100000           1M     RW             GLB x  pte
 +0xc0000000-0xc00a0000         640K     RW             GLB NX pte
 +0xc00a0000-0xc0100000         384K     RW             GLB x  pte
 -0xc0100000-0xc03d7000        2908K     ro             GLB x  pte
 +0xc0100000-0xc0318000        2144K     ro             GLB x  pte
 +0xc0318000-0xc03d7000         764K     ro             GLB NX pte
 -0xc03d7000-0xc0600000        2212K     RW             GLB x  pte
 +0xc03d7000-0xc0600000        2212K     RW             GLB NX pte
  0xc0600000-0xf7a00000         884M     RW         PSE GLB NX pmd
  0xf7a00000-0xf7bfe000        2040K     RW             GLB NX pte
  0xf7bfe000-0xf7c00000           8K                           pte

No pcibios:

 -- data_nx_pt_before.txt       2009-10-13 07:48:59.000000000 -0400
 ++ data_nx_pt_after.txt        2009-10-13 07:26:46.000000000 -0400
  0x00000000-0xc0000000           3G                           pmd
  ---[ Kernel Mapping ]---
 -0xc0000000-0xc0100000           1M     RW             GLB x  pte
 +0xc0000000-0xc0100000           1M     RW             GLB NX pte
 -0xc0100000-0xc03d7000        2908K     ro             GLB x  pte
 +0xc0100000-0xc0318000        2144K     ro             GLB x  pte
 +0xc0318000-0xc03d7000         764K     ro             GLB NX pte
 -0xc03d7000-0xc0600000        2212K     RW             GLB x  pte
 +0xc03d7000-0xc0600000        2212K     RW             GLB NX pte
  0xc0600000-0xf7a00000         884M     RW         PSE GLB NX pmd
  0xf7a00000-0xf7bfe000        2040K     RW             GLB NX pte
  0xf7bfe000-0xf7c00000           8K                           pte

The patch has been originally developed for Linux 2.6.34-rc2 x86 by
Siarhei Liakh <sliakh.lkml@gmail.com> and Xuxian Jiang <jiang@cs.ncsu.edu>.

 -v1:  initial patch for 2.6.30
 -v2:  patch for 2.6.31-rc7
 -v3:  moved all code into arch/x86, adjusted credits
 -v4:  fixed ifdef, removed credits from CREDITS
 -v5:  fixed an address calculation bug in mark_nxdata_nx()
 -v6:  added acked-by and PT dump diff to commit log
 -v7:  minor adjustments for -tip
 -v8:  rework with the merge of "Set first MB as RW+NX"

