[PATCH 05/55] arm/arm64: KVM: Make default HYP mappings non-excutable

[PULL] KVM/ARM updates for Linux 4.8, take #1 · Marc Zyngier <hidden> · 2016-07-22
[PATCH 01/55] arm/arm64: KVM: Add a protection parameter to create_hyp_mappings · Marc Zyngier <hidden> · 2016-07-22
[PATCH 02/55] arm64: Add PTE_HYP_XN page table flag · Marc Zyngier <hidden> · 2016-07-22
[PATCH 03/55] arm/arm64: KVM: Enforce HYP read-only mapping of the kernel's rodata section · Marc Zyngier <hidden> · 2016-07-22
[PATCH 04/55] arm/arm64: KVM: Map the HYP text as read-only · Marc Zyngier <hidden> · 2016-07-22
[PATCH 05/55] arm/arm64: KVM: Make default HYP mappings non-excutable · Marc Zyngier <hidden> · 2016-07-22
[PATCH 06/55] KVM: arm/arm64: The GIC is dead, long live the GIC · Marc Zyngier <hidden> · 2016-07-22
[PATCH 07/55] arm64: KVM: Merged page tables documentation · Marc Zyngier <hidden> · 2016-07-22
[PATCH 08/55] arm64: KVM: Always reference __hyp_panic_string via its kernel VA · Marc Zyngier <hidden> · 2016-07-22
[PATCH 09/55] arm/arm64: KVM: Remove hyp_kern_va helper · Marc Zyngier <hidden> · 2016-07-22
[PATCH 10/55] arm64: KVM: Kill HYP_PAGE_OFFSET · Marc Zyngier <hidden> · 2016-07-22
[PATCH 11/55] arm64: Add ARM64_HYP_OFFSET_LOW capability · Marc Zyngier <hidden> · 2016-07-22
[PATCH 12/55] arm64: KVM: Define HYP offset masks · Marc Zyngier <hidden> · 2016-07-22
[PATCH 13/55] arm64: KVM: Refactor kern_hyp_va to deal with multiple offsets · Marc Zyngier <hidden> · 2016-07-22
[PATCH 14/55] arm/arm64: KVM: Export __hyp_text_start/end symbols · Marc Zyngier <hidden> · 2016-07-22
[PATCH 15/55] arm64: KVM: Runtime detection of lower HYP offset · Marc Zyngier <hidden> · 2016-07-22
[PATCH 16/55] arm/arm64: KVM: Always have merged page tables · Marc Zyngier <hidden> · 2016-07-22
[PATCH 17/55] arm64: KVM: Simplify HYP init/teardown · Marc Zyngier <hidden> · 2016-07-22
[PATCH 18/55] arm/arm64: KVM: Drop boot_pgd · Marc Zyngier <hidden> · 2016-07-22
[PATCH 19/55] arm/arm64: KVM: Kill free_boot_hyp_pgd · Marc Zyngier <hidden> · 2016-07-22
[PATCH 20/55] arm: KVM: Simplify HYP init · Marc Zyngier <hidden> · 2016-07-22
[PATCH 21/55] arm: KVM: Allow hyp teardown · Marc Zyngier <hidden> · 2016-07-22
[PATCH 22/55] arm/arm64: KVM: Prune unused #defines · Marc Zyngier <hidden> · 2016-07-22
[PATCH 23/55] arm/arm64: KVM: Check that IDMAP doesn't intersect with VA range · Marc Zyngier <hidden> · 2016-07-22
[PATCH 24/55] arm/arm64: Get rid of KERN_TO_HYP · Marc Zyngier <hidden> · 2016-07-22
[PATCH 25/55] arm64: KVM: Clean up a condition · Marc Zyngier <hidden> · 2016-07-22
[PATCH 26/55] KVM: arm/arm64: vgic: Move redistributor kvm_io_devices · Marc Zyngier <hidden> · 2016-07-22
[PATCH 27/55] KVM: arm/arm64: vgic: Check return value for kvm_register_vgic_device · Marc Zyngier <hidden> · 2016-07-22
[PATCH 28/55] KVM: Extend struct kvm_msi to hold a 32-bit device ID · Marc Zyngier <hidden> · 2016-07-22
[PATCH 29/55] KVM: arm/arm64: Extend arch CAP checks to allow per-VM capabilities · Marc Zyngier <hidden> · 2016-07-22
[PATCH 30/55] KVM: kvm_io_bus: Add kvm_io_bus_get_dev() call · Marc Zyngier <hidden> · 2016-07-22
[PATCH 31/55] KVM: arm/arm64: vgic: Add refcounting for IRQs · Marc Zyngier <hidden> · 2016-07-22
[PATCH 32/55] irqchip/gic-v3: Refactor and add GICv3 definitions · Marc Zyngier <hidden> · 2016-07-22
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · Marc Zyngier <hidden> · 2016-07-22
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · Christoffer Dall <hidden> · 2016-08-01
