mirror of
https://github.com/torvalds/linux.git
synced 2024-12-30 23:02:08 +00:00
5bd5a45266
This patch expands functionality of CONFIG_DEBUG_RODATA to set main (static) kernel data area as NX. The following steps are taken to achieve this: 1. Linker script is adjusted so .text always starts and ends on a page bound 2. Linker script is adjusted so .rodata always start and end on a page boundary 3. NX is set for all pages from _etext through _end in mark_rodata_ro. 4. free_init_pages() sets released memory NX in arch/x86/mm/init.c 5. bios rom is set to x when pcibios is used. The results of patch application may be observed in the diff of kernel page table dumps: pcibios: -- data_nx_pt_before.txt 2009-10-13 07:48:59.000000000 -0400 ++ data_nx_pt_after.txt 2009-10-13 07:26:46.000000000 -0400 0x00000000-0xc0000000 3G pmd ---[ Kernel Mapping ]--- -0xc0000000-0xc0100000 1M RW GLB x pte +0xc0000000-0xc00a0000 640K RW GLB NX pte +0xc00a0000-0xc0100000 384K RW GLB x pte -0xc0100000-0xc03d7000 2908K ro GLB x pte +0xc0100000-0xc0318000 2144K ro GLB x pte +0xc0318000-0xc03d7000 764K ro GLB NX pte -0xc03d7000-0xc0600000 2212K RW GLB x pte +0xc03d7000-0xc0600000 2212K RW GLB NX pte 0xc0600000-0xf7a00000 884M RW PSE GLB NX pmd 0xf7a00000-0xf7bfe000 2040K RW GLB NX pte 0xf7bfe000-0xf7c00000 8K pte No pcibios: -- data_nx_pt_before.txt 2009-10-13 07:48:59.000000000 -0400 ++ data_nx_pt_after.txt 2009-10-13 07:26:46.000000000 -0400 0x00000000-0xc0000000 3G pmd ---[ Kernel Mapping ]--- -0xc0000000-0xc0100000 1M RW GLB x pte +0xc0000000-0xc0100000 1M RW GLB NX pte -0xc0100000-0xc03d7000 2908K ro GLB x pte +0xc0100000-0xc0318000 2144K ro GLB x pte +0xc0318000-0xc03d7000 764K ro GLB NX pte -0xc03d7000-0xc0600000 2212K RW GLB x pte +0xc03d7000-0xc0600000 2212K RW GLB NX pte 0xc0600000-0xf7a00000 884M RW PSE GLB NX pmd 0xf7a00000-0xf7bfe000 2040K RW GLB NX pte 0xf7bfe000-0xf7c00000 8K pte The patch has been originally developed for Linux 2.6.34-rc2 x86 by Siarhei Liakh <sliakh.lkml@gmail.com> and Xuxian Jiang <jiang@cs.ncsu.edu>. -v1: initial patch for 2.6.30 -v2: patch for 2.6.31-rc7 -v3: moved all code into arch/x86, adjusted credits -v4: fixed ifdef, removed credits from CREDITS -v5: fixed an address calculation bug in mark_nxdata_nx() -v6: added acked-by and PT dump diff to commit log -v7: minor adjustments for -tip -v8: rework with the merge of "Set first MB as RW+NX" Signed-off-by: Siarhei Liakh <sliakh.lkml@gmail.com> Signed-off-by: Xuxian Jiang <jiang@cs.ncsu.edu> Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr> Cc: Arjan van de Ven <arjan@infradead.org> Cc: James Morris <jmorris@namei.org> Cc: Andi Kleen <ak@muc.de> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Dave Jones <davej@redhat.com> Cc: Kees Cook <kees.cook@canonical.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> LKML-Reference: <4CE2F82E.60601@free.fr> [ minor cleanliness edits ] Signed-off-by: Ingo Molnar <mingo@elte.hu>
406 lines
11 KiB
C
406 lines
11 KiB
C
#include <linux/gfp.h>
|
|
#include <linux/initrd.h>
|
|
#include <linux/ioport.h>
|
|
#include <linux/swap.h>
|
|
#include <linux/memblock.h>
|
|
|
|
#include <asm/cacheflush.h>
|
|
