1
2
3
4
5
6
7
8
9
10
11#include <linux/debugfs.h>
12#include <linux/fs.h>
13#include <linux/mm.h>
14#include <linux/seq_file.h>
15
16#include <asm/domain.h>
17#include <asm/fixmap.h>
18#include <asm/memory.h>
19#include <asm/ptdump.h>
20
21static struct addr_marker address_markers[] = {
22#ifdef CONFIG_KASAN
23 { KASAN_SHADOW_START, "Kasan shadow start"},
24 { KASAN_SHADOW_END, "Kasan shadow end"},
25#endif
26 { MODULES_VADDR, "Modules" },
27 { PAGE_OFFSET, "Kernel Mapping" },
28 { 0, "vmalloc() Area" },
29 { VMALLOC_END, "vmalloc() End" },
30 { FIXADDR_START, "Fixmap Area" },
31 { VECTORS_BASE, "Vectors" },
32 { VECTORS_BASE + PAGE_SIZE * 2, "Vectors End" },
33 { -1, NULL },
34};
35
36#define pt_dump_seq_printf(m, fmt, args...) \
37({ \
38 if (m) \
39 seq_printf(m, fmt, ##args); \
40})
41
42#define pt_dump_seq_puts(m, fmt) \
43({ \
44 if (m) \
45 seq_printf(m, fmt); \
46})
47
48struct pg_state {
49 struct seq_file *seq;
50 const struct addr_marker *marker;
51 unsigned long start_address;
52 unsigned level;
53 u64 current_prot;
54 bool check_wx;
55 unsigned long wx_pages;
56 const char *current_domain;
57};
58
59struct prot_bits {
60 u64 mask;
61 u64 val;
62 const char *set;
63 const char *clear;
64 bool ro_bit;
65 bool nx_bit;
66};
67
68static const struct prot_bits pte_bits[] = {
69 {
70 .mask = L_PTE_USER,
71 .val = L_PTE_USER,
72 .set = "USR",
73 .clear = " ",
74 }, {
75 .mask = L_PTE_RDONLY,
76 .val = L_PTE_RDONLY,
77 .set = "ro",
78 .clear = "RW",
79 .ro_bit = true,
80 }, {
81 .mask = L_PTE_XN,
82 .val = L_PTE_XN,
83 .set = "NX",
84 .clear = "x ",
85 .nx_bit = true,
86 }, {
87 .mask = L_PTE_SHARED,
88 .val = L_PTE_SHARED,
89 .set = "SHD",
90 .clear = " ",
91 }, {
92 .mask = L_PTE_MT_MASK,
93 .val = L_PTE_MT_UNCACHED,
94 .set = "SO/UNCACHED",
95 }, {
96 .mask = L_PTE_MT_MASK,
97 .val = L_PTE_MT_BUFFERABLE,
98 .set = "MEM/BUFFERABLE/WC",
99 }, {
100 .mask = L_PTE_MT_MASK,
101 .val = L_PTE_MT_WRITETHROUGH,
102 .set = "MEM/CACHED/WT",
103 }, {
104 .mask = L_PTE_MT_MASK,
105 .val = L_PTE_MT_WRITEBACK,
106 .set = "MEM/CACHED/WBRA",
107#ifndef CONFIG_ARM_LPAE
108 }, {
109 .mask = L_PTE_MT_MASK,
110 .val = L_PTE_MT_MINICACHE,
111 .set = "MEM/MINICACHE",
112#endif
113 }, {
114 .mask = L_PTE_MT_MASK,
115 .val = L_PTE_MT_WRITEALLOC,
116 .set = "MEM/CACHED/WBWA",
117 }, {
118 .mask = L_PTE_MT_MASK,
119 .val = L_PTE_MT_DEV_SHARED,
120 .set = "DEV/SHARED",
121#ifndef CONFIG_ARM_LPAE
122 }, {
123 .mask = L_PTE_MT_MASK,
124 .val = L_PTE_MT_DEV_NONSHARED,
125 .set = "DEV/NONSHARED",
126#endif
127 }, {
128 .mask = L_PTE_MT_MASK,
129 .val = L_PTE_MT_DEV_WC,
130 .set = "DEV/WC",
131 }, {
132 .mask = L_PTE_MT_MASK,
133 .val = L_PTE_MT_DEV_CACHED,
134 .set = "DEV/CACHED",
135 },
136};
137
138static const struct prot_bits section_bits[] = {
139#ifdef CONFIG_ARM_LPAE
140 {
141 .mask = PMD_SECT_USER,