Signed-off-by: Siarhei Liakh <sliakh.lkml@gmail.com>
Signed-off-by: Xuxian Jiang <jiang@cs.ncsu.edu>
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: James Morris <jmorris@namei.org>
Cc: Andi Kleen <ak@muc.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Dave Jones <davej@redhat.com>
Cc: Kees Cook <kees.cook@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
LKML-Reference: <4CE2F82E.60601@free.fr>
[ minor cleanliness edits ]
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2010-11-18 12:52:04 +01:00
..
acpi Merge branch 'stable/xen-pcifront-0.8.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen 2010-10-28 17:11:17 -07:00
apic x86, apic: Remove double #include 2010-11-10 10:21:16 +01:00
cpu perf, amd: Use kmalloc_node(,__GFP_ZERO) for northbridge structure allocation 2010-11-10 22:58:40 +01:00
.gitignore
alternative.c Merge branches 'perf-fixes-for-linus' and 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-30 11:43:26 -07:00
amd_iommu_init.c Merge branch 'x86-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:23:48 -07:00
amd_iommu.c x86/amd-iommu: Update copyright headers 2010-10-13 11:13:21 +02:00
amd_nb.c x86, amd_nb: Enable GART support for AMD family 0x15 CPUs 2010-10-01 16:18:32 -07:00
apb_timer.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:11:46 -07:00
aperture_64.c Merge branch 'x86-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:23:48 -07:00
apm_32.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
asm-offsets_32.c x86, asm: Fix CFI macro invocations to deal with shortcomings in gas 2010-10-19 14:28:02 -07:00
asm-offsets_64.c
asm-offsets.c
audit_64.c
bootflag.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
check.c x86: Use memblock to replace early_res 2010-08-27 11:12:29 -07:00
cpuid.c x86: convert cpu notifier to return encapsulate errno value 2010-05-27 09:12:48 -07:00
crash_dump_32.c mm: stack based kmap_atomic() 2010-10-26 16:52:08 -07:00
crash_dump_64.c mm, x86: Saving vmcore with non-lazy freeing of vmas 2010-09-17 09:11:56 +02:00
crash.c x86, UV: Make kdump avoid stack dumps 2010-07-21 11:33:27 -07:00
doublefault_32.c
dumpstack_32.c x86, printk: Get rid of <0> from stack output 2010-10-23 20:03:03 +02:00
dumpstack_64.c x86, printk: Get rid of <0> from stack output 2010-10-23 20:03:03 +02:00
dumpstack.c x86: Unify dumpstack.h and stacktrace.h 2010-06-08 23:29:52 +02:00
e820.c x86, memblock: Use memblock_memory_size()/memblock_free_memory_size() to get correct dma_reserve 2010-08-27 11:13:54 -07:00
early_printk_mrst.c x86, earlyprintk: Add hsu early console for Intel Medfield platform 2010-10-08 10:01:47 +02:00
early_printk.c x86, earlyprintk: Add hsu early console for Intel Medfield platform 2010-10-08 10:01:47 +02:00
early-quirks.c Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 13:18:06 -07:00
entry_32.S x86, asm: Restore parentheses around one pushl_cfi argument 2010-10-22 10:51:44 +02:00
entry_64.S Merge branches 'softirq-for-linus', 'x86-debug-for-linus', 'x86-numa-for-linus', 'x86-quirks-for-linus', 'x86-setup-for-linus', 'x86-uv-for-linus' and 'x86-vm86-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-23 08:25:36 -07:00
ftrace.c jump label: Make dynamic no-op selection available outside of ftrace 2010-09-20 18:19:39 -04:00
head32.c Merge branch 'x86-trampoline-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-22 20:37:50 -07:00
head64.c x86-64: Only set max_pfn_mapped to 512 MiB if we enter via head_64.S 2010-10-14 09:06:49 +02:00
head_32.S x86-32, mm: Add an initial page table for core bootstrapping 2010-10-20 14:23:55 -07:00
head_64.S x86-64: Simplify loading initial_gs 2010-07-21 21:23:51 -07:00
head.c x86: Use memblock to replace early_res 2010-08-27 11:12:29 -07:00
hpet.c workqueues: s/ON_STACK/ONSTACK/ 2010-10-26 16:52:14 -07:00
hw_breakpoint.c x86: Fix instruction breakpoint encoding 2010-09-17 03:24:13 +02:00
i386_ksyms_32.c
i387.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 13:34:32 -07:00
i8237.c
i8253.c
i8259.c x86: i8259: Convert to new irq_chip functions 2010-10-12 16:53:36 +02:00
init_task.c
io_delay.c
ioport.c
irq_32.c x86-32: Restore irq stacks NUMA-aware allocations 2010-10-29 08:17:07 +02:00
irq_64.c
irq_work.c irq_work: Add generic hardirq context callbacks 2010-10-18 19:58:50 +02:00
irq.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:11:46 -07:00
irqinit.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:11:46 -07:00
jump_label.c jump label: x86 support 2010-09-22 16:33:03 -04:00
kdebugfs.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
kgdb.c debug_core,x86,blackfin: Clean up hw debug disable API 2010-10-29 13:14:41 -05:00
kprobes.c jump label: Add jump_label_text_reserved() to reserve jump points 2010-09-22 16:30:46 -04:00