#include <asm/e820.h>
|
|
#include <asm/init.h>
|
|
#include <asm/page.h>
|
|
#include <asm/page_types.h>
|
|
#include <asm/sections.h>
|
|
#include <asm/setup.h>
|
|
#include <asm/system.h>
|
|
#include <asm/tlbflush.h>
|
|
#include <asm/tlb.h>
|
|
#include <asm/proto.h>
|
|
|
|
DEFINE_PER_CPU(struct mmu_gather, mmu_gathers);
|
|
|
|
unsigned long __initdata e820_table_start;
|
|
unsigned long __meminitdata e820_table_end;
|
|
unsigned long __meminitdata e820_table_top;
|
|
|
|
int after_bootmem;
|
|
|
|
int direct_gbpages
|
|
#ifdef CONFIG_DIRECT_GBPAGES
|
|
= 1
|
|
#endif
|
|
;
|
|
|
|
static void __init find_early_table_space(unsigned long end, int use_pse,
|
|
int use_gbpages)
|
|
{
|
|
unsigned long puds, pmds, ptes, tables, start;
|
|
phys_addr_t base;
|
|
|
|
puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
|
|
tables = roundup(puds * sizeof(pud_t), PAGE_SIZE);
|
|
|
|
if (use_gbpages) {
|
|
unsigned long extra;
|
|
|
|
extra = end - ((end>>PUD_SHIFT) << PUD_SHIFT);
|
|
pmds = (extra + PMD_SIZE - 1) >> PMD_SHIFT;
|
|
} else
|
|
pmds = (end + PMD_SIZE - 1) >> PMD_SHIFT;
|
|
|
|
tables += roundup(pmds * sizeof(pmd_t), PAGE_SIZE);
|
|
|
|
if (use_pse) {
|
|
unsigned long extra;
|
|
|
|
extra = end - ((end>>PMD_SHIFT) << PMD_SHIFT);
|
|
#ifdef CONFIG_X86_32
|
|
extra += PMD_SIZE;
|
|
#endif
|
|
ptes = (extra + PAGE_SIZE - 1) >> PAGE_SHIFT;
|
|
} else
|
|
ptes = (end + PAGE_SIZE - 1) >> PAGE_SHIFT;
|
|
|
|
tables += roundup(ptes * sizeof(pte_t), PAGE_SIZE);
|
|
|
|
#ifdef CONFIG_X86_32
|
|
/* for fixmap */
|
|
tables += roundup(__end_of_fixed_addresses * sizeof(pte_t), PAGE_SIZE);
|
|
#endif
|
|
|
|
/*
|
|
* RED-PEN putting page tables only on node 0 could
|
|
* cause a hotspot and fill up ZONE_DMA. The page tables
|
|
* need roughly 0.5KB per GB.
|
|
*/
|
|
#ifdef CONFIG_X86_32
|
|
start = 0x7000;
|
|
#else
|
|
start = 0x8000;
|
|
#endif
|
|
base = memblock_find_in_range(start, max_pfn_mapped<<PAGE_SHIFT,
|
|
tables, PAGE_SIZE);
|
|
if (base == MEMBLOCK_ERROR)
|
|
panic("Cannot find space for the kernel page tables");
|
|
|
|
e820_table_start = base >> PAGE_SHIFT;
|
|
e820_table_end = e820_table_start;
|
|
e820_table_top = e820_table_start + (tables >> PAGE_SHIFT);
|
|
|
|
printk(KERN_DEBUG "kernel direct mapping tables up to %lx @ %lx-%lx\n",
|
|
end, e820_table_start << PAGE_SHIFT, e820_table_top << PAGE_SHIFT);
|
|
}
|
|
|
|
struct map_range {
|
|
unsigned long start;
|
|
unsigned long end;
|
|
unsigned page_size_mask;
|
|
};
|
|
|
|
#ifdef CONFIG_X86_32
|
|
#define NR_RANGE_MR 3
|
|
#else /* CONFIG_X86_64 */
|
|
#define NR_RANGE_MR 5
|
|
#endif
|
|
|
|
static int __meminit save_mr(struct map_range *mr, int nr_range,
|
|
unsigned long start_pfn, unsigned long end_pfn,
|
|
unsigned long page_size_mask)
|
|
{
|
|
if (start_pfn < end_pfn) {
|
|
if (nr_range >= NR_RANGE_MR)
|
|
panic("run out of range for init_memory_mapping\n");
|
|
mr[nr_range].start = start_pfn<<PAGE_SHIFT;
|
|
mr[nr_range].end = end_pfn<<PAGE_SHIFT;
|
|
mr[nr_range].page_size_mask = page_size_mask;
|
|
nr_range++;
|
|
}
|
|
|
|
return nr_range;
|
|
}
|
|
|
|
/*
|
|
* Setup the direct mapping of the physical memory at PAGE_OFFSET.