142 .val = PMD_SECT_USER,
143 .set = "USR",
144 }, {
145 .mask = L_PMD_SECT_RDONLY | PMD_SECT_AP2,
146 .val = L_PMD_SECT_RDONLY | PMD_SECT_AP2,
147 .set = "ro",
148 .clear = "RW",
149 .ro_bit = true,
150#elif __LINUX_ARM_ARCH__ >= 6
151 {
152 .mask = PMD_SECT_APX | PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
153 .val = PMD_SECT_APX | PMD_SECT_AP_WRITE,
154 .set = " ro",
155 .ro_bit = true,
156 }, {
157 .mask = PMD_SECT_APX | PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
158 .val = PMD_SECT_AP_WRITE,
159 .set = " RW",
160 }, {
161 .mask = PMD_SECT_APX | PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
162 .val = PMD_SECT_AP_READ,
163 .set = "USR ro",
164 }, {
165 .mask = PMD_SECT_APX | PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
166 .val = PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
167 .set = "USR RW",
168#else
169
170 {
171 .mask = PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
172 .val = 0,
173 .set = " ro",
174 .ro_bit = true,
175 }, {
176 .mask = PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
177 .val = PMD_SECT_AP_WRITE,
178 .set = " RW",
179 }, {
180 .mask = PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
181 .val = PMD_SECT_AP_READ,
182 .set = "USR ro",
183 }, {
184 .mask = PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
185 .val = PMD_SECT_AP_READ | PMD_SECT_AP_WRITE,
186 .set = "USR RW",
187#endif
188 }, {
189 .mask = PMD_SECT_XN,
190 .val = PMD_SECT_XN,
191 .set = "NX",
192 .clear = "x ",
193 .nx_bit = true,
194 }, {
195 .mask = PMD_SECT_S,
196 .val = PMD_SECT_S,
197 .set = "SHD",
198 .clear = " ",
199 },
200};
201
202struct pg_level {
203 const struct prot_bits *bits;
204 size_t num;
205 u64 mask;
206 const struct prot_bits *ro_bit;
207 const struct prot_bits *nx_bit;
208};
209
210static struct pg_level pg_level[] = {
211 {
212 }, {
213 }, {
214 }, {
215 }, {
216 .bits = section_bits,
217 .num = ARRAY_SIZE(section_bits),
218 }, {
219 .bits = pte_bits,
220 .num = ARRAY_SIZE(pte_bits),
221 },
222};
223
224static void dump_prot(struct pg_state *st, const struct prot_bits *bits, size_t num)
225{
226 unsigned i;
227
228 for (i = 0; i < num; i++, bits++) {
229 const char *s;
230
231 if ((st->current_prot & bits->mask) == bits->val)
232 s = bits->set;
233 else
234 s = bits->clear;
235
236 if (s)
237 pt_dump_seq_printf(st->seq, " %s", s);
238 }
239}
240
241static void note_prot_wx(struct pg_state *st, unsigned long addr)
242{
243 if (!st->check_wx)
244 return;
245 if ((st->current_prot & pg_level[st->level].ro_bit->mask) ==
246 pg_level[st->level].ro_bit->val)
247 return;
248 if ((st->current_prot & pg_level[st->level].nx_bit->mask) ==
249 pg_level[st->level].nx_bit->val)
250 return;
251
252 WARN_ONCE(1, "arm/mm: Found insecure W+X mapping at address %pS\n",
253 (void *)st->start_address);
254
