linux/arch/arm/mm
Philip Derrin 3b0c0c922f ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
When CONFIG_ARM_LPAE is set, the PMD dump relies on the software
read-only bit to determine whether a page is writable. This
concealed a bug which left the kernel text section writable
(AP2=0) while marked read-only in the software bit.

In a kernel with the AP2 bug, the dump looks like this:

    ---[ Kernel Mapping ]---
    0xc0000000-0xc0200000           2M RW NX SHD
    0xc0200000-0xc0600000           4M ro x  SHD
    0xc0600000-0xc0800000           2M ro NX SHD
    0xc0800000-0xc4800000          64M RW NX SHD

The fix is to check that the software and hardware bits are both
set before displaying "ro". The dump then shows the true perms:

    ---[ Kernel Mapping ]---
    0xc0000000-0xc0200000           2M RW NX SHD
    0xc0200000-0xc0600000           4M RW x  SHD
    0xc0600000-0xc0800000           2M RW NX SHD
    0xc0800000-0xc4800000          64M RW NX SHD

Fixes: ded9477984 ("ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE")
Signed-off-by: Philip Derrin <philip@cog.systems>
Tested-by: Neil Dick <neil@cog.systems>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2017-11-21 15:10:07 +00:00
..
abort-ev4.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev4t.S
abort-ev5t.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev5tj.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev6.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-ev7.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-lv4t.S ARM: fix oops when using older ARMv4T CPUs 2016-10-19 10:18:43 +01:00
abort-macro.S ARM: entry: provide uaccess assembly macro hooks 2015-08-26 20:27:02 +01:00
abort-nommu.S
alignment.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h> 2017-03-02 08:42:34 +01:00
cache-aurora-l2.h ARM: 7547/4: cache-l2x0: add support for Aurora L2 cache ctrl 2012-11-06 19:47:35 +00:00
cache-fa.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-feroceon-l2.c ARM: 8416/1: Feroceon: use of_iomap() to map register base 2015-08-18 14:00:30 +01:00
cache-l2x0-pmu.c cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
cache-l2x0.c ARM: 8659/1: l2c: allow CA9 optimizations to be disabled 2017-03-17 10:01:26 +00:00
cache-nop.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-tauros2.c ARM: l2c: tauros2: use descriptive definitions for register bits 2015-11-26 22:12:26 +00:00
cache-tauros3.h ARM: 7922/1: l2x0: add Marvell Tauros3 support 2013-12-29 12:32:47 +00:00
cache-uniphier.c ARM: 8652/1: cache-uniphier: clean up active way setup code 2017-02-28 11:06:17 +00:00
cache-v4.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-v4wb.S ARM: align .data section 2017-08-14 16:22:55 +01:00
cache-v4wt.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-v6.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
cache-v7.S scripts/spelling.txt: add "swith" pattern and fix typo instances 2017-02-27 18:43:46 -08:00
cache-v7m.S scripts/spelling.txt: add "swith" pattern and fix typo instances 2017-02-27 18:43:46 -08:00
cache-xsc3l2.c
context.c ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers 2015-12-02 23:57:54 +00:00
copypage-fa.c
copypage-feroceon.c
copypage-v4mc.c
copypage-v4wb.c
copypage-v4wt.c
copypage-v6.c ARM: 8236/1: mm: fix discard_old_kernel_data 2014-12-03 16:00:04 +00:00
copypage-xsc3.c
copypage-xscale.c
dma-mapping-nommu.c ARM: NOMMU: Wire-up default DMA interface 2017-07-20 16:09:27 +02:00
dma-mapping.c dma-coherent: introduce interface for default DMA pool 2017-07-20 16:09:10 +02:00
dma.h ARM: reduce visibility of dmac_* functions 2015-08-01 22:25:04 +01:00
dump.c ARM: 8721/1: mm: dump: check hardware RO bit for LPAE 2017-11-21 15:10:07 +00:00
extable.c arm: migrate exception table users off module.h and onto extable.h 2017-01-24 12:41:46 -05:00
fault-armv.c ARM: convert printk(KERN_* to pr_* 2014-11-21 15:24:50 +00:00
fault.c ARM: 8692/1: mm: abort uaccess retries upon fatal signal 2017-08-29 13:09:14 +01:00
fault.h ARM: 8642/1: LPAE: catch pending imprecise abort on unmask 2017-01-30 12:04:12 +00:00
flush.c ARM: 8627/1: avoid cache flushing in flush_dcache_page() 2017-01-10 23:31:30 +00:00
fsr-2level.c