|
|
* This runs before bootmem is initialized and gets pages directly from
|
|
* the physical memory. To access them they are temporarily mapped.
|
|
*/
|
|
unsigned long __init_refok init_memory_mapping(unsigned long start,
|
|
unsigned long end)
|
|
{
|
|
unsigned long page_size_mask = 0;
|
|
unsigned long start_pfn, end_pfn;
|
|
unsigned long ret = 0;
|
|
unsigned long pos;
|
|
|
|
struct map_range mr[NR_RANGE_MR];
|
|
int nr_range, i;
|
|
int use_pse, use_gbpages;
|
|
|
|
printk(KERN_INFO "init_memory_mapping: %016lx-%016lx\n", start, end);
|
|
|
|
#if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_KMEMCHECK)
|
|
/*
|
|
* For CONFIG_DEBUG_PAGEALLOC, identity mapping will use small pages.
|
|
* This will simplify cpa(), which otherwise needs to support splitting
|
|
* large pages into small in interrupt context, etc.
|
|
*/
|
|
use_pse = use_gbpages = 0;
|
|
#else
|
|
use_pse = cpu_has_pse;
|
|
use_gbpages = direct_gbpages;
|
|
#endif
|
|
|
|
/* Enable PSE if available */
|
|
if (cpu_has_pse)
|
|
set_in_cr4(X86_CR4_PSE);
|
|
|
|
/* Enable PGE if available */
|
|
if (cpu_has_pge) {
|
|
set_in_cr4(X86_CR4_PGE);
|
|
__supported_pte_mask |= _PAGE_GLOBAL;
|
|
}
|
|
|
|
if (use_gbpages)
|
|
page_size_mask |= 1 << PG_LEVEL_1G;
|
|
if (use_pse)
|
|
page_size_mask |= 1 << PG_LEVEL_2M;
|
|
|
|
memset(mr, 0, sizeof(mr));
|
|
nr_range = 0;
|
|
|
|
/* head if not big page alignment ? */
|
|
start_pfn = start >> PAGE_SHIFT;
|
|
pos = start_pfn << PAGE_SHIFT;
|
|
#ifdef CONFIG_X86_32
|
|
/*
|
|
* Don't use a large page for the first 2/4MB of memory
|
|
* because there are often fixed size MTRRs in there
|
|
* and overlapping MTRRs into large pages can cause
|
|
* slowdowns.
|
|
*/
|
|
if (pos == 0)
|
|
end_pfn = 1<<(PMD_SHIFT - PAGE_SHIFT);
|
|
else
|
|
end_pfn = ((pos + (PMD_SIZE - 1))>>PMD_SHIFT)
|
|
<< (PMD_SHIFT - PAGE_SHIFT);
|
|
#else /* CONFIG_X86_64 */
|
|
end_pfn = ((pos + (PMD_SIZE - 1)) >> PMD_SHIFT)
|
|
<< (PMD_SHIFT - PAGE_SHIFT);
|
|
#endif
|
|
if (end_pfn > (end >> PAGE_SHIFT))
|
|
end_pfn = end >> PAGE_SHIFT;
|
|
if (start_pfn < end_pfn) {
|
|
nr_range = save_mr(mr, nr_range, start_pfn, end_pfn, 0);
|
|
pos = end_pfn << PAGE_SHIFT;
|
|
}
|
|
|
|
/* big page (2M) range */
|
|
start_pfn = ((pos + (PMD_SIZE - 1))>>PMD_SHIFT)
|
|
<< (PMD_SHIFT - PAGE_SHIFT);
|
|
#ifdef CONFIG_X86_32
|
|
end_pfn = (end>>PMD_SHIFT) << (PMD_SHIFT - PAGE_SHIFT);
|
|
#else /* CONFIG_X86_64 */
|
|
end_pfn = ((pos + (PUD_SIZE - 1))>>PUD_SHIFT)
|
|
<< (PUD_SHIFT - PAGE_SHIFT);
|
|
if (end_pfn > ((end>>PMD_SHIFT)<<(PMD_SHIFT - PAGE_SHIFT)))
|
|
end_pfn = ((end>>PMD_SHIFT)<<(PMD_SHIFT - PAGE_SHIFT));
|
|
#endif
|
|
|
|
if (start_pfn < end_pfn) {
|
|