kvm.c
kvmclock.c KVM guest: Move a printk that's using the clock before it's ready 2010-10-24 10:53:06 +02:00
ldt.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
machine_kexec_32.c
machine_kexec_64.c x86, cleanups: Use clear_page/copy_page rather than memset/memcpy 2010-09-22 15:36:49 -07:00
Makefile x86: Move olpc to platform 2010-10-27 17:22:16 +02:00
mca_32.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
microcode_amd.c x86: Remove unnecessary casts of void ptr returning alloc function return values 2010-11-10 09:13:00 +01:00
microcode_core.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
microcode_intel.c Update broken web addresses in arch directory. 2010-10-18 11:03:21 +02:00
mmconf-fam10h_64.c x86: Adjust section annotations in AMD Fam10 MMCONF enabling code 2010-11-10 10:08:26 +01:00
module.c Merge commit 'v2.6.36-rc7' into perf/core 2010-10-08 10:46:27 +02:00
mpparse.c Merge commit 'v2.6.36-rc3' into x86/memblock 2010-08-31 09:45:46 +02:00
msr.c x86: convert cpu notifier to return encapsulate errno value 2010-05-27 09:12:48 -07:00
paravirt_patch_32.c
paravirt_patch_64.c
paravirt-spinlocks.c
paravirt.c x86, paravirt: Remove alloc_pmd_clone hook, only used by VMI 2010-08-23 17:09:44 -07:00
pci-calgary_64.c x86, calgary: Make Calgary IOMMU use IOMMU_INIT_* macros. 2010-08-26 15:14:15 -07:00
pci-dma.c x86, iommu: Utilize the IOMMU_INIT macros functionality. 2010-08-26 15:14:52 -07:00
pci-gart_64.c Merge branch 'x86-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:23:48 -07:00
pci-iommu_table.c x86, iommu: Add proper dependency sort routine (and sanity check). 2010-08-26 15:13:19 -07:00
pci-nommu.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pci-swiotlb.c x86, swiotlb: Make SWIOTLB use IOMMU_INIT_* macros. 2010-08-26 15:13:37 -07:00
pcspeaker.c
probe_roms_32.c
process_32.c x86, perf: Add power_end event to process_*.c cpu_idle routine 2010-06-18 11:35:10 +02:00
process_64.c x86-64, fpu: Disable preemption when using TS_USEDFPU 2010-09-09 14:16:45 -07:00
process.c Make do_execve() take a const filename pointer 2010-08-17 18:07:43 -07:00
ptrace.c ptrace: cleanup arch_ptrace() on x86 2010-10-27 18:03:10 -07:00
pvclock.c x86, pvclock: Remove leftover scale_delta() function 2010-11-10 10:32:15 +01:00
quirks.c x86: HPET force enable for CX700 / VIA Epia LT 2010-09-15 16:27:04 +02:00
reboot_fixups_32.c
reboot.c Merge branch 'linus' into x86/urgent 2010-10-25 19:38:52 +02:00
relocate_kernel_32.S
relocate_kernel_64.S
rtc.c
setup_percpu.c Merge branch 'core-memblock-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 18:52:11 -07:00
setup.c Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2010-10-28 11:59:52 -07:00
signal.c
smp.c x86, kexec: Make sure to stop all CPUs before exiting the kernel 2010-10-21 13:30:44 -07:00
smpboot.c Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-27 18:38:55 -07:00
stacktrace.c x86: Unify save_stack_address() and save_stack_address_nosched() 2010-06-09 17:32:19 +02:00
step.c x86, ptrace: Fix block-step 2010-03-26 11:33:57 +01:00
sys_i386_32.c i386: Make kernel_execve() suitable for stack unwinding 2010-09-03 08:16:02 +02:00
sys_x86_64.c improve sys_newuname() for compat architectures 2010-03-12 15:52:32 -08:00
syscall_64.c
syscall_table_32.S x86: fix up system call numbering nit 2010-08-10 15:35:10 -07:00
tboot.c Merge branch 'kvm-updates/2.6.35' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2010-05-21 17:16:21 -07:00
tce_64.c
test_nx.c
test_rodata.c
time.c
tls.c
tls.h
topology.c
trampoline_32.S
trampoline_64.S
trampoline.c Merge branch 'x86-trampoline-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-22 20:37:50 -07:00
traps.c Merge branches 'softirq-for-linus', 'x86-debug-for-linus', 'x86-numa-for-linus', 'x86-quirks-for-linus', 'x86-setup-for-linus', 'x86-uv-for-linus' and 'x86-vm86-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-23 08:25:36 -07:00
tsc_sync.c
tsc.c Merge branch 'x86-amd-nb-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 13:01:08 -07:00
verify_cpu_64.S x86: Use symbolic MSR names 2010-07-21 21:23:40 -07:00
vm86_32.c x86, vm86: Fix preemption bug for int1 debug and int3 breakpoint handlers. 2010-09-23 11:07:49 -07:00
vmlinux.lds.S x86: Add NX protection for kernel data 2010-11-18 12:52:04 +01:00
vsmp_64.c
vsyscall_64.c timkeeping: Fix update_vsyscall to provide wall_to_monotonic offset 2010-07-27 12:40:54 +02:00
x86_init.c x86: Introduce x86_msi_ops 2010-10-18 10:49:34 -04:00
x8664_ksyms_64.c x86-64: Don't export init_level4_pgt 2010-04-28 17:25:47 -07:00
xsave.c Merge branch 'x86-xsave-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-08-06 16:25:13 -07:00