fsr-3level.c ARM: mm: Transparent huge page support for LPAE systems. 2013-06-04 16:52:38 +01:00
highmem.c kmap_atomic_to_page() has no users, remove it 2015-11-09 15:11:24 -08:00
hugetlbpage.c mm/hugetlb: reduce arch dependent code about huge_pmd_unshare 2015-06-24 17:49:41 -07:00
idmap.c sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
init.c ARM: 8672/1: mm: remove tasklist locking from update_sections_early() 2017-04-26 10:59:36 +01:00
iomap.c
ioremap.c ARM: Implement pci_remap_cfgspace() interface 2017-04-24 13:53:13 -05:00
Kconfig Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2017-07-08 12:17:25 -07:00
l2c-common.c ARM: outer cache: add WARN_ON() to outer_disable() 2014-05-30 00:47:23 +01:00
l2c-l2x0-resume.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
Makefile ARM: NOMMU: Introduce dma operations for noMMU 2017-06-30 10:03:09 -07:00
mm.h ARM: provide common method to clear bits in CPU control register 2014-06-02 09:20:11 +01:00
mmap.c mm: larger stack guard gap, between vmas 2017-06-19 21:50:20 +08:00
mmu.c ARM: 8685/1: ensure memblock-limit is pmd-aligned 2017-06-29 23:10:12 +01:00
nommu.c ARM: 8700/1: nommu: always reserve address 0 away 2017-10-12 11:18:17 +01:00
pabort-legacy.S
pabort-v6.S
pabort-v7.S
pageattr.c arm: use set_memory.h header 2017-05-08 17:15:13 -07:00
pgd.c arm: get rid of superfluous __GFP_REPEAT 2016-07-26 16:19:19 -07:00
physaddr.c ARM: 8640/1: Add support for CONFIG_DEBUG_VIRTUAL 2017-02-28 11:06:09 +00:00
proc-arm7tdmi.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm9tdmi.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm720.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm740.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm920.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm922.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm925.S ARM: 8349/1: arch/arm/mm/proc-arm925.S: remove dead #ifdef block 2015-05-03 23:22:27 +01:00
proc-arm926.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm940.S Merge branches 'misc', 'vdso' and 'fixes' into for-next 2015-04-14 22:28:25 +01:00
proc-arm946.S Merge branches 'misc', 'vdso' and 'fixes' into for-next 2015-04-14 22:28:25 +01:00
proc-arm1020.S ARM: 8348/1: remove comments on CPU_ARM1020_CPU_IDLE 2015-05-03 23:22:09 +01:00
proc-arm1020e.S ARM: 8348/1: remove comments on CPU_ARM1020_CPU_IDLE 2015-05-03 23:22:09 +01:00
proc-arm1022.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-arm1026.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-fa526.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-feroceon.S ARM: 8350/1: proc-feroceon: Fix feroceon_proc_info macro 2015-05-03 23:23:09 +01:00
proc-macros.S ARM: Prepare for randomized task_struct 2017-06-30 12:00:50 -07:00
proc-mohawk.S ARM: mohawk: allow building with MMU disabled 2015-12-01 21:44:25 +01:00
proc-sa110.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-sa1100.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-syms.c ARM: modules: don't export cpu_set_pte_ext when !MMU 2013-03-26 09:55:34 +00:00
proc-v6.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-v7-2level.S Merge branches 'arnd-fixes', 'clk', 'misc', 'v7' and 'fixes' into for-next 2015-06-12 21:18:08 +01:00
proc-v7-3level.S ARM: 8690/1: lpae: build TTB control register value from scratch in v7_ttb_setup 2017-08-29 13:09:12 +01:00
proc-v7.S ARM: Update cpu_v7_reset documentation 2017-04-09 07:49:25 -07:00
proc-v7m.S Merge branches 'fixes' and 'misc' into for-next 2017-04-26 10:59:49 +01:00
proc-xsc3.S ARM: 8314/1: replace PROCINFO embedded branch with relative offset 2015-03-28 15:46:14 +00:00
proc-xscale.S ARM: align .data section 2017-08-14 16:22:55 +01:00
pv-fixup-asm.S ARM: re-implement physical address space switching 2015-06-01 23:46:33 +01:00
tcm.h ARM: 7694/1: ARM, TCM: initialize TCM in paging_init(), instead of setup_arch() 2013-04-17 16:53:24 +01:00
tlb-fa.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v4.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v4wb.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v4wbi.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v6.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00
tlb-v7.S ARM: convert all "mov.* pc, reg" to "bx reg" for ARMv6+ 2014-07-18 12:29:04 +01:00