nr_range = save_mr(mr, nr_range, start_pfn, end_pfn,
|
|
page_size_mask & (1<<PG_LEVEL_2M));
|
|
pos = end_pfn << PAGE_SHIFT;
|
|
}
|
|
|
|
#ifdef CONFIG_X86_64
|
|
/* big page (1G) range */
|
|
start_pfn = ((pos + (PUD_SIZE - 1))>>PUD_SHIFT)
|
|
<< (PUD_SHIFT - PAGE_SHIFT);
|
|
end_pfn = (end >> PUD_SHIFT) << (PUD_SHIFT - PAGE_SHIFT);
|
|
if (start_pfn < end_pfn) {
|
|
nr_range = save_mr(mr, nr_range, start_pfn, end_pfn,
|
|
page_size_mask &
|
|
((1<<PG_LEVEL_2M)|(1<<PG_LEVEL_1G)));
|
|
pos = end_pfn << PAGE_SHIFT;
|
|
}
|
|
|
|
/* tail is not big page (1G) alignment */
|
|
start_pfn = ((pos + (PMD_SIZE - 1))>>PMD_SHIFT)
|
|
<< (PMD_SHIFT - PAGE_SHIFT);
|
|
end_pfn = (end >> PMD_SHIFT) << (PMD_SHIFT - PAGE_SHIFT);
|
|
if (start_pfn < end_pfn) {
|
|
nr_range = save_mr(mr, nr_range, start_pfn, end_pfn,
|
|
page_size_mask & (1<<PG_LEVEL_2M));
|
|
pos = end_pfn << PAGE_SHIFT;
|
|
}
|
|
#endif
|
|
|
|
/* tail is not big page (2M) alignment */
|
|
start_pfn = pos>>PAGE_SHIFT;
|
|
end_pfn = end>>PAGE_SHIFT;
|
|
nr_range = save_mr(mr, nr_range, start_pfn, end_pfn, 0);
|
|
|
|
/* try to merge same page size and continuous */
|
|
for (i = 0; nr_range > 1 && i < nr_range - 1; i++) {
|
|
unsigned long old_start;
|
|
if (mr[i].end != mr[i+1].start ||
|
|
mr[i].page_size_mask != mr[i+1].page_size_mask)
|
|
continue;
|
|
/* move it */
|
|
old_start = mr[i].start;
|
|
memmove(&mr[i], &mr[i+1],
|
|
(nr_range - 1 - i) * sizeof(struct map_range));
|
|
mr[i--].start = old_start;
|
|
nr_range--;
|
|
}
|
|
|
|
for (i = 0; i < nr_range; i++)
|
|
printk(KERN_DEBUG " %010lx - %010lx page %s\n",
|
|
mr[i].start, mr[i].end,
|
|
(mr[i].page_size_mask & (1<<PG_LEVEL_1G))?"1G":(
|
|
(mr[i].page_size_mask & (1<<PG_LEVEL_2M))?"2M":"4k"));
|
|
|
|
/*
|
|
* Find space for the kernel direct mapping tables.
|
|
*
|
|
* Later we should allocate these tables in the local node of the
|
|
* memory mapped. Unfortunately this is done currently before the
|
|
* nodes are discovered.
|
|
*/
|
|
if (!after_bootmem)
|
|
find_early_table_space(end, use_pse, use_gbpages);
|
|
|
|
for (i = 0; i < nr_range; i++)
|
|
ret = kernel_physical_mapping_init(mr[i].start, mr[i].end,
|
|
mr[i].page_size_mask);
|
|
|
|
#ifdef CONFIG_X86_32
|
|
early_ioremap_page_table_range_init();
|
|
|
|
load_cr3(swapper_pg_dir);
|
|
#endif
|
|
|
|
#ifdef CONFIG_X86_64
|
|
if (!after_bootmem && !start) {
|
|
pud_t *pud;
|
|
pmd_t *pmd;
|
|
|
|
mmu_cr4_features = read_cr4();
|
|
|
|
/*
|
|
* _brk_end cannot change anymore, but it and _end may be
|
|
* located on different 2M pages. cleanup_highmap(), however,
|
|
* can only consider _end when it runs, so destroy any
|
|
* mappings beyond _brk_end here.