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · andre.przywara@arm.com (Andre Przywara) · 2016-08-02
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · Marc Zyngier <hidden> · 2016-08-02
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · Christoffer Dall <hidden> · 2016-08-02
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · Marc Zyngier <hidden> · 2016-08-02
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · Christoffer Dall <hidden> · 2016-08-02
[PATCH 33/55] KVM: arm64: vgic: Handle ITS related GICv3 redistributor registers · Marc Zyngier <hidden> · 2016-08-02
[PATCH 34/55] KVM: arm64: vgic-its: Introduce ITS emulation file with MMIO framework · Marc Zyngier <hidden> · 2016-07-22
[PATCH 35/55] KVM: arm64: vgic-its: Introduce new KVM ITS device · Marc Zyngier <hidden> · 2016-07-22
[PATCH 36/55] KVM: arm64: vgic-its: Implement basic ITS register handlers · Marc Zyngier <hidden> · 2016-07-22
[PATCH 37/55] KVM: arm64: vgic-its: Connect LPIs to the VGIC emulation · Marc Zyngier <hidden> · 2016-07-22
[PATCH 38/55] KVM: arm64: vgic-its: Read initial LPI pending table · Marc Zyngier <hidden> · 2016-07-22
[PATCH 39/55] KVM: arm64: vgic-its: Allow updates of LPI configuration table · Marc Zyngier <hidden> · 2016-07-22
[PATCH 40/55] KVM: arm64: vgic-its: Implement ITS command queue command handlers · Marc Zyngier <hidden> · 2016-07-22
[PATCH 41/55] KVM: arm64: vgic-its: Implement MSI injection in ITS emulation · Marc Zyngier <hidden> · 2016-07-22
[PATCH 41/55] KVM: arm64: vgic-its: Implement MSI injection in ITS emulation · Christoffer Dall <hidden> · 2016-08-01
[PATCH 41/55] KVM: arm64: vgic-its: Implement MSI injection in ITS emulation · Marc Zyngier <hidden> · 2016-08-02
[PATCH 41/55] KVM: arm64: vgic-its: Implement MSI injection in ITS emulation · Christoffer Dall <hidden> · 2016-08-04
[PATCH 42/55] KVM: arm64: vgic-its: Enable ITS emulation as a virtual MSI controller · Marc Zyngier <hidden> · 2016-07-22
[PATCH 43/55] KVM: arm/arm64: Fix vGICv2 KVM_DEV_ARM_VGIC_GRP_CPU/DIST_REGS · Marc Zyngier <hidden> · 2016-07-22
[PATCH 44/55] irqchip/gicv3-its: Restore all cacheability attributes · Marc Zyngier <hidden> · 2016-07-22
[PATCH 45/55] KVM: arm64: vgic-its: Generalize use of vgic_get_irq_kref · Marc Zyngier <hidden> · 2016-07-22
[PATCH 46/55] KVM: arm64: vgic-its: Fix handling of indirect tables · Marc Zyngier <hidden> · 2016-07-22
[PATCH 47/55] KVM: arm64: vgic-its: Fix vgic_its_check_device_id BE handling · Marc Zyngier <hidden> · 2016-07-22
[PATCH 48/55] KVM: arm64: vgic-its: Fix misleading nr_entries in vgic_its_check_device_id · Marc Zyngier <hidden> · 2016-07-22
[PATCH 49/55] KVM: arm64: vgic-its: Validate the device table L1 entry · Marc Zyngier <hidden> · 2016-07-22
[PATCH 50/55] KVM: arm64: vgic-its: Fix L2 entry validation for indirect tables · Marc Zyngier <hidden> · 2016-07-22
[PATCH 51/55] KVM: arm64: vgic-its: Add collection allocator/destructor · Marc Zyngier <hidden> · 2016-07-22
[PATCH 52/55] KVM: arm64: vgic-its: Add pointer to corresponding kvm_device · Marc Zyngier <hidden> · 2016-07-22
[PATCH 53/55] KVM: arm64: vgic-its: Turn device_id validation into generic ID validation · Marc Zyngier <hidden> · 2016-07-22
[PATCH 54/55] KVM: arm64: vgic-its: Make vgic_its_cmd_handle_mapi similar to other handlers · Marc Zyngier <hidden> · 2016-07-22
[PATCH 55/55] KVM: arm64: vgic-its: Simplify MAPI error handling · Marc Zyngier <hidden> · 2016-07-22
[PULL] KVM/ARM updates for Linux 4.8, take #1 · Radim Krčmář <hidden> · 2016-07-22

