Re: [PATCH v2] arm64: add check_wx_pages debugfs for CHECK_WX
From: Steven Price
Date: Wed Apr 22 2020 - 09:32:58 EST
On 21/04/2020 18:35, Phong Tran wrote:
follow the suggestion from
https://github.com/KSPP/linux/issues/35
Signed-off-by: Phong Tran <tranmanphong@xxxxxxxxx>
I'm fine with this as is, so you can have my
Reviewed-by: Steven Price <steven.price@xxxxxxx>
However, if you have time to look at it then it would be good to look at
moving the ptdump_check_wx()/debug_checkwx() calls into common code as
this should be supported on arm/arm64/powerpc/riscv/x86 as far as I can
see. And it's always best to get these things in common code early on
rather than letting the architectures diverge.
Also in future it would be good if you include some text in the commit
message that explains the purpose/intention of the change rather than
just a link. Having a self-contained commit message helps a lot when
searching the git history to find out why the code was written the way
it is.
Steve
---
Change since v1:
- Update the Kconfig help text
- Don't check the return value of debugfs_create_file()
- Tested on QEMU aarch64
root@qemuarm64:~# zcat /proc/config.gz | grep PTDUMP
CONFIG_GENERIC_PTDUMP=y
CONFIG_PTDUMP_CORE=y
CONFIG_PTDUMP_DEBUGFS=y
root@qemuarm64:~# uname -a
Linux qemuarm64 5.7.0-rc2-00001-g20ddb383c313 #3 SMP PREEMPT Tue Apr 21 23:18:56 +07 2020 aarch64 GNU/Linux
root@qemuarm64:~# echo 1 > /sys/kernel/debug/check_wx_pages
[ 63.261868] Checked W+X mappings: passed, no W+X pages found
---
arch/arm64/Kconfig.debug | 5 ++++-
arch/arm64/include/asm/ptdump.h | 2 ++
arch/arm64/mm/dump.c | 1 +
arch/arm64/mm/ptdump_debugfs.c | 18 ++++++++++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
index a1efa246c9ed..cd82c9d3664a 100644
--- a/arch/arm64/Kconfig.debug
+++ b/arch/arm64/Kconfig.debug
@@ -48,7 +48,10 @@ config DEBUG_WX
of other unfixed kernel bugs easier.
There is no runtime or memory usage effect of this option
- once the kernel has booted up - it's a one time check.
+ once the kernel has booted up - it's a one time check at
+ boot, and can also be triggered at runtime by echo "1" to
+ "check_wx_pages". The "check_wx_pages" is available only with
+ CONFIG_PTDUMP_DEBUGFS is enabled.
If in doubt, say "Y".
diff --git a/arch/arm64/include/asm/ptdump.h b/arch/arm64/include/asm/ptdump.h
index 38187f74e089..c90a6ec6f59b 100644
--- a/arch/arm64/include/asm/ptdump.h
+++ b/arch/arm64/include/asm/ptdump.h
@@ -24,9 +24,11 @@ struct ptdump_info {
void ptdump_walk(struct seq_file *s, struct ptdump_info *info);
#ifdef CONFIG_PTDUMP_DEBUGFS
void ptdump_debugfs_register(struct ptdump_info *info, const char *name);
+void ptdump_check_wx_init(void);
#else
static inline void ptdump_debugfs_register(struct ptdump_info *info,
const char *name) { }
+static inline void ptdump_check_wx_init(void) { }
#endif
void ptdump_check_wx(void);
#endif /* CONFIG_PTDUMP_CORE */
diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
index 860c00ec8bd3..60c99a047763 100644
--- a/arch/arm64/mm/dump.c
+++ b/arch/arm64/mm/dump.c
@@ -378,6 +378,7 @@ static int ptdump_init(void)
#endif
ptdump_initialize();
ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables");
+ ptdump_check_wx_init();
return 0;
}
device_initcall(ptdump_init);
diff --git a/arch/arm64/mm/ptdump_debugfs.c b/arch/arm64/mm/ptdump_debugfs.c
index d29d722ec3ec..6b0aa16cb17b 100644
--- a/arch/arm64/mm/ptdump_debugfs.c
+++ b/arch/arm64/mm/ptdump_debugfs.c
@@ -20,3 +20,21 @@ void ptdump_debugfs_register(struct ptdump_info *info, const char *name)
{
debugfs_create_file(name, 0400, NULL, info, &ptdump_fops);
}
+
+static int check_wx_debugfs_set(void *data, u64 val)
+{
+ if (val != 1ULL)
+ return -EINVAL;
+
+ ptdump_check_wx();
+
+ return 0;
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(check_wx_fops, NULL, check_wx_debugfs_set, "%llu\n");
+
+void ptdump_check_wx_init(void)
+{
+ debugfs_create_file("check_wx_pages", 0200, NULL,
+ NULL, &check_wx_fops) ? 0 : -ENOMEM;
+}