diff options
author | Ard Biesheuvel <ardb@kernel.org> | 2020-01-13 20:22:36 +0300 |
---|---|---|
committer | Ingo Molnar <mingo@kernel.org> | 2020-01-20 10:13:00 +0300 |
commit | 75fbef0a8b6b4bb19b9a91b5214f846c2dc5139e (patch) | |
tree | 683ae4a3e75ecdf5ad11546f10d3d0a4ac7f4003 /arch/x86/mm | |
parent | bd1d7093a8086df37d260bd1f1d896c0922d34ef (diff) | |
download | linux-75fbef0a8b6b4bb19b9a91b5214f846c2dc5139e.tar.xz |
x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
The following commit:
15f003d20782 ("x86/mm/pat: Don't implicitly allow _PAGE_RW in kernel_map_pages_in_pgd()")
modified kernel_map_pages_in_pgd() to manage writable permissions
of memory mappings in the EFI page table in a different way, but
in the process, it removed the ability to clear NX attributes from
read-only mappings, by clobbering the clear mask if _PAGE_RW is not
being requested.
Failure to remove the NX attribute from read-only mappings is
unlikely to be a security issue, but it does prevent us from
tightening the permissions in the EFI page tables going forward,
so let's fix it now.
Fixes: 15f003d20782 ("x86/mm/pat: Don't implicitly allow _PAGE_RW in kernel_map_pages_in_pgd()
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20200113172245.27925-5-ardb@kernel.org
Diffstat (limited to 'arch/x86/mm')
-rw-r--r-- | arch/x86/mm/pat/set_memory.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 20823392f4f2..62a8ebe72a52 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2215,7 +2215,7 @@ int __init kernel_map_pages_in_pgd(pgd_t *pgd, u64 pfn, unsigned long address, .pgd = pgd, .numpages = numpages, .mask_set = __pgprot(0), - .mask_clr = __pgprot(0), + .mask_clr = __pgprot(~page_flags & (_PAGE_NX|_PAGE_RW)), .flags = 0, }; @@ -2224,12 +2224,6 @@ int __init kernel_map_pages_in_pgd(pgd_t *pgd, u64 pfn, unsigned long address, if (!(__supported_pte_mask & _PAGE_NX)) goto out; - if (!(page_flags & _PAGE_NX)) - cpa.mask_clr = __pgprot(_PAGE_NX); - - if (!(page_flags & _PAGE_RW)) - cpa.mask_clr = __pgprot(_PAGE_RW); - if (!(page_flags & _PAGE_ENC)) cpa.mask_clr = pgprot_encrypted(cpa.mask_clr); |