STALE3617d

From: Marc Zyngier <hidden>
Date: 2016-07-22 17:28:22
Also in: kvm, kvmarm
Subsystem: arm port, arm64 port (aarch64 architecture), the rest · Maintainers: Russell King, Catalin Marinas, Will Deacon, Linus Torvalds

Structures that can be generally written to don't have any requirement
to be executable (quite the opposite). This includes the kvm and vcpu
structures, as well as the stacks.

Let's change the default to incorporate the XN flag.

Signed-off-by: Marc Zyngier <redacted>
Signed-off-by: Christoffer Dall <redacted>
---
 arch/arm/include/asm/pgtable.h        | 2 +-
 arch/arm64/include/asm/pgtable-prot.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
index 7487bf9..e0d76ba 100644
--- a/arch/arm/include/asm/pgtable.h
+++ b/arch/arm/include/asm/pgtable.h

@@ -97,7 +97,7 @@ extern pgprot_t		pgprot_s2_device;
 #define PAGE_READONLY_EXEC	_MOD_PROT(pgprot_user, L_PTE_USER | L_PTE_RDONLY)
 #define PAGE_KERNEL		_MOD_PROT(pgprot_kernel, L_PTE_XN)
 #define PAGE_KERNEL_EXEC	pgprot_kernel
-#define PAGE_HYP		_MOD_PROT(pgprot_kernel, L_PTE_HYP)
+#define PAGE_HYP		_MOD_PROT(pgprot_kernel, L_PTE_HYP | L_PTE_XN)
 #define PAGE_HYP_EXEC		_MOD_PROT(pgprot_kernel, L_PTE_HYP | L_PTE_RDONLY)
 #define PAGE_HYP_RO		_MOD_PROT(pgprot_kernel, L_PTE_HYP | L_PTE_RDONLY | L_PTE_XN)
 #define PAGE_HYP_DEVICE		_MOD_PROT(pgprot_hyp_device, L_PTE_HYP)

diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
index 3802048..39f5252 100644
--- a/arch/arm64/include/asm/pgtable-prot.h
+++ b/arch/arm64/include/asm/pgtable-prot.h

@@ -55,7 +55,7 @@
 #define PAGE_KERNEL_EXEC	__pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE)
 #define PAGE_KERNEL_EXEC_CONT	__pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT)
 
-#define PAGE_HYP		__pgprot(_PAGE_DEFAULT | PTE_HYP)
+#define PAGE_HYP		__pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
 #define PAGE_HYP_EXEC		__pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
 #define PAGE_HYP_RO		__pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
 #define PAGE_HYP_DEVICE		__pgprot(PROT_DEVICE_nGnRE | PTE_HYP)

-- 
2.8.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help