255 st->wx_pages += (addr - st->start_address) / PAGE_SIZE;
256}
257
258static void note_page(struct pg_state *st, unsigned long addr,
259 unsigned int level, u64 val, const char *domain)
260{
261 static const char units[] = "KMGTPE";
262 u64 prot = val & pg_level[level].mask;
263
264 if (!st->level) {
265 st->level = level;
266 st->current_prot = prot;
267 st->current_domain = domain;
268 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
269 } else if (prot != st->current_prot || level != st->level ||
270 domain != st->current_domain ||
271 addr >= st->marker[1].start_address) {
272 const char *unit = units;
273 unsigned long delta;
274
275 if (st->current_prot) {
276 note_prot_wx(st, addr);
277 pt_dump_seq_printf(st->seq, "0x%08lx-0x%08lx ",
278 st->start_address, addr);
279
280 delta = (addr - st->start_address) >> 10;
281 while (!(delta & 1023) && unit[1]) {
282 delta >>= 10;
283 unit++;
284 }
285 pt_dump_seq_printf(st->seq, "%9lu%c", delta, *unit);
286 if (st->current_domain)
287 pt_dump_seq_printf(st->seq, " %s",
288 st->current_domain);
289 if (pg_level[st->level].bits)
290 dump_prot(st, pg_level[st->level].bits, pg_level[st->level].num);
291 pt_dump_seq_printf(st->seq, "\n");
292 }
293
294 if (addr >= st->marker[1].start_address) {
295 st->marker++;
296 pt_dump_seq_printf(st->seq, "---[ %s ]---\n",
297 st->marker->name);
298 }
299 st->start_address = addr;
300 st->current_prot = prot;
301 st->current_domain = domain;
302 st->level = level;
303 }
304}
305
306static void walk_pte(struct pg_state *st, pmd_t *pmd, unsigned long start,
307 const char *domain)
308{
309 pte_t *pte = pte_offset_kernel(pmd, 0);
310 unsigned long addr;
311 unsigned i;
312
313 for (i = 0; i < PTRS_PER_PTE; i++, pte++) {
314 addr = start + i * PAGE_SIZE;
315 note_page(st, addr, 5, pte_val(*pte), domain);
316 }
317}
318
319static const char *get_domain_name(pmd_t *pmd)
320{
321#ifndef CONFIG_ARM_LPAE
322 switch (pmd_val(*pmd) & PMD_DOMAIN_MASK) {
323 case PMD_DOMAIN(DOMAIN_KERNEL):
324 return "KERNEL ";
325 case PMD_DOMAIN(DOMAIN_USER):
326 return "USER ";
327 case PMD_DOMAIN(DOMAIN_IO):
328 return "IO ";
329 case PMD_DOMAIN(DOMAIN_VECTORS):
330 return "VECTORS";
331 default:
332 return "unknown";
333 }
334#endif
335 return NULL;
336}
337
338static void walk_pmd(struct pg_state *st, pud_t *pud, unsigned long start)
339{
340 pmd_t *pmd = pmd_offset(pud, 0);
341 unsigned long addr;
342 unsigned i;
343 const char *domain;
344
345 for (i = 0; i < PTRS_PER_PMD; i++, pmd++) {
346 addr = start + i * PMD_SIZE;
347 domain = get_domain_name(pmd);
348 if (pmd_none(*pmd) || pmd_large(*pmd) || !pmd_present(*pmd))
349 note_page(st, addr, 3, pmd_val(*pmd), domain);
350 else
351 walk_pte(st, pmd, addr, domain);
352
353 if (SECTION_SIZE < PMD_SIZE && pmd_large(pmd[1])) {
354 addr += SECTION_SIZE;
355 pmd++;
356 domain = get_domain_name(pmd);
