[PATCH 0/5] Fixes for ITS mitigation and execmem
From: Mike Rapoport
Date: Tue Jun 03 2025 - 07:15:00 EST
From: "Mike Rapoport (Microsoft)" <rppt@xxxxxxxxxx>
Hi,
Jürgen Groß reported some bugs in interaction of ITS mitigation with
execmem [1] when running on a Xen PV guest.
These patches fix the issue by moving all the permissions management of
ITS memory allocated from execmem into ITS code.
I didn't test on a real Xen PV guest, but I emulated !PSE variant by
force-disabling the ROX cache in x86::execmem_arch_setup().
Peter, I took liberty to put your SoB in the patch that actually
implements the execmem permissions management in ITS, please let me know
if I need to update something about the authorship.
The patches are against v6.15.
They are also available in git:
https://web.git.kernel.org/pub/scm/linux/kernel/git/rppt/linux.git/log/?h=its-execmem/v1
[1] https://lore.kernel.org/all/20250528123557.12847-2-jgross@xxxxxxxx/
Juergen Gross (1):
x86/mm/pat: don't collapse pages without PSE set
Mike Rapoport (Microsoft) (3):
x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set
x86/its: move its_pages array to struct mod_arch_specific
Revert "mm/execmem: Unify early execmem_cache behaviour"
Peter Zijlstra (Intel) (1):
x86/its: explicitly manage permissions for ITS pages
arch/x86/Kconfig | 2 +-
arch/x86/include/asm/module.h | 8 ++++
arch/x86/kernel/alternative.c | 89 ++++++++++++++++++++++++++---------
arch/x86/mm/init_32.c | 3 --
arch/x86/mm/init_64.c | 3 --
arch/x86/mm/pat/set_memory.c | 3 ++
include/linux/execmem.h | 8 +---
include/linux/module.h | 5 --
mm/execmem.c | 40 ++--------------
9 files changed, 82 insertions(+), 79 deletions(-)
base-commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca
--
2.47.2