|
|
*/
|
|
pud = pud_offset(pgd_offset_k(_brk_end), _brk_end);
|
|
pmd = pmd_offset(pud, _brk_end - 1);
|
|
while (++pmd <= pmd_offset(pud, (unsigned long)_end - 1))
|
|
pmd_clear(pmd);
|
|
}
|
|
#endif
|
|
__flush_tlb_all();
|
|
|
|
if (!after_bootmem && e820_table_end > e820_table_start)
|
|
memblock_x86_reserve_range(e820_table_start << PAGE_SHIFT,
|
|
e820_table_end << PAGE_SHIFT, "PGTABLE");
|
|
|
|
if (!after_bootmem)
|
|
early_memtest(start, end);
|
|
|
|
return ret >> PAGE_SHIFT;
|
|
}
|
|
|
|
|
|
/*
|
|
* devmem_is_allowed() checks to see if /dev/mem access to a certain address
|
|
* is valid. The argument is a physical page number.
|
|
*
|
|
*
|
|
* On x86, access has to be given to the first megabyte of ram because that area
|
|
* contains bios code and data regions used by X and dosemu and similar apps.
|
|
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
|
|
* mmio resources as well as potential bios/acpi data regions.
|
|
*/
|
|
int devmem_is_allowed(unsigned long pagenr)
|
|
{
|
|
if (pagenr <= 256)
|
|
return 1;
|
|
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
|
|
return 0;
|
|
if (!page_is_ram(pagenr))
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
void free_init_pages(char *what, unsigned long begin, unsigned long end)
|
|
{
|
|
unsigned long addr;
|
|
unsigned long begin_aligned, end_aligned;
|
|
|
|
/* Make sure boundaries are page aligned */
|
|
begin_aligned = PAGE_ALIGN(begin);
|
|
end_aligned = end & PAGE_MASK;
|
|
|
|
if (WARN_ON(begin_aligned != begin || end_aligned != end)) {
|
|
begin = begin_aligned;
|
|
end = end_aligned;
|
|
}
|
|
|
|
if (begin >= end)
|
|
return;
|
|
|
|
addr = begin;
|
|
|
|
/*
|
|
* If debugging page accesses then do not free this memory but
|
|
* mark them not present - any buggy init-section access will
|
|
* create a kernel page fault:
|
|
*/
|
|
#ifdef CONFIG_DEBUG_PAGEALLOC
|
|
printk(KERN_INFO "debug: unmapping init memory %08lx..%08lx\n",
|
|
begin, end);
|
|
set_memory_np(begin, (end - begin) >> PAGE_SHIFT);
|
|
#else
|
|
/*
|
|
* We just marked the kernel text read only above, now that
|
|
* we are going to free part of that, we need to make that
|
|
* writeable and non-executable first.
|
|
*/
|
|
set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
|
|
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
|
|
|
|
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
|
|
|
|
for (; addr < end; addr += PAGE_SIZE) {
|
|
ClearPageReserved(virt_to_page(addr));
|
|
init_page_count(virt_to_page(addr));
|
|
memset((void *)addr, POISON_FREE_INITMEM, PAGE_SIZE);
|
|
free_page(addr);
|
|
totalram_pages++;
|
|
}
|
|
#endif
|
|
}
|
|
|
|
void free_initmem(void)
|
|
{
|
|
free_init_pages("unused kernel memory",
|
|
(unsigned long)(&__init_begin),
|
|
(unsigned long)(&__init_end));
|
|
}
|
|
|
|
#ifdef CONFIG_BLK_DEV_INITRD
|
|
void free_initrd_mem(unsigned long start, unsigned long end)
|
|
{
|
|
/*
|
|
* end could be not aligned, and We can not align that,
|
|
* decompresser could be confused by aligned initrd_end
|
|
* We already reserve the end partial page before in
|
|
* - i386_start_kernel()
|
|
* - x86_64_start_kernel()
|
|
* - relocate_initrd()
|
|
* So here We can do PAGE_ALIGN() safely to get partial page to be freed
|
|
*/
|
|
free_init_pages("initrd memory", start, PAGE_ALIGN(end));
|
|
}
|
|
#endif
|