357 note_page(st, addr, 4, pmd_val(*pmd), domain);
358 }
359 }
360}
361
362static void walk_pud(struct pg_state *st, p4d_t *p4d, unsigned long start)
363{
364 pud_t *pud = pud_offset(p4d, 0);
365 unsigned long addr;
366 unsigned i;
367
368 for (i = 0; i < PTRS_PER_PUD; i++, pud++) {
369 addr = start + i * PUD_SIZE;
370 if (!pud_none(*pud)) {
371 walk_pmd(st, pud, addr);
372 } else {
373 note_page(st, addr, 3, pud_val(*pud), NULL);
374 }
375 }
376}
377
378static void walk_p4d(struct pg_state *st, pgd_t *pgd, unsigned long start)
379{
380 p4d_t *p4d = p4d_offset(pgd, 0);
381 unsigned long addr;
382 unsigned i;
383
384 for (i = 0; i < PTRS_PER_P4D; i++, p4d++) {
385 addr = start + i * P4D_SIZE;
386 if (!p4d_none(*p4d)) {
387 walk_pud(st, p4d, addr);
388 } else {
389 note_page(st, addr, 2, p4d_val(*p4d), NULL);
390 }
391 }
392}
393
394static void walk_pgd(struct pg_state *st, struct mm_struct *mm,
395 unsigned long start)
396{
397 pgd_t *pgd = pgd_offset(mm, 0UL);
398 unsigned i;
399 unsigned long addr;
400
401 for (i = 0; i < PTRS_PER_PGD; i++, pgd++) {
402 addr = start + i * PGDIR_SIZE;
403 if (!pgd_none(*pgd)) {
404 walk_p4d(st, pgd, addr);
405 } else {
406 note_page(st, addr, 1, pgd_val(*pgd), NULL);
407 }
408 }
409}
410
411void ptdump_walk_pgd(struct seq_file *m, struct ptdump_info *info)
412{
413 struct pg_state st = {
414 .seq = m,
415 .marker = info->markers,
416 .check_wx = false,
417 };
418
419 walk_pgd(&st, info->mm, info->base_addr);
420 note_page(&st, 0, 0, 0, NULL);
421}
422
423static void __init ptdump_initialize(void)
424{
425 unsigned i, j;
426
427 for (i = 0; i < ARRAY_SIZE(pg_level); i++)
428 if (pg_level[i].bits)
429 for (j = 0; j < pg_level[i].num; j++) {
430 pg_level[i].mask |= pg_level[i].bits[j].mask;
431 if (pg_level[i].bits[j].ro_bit)
432 pg_level[i].ro_bit = &pg_level[i].bits[j];
433 if (pg_level[i].bits[j].nx_bit)
434 pg_level[i].nx_bit = &pg_level[i].bits[j];
435 }
436#ifdef CONFIG_KASAN
437 address_markers[4].start_address = VMALLOC_START;
438#else
439 address_markers[2].start_address = VMALLOC_START;
440#endif
441}
442
443static struct ptdump_info kernel_ptdump_info = {
444 .mm = &init_mm,
445 .markers = address_markers,
446 .base_addr = 0,
447};
448
449void ptdump_check_wx(void)
450{
451 struct pg_state st = {
452 .seq = NULL,
453 .marker = (struct addr_marker[]) {
454 { 0, NULL},
455 { -1, NULL},
456 },
457 .check_wx = true,
458 };
459
460 walk_pgd(&st, &init_mm, 0);
461 note_page(&st, 0, 0, 0, NULL);
462 if (st.wx_pages)
463 pr_warn("Checked W+X mappings: FAILED, %lu W+X pages found\n",
464 st.wx_pages);
465 else
466 pr_info("Checked W+X mappings: passed, no W+X pages found\n");
467}
468
469static int __init ptdump_init(void)
470{
471 ptdump_initialize();
472 ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables");
473 return 0;
474}
475__initcall(ptdump_init);
476
