arch/arm64/mm/ptdump.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Copyright (c) 2014, The Linux Foundation. All rights reserved.
   4  * Debug helper to dump the current kernel pagetables of the system
   5  * so that we can see what the various memory ranges are set to.
   6  *
   7  * Derived from x86 and arm implementation:
   8  * (C) Copyright 2008 Intel Corporation
   9  *
  10  * Author: Arjan van de Ven <[email protected]>
  11  */
  12 #include <linux/debugfs.h>
  13 #include <linux/errno.h>
  14 #include <linux/fs.h>
  15 #include <linux/io.h>
  16 #include <linux/init.h>
  17 #include <linux/mm.h>
  18 #include <linux/ptdump.h>
  19 #include <linux/sched.h>
  20 #include <linux/seq_file.h>
  21
  22 #include <asm/fixmap.h>
  23 #include <asm/kasan.h>
  24 #include <asm/memory.h>
  25 #include <asm/pgtable-hwdef.h>
  26 #include <asm/ptdump.h>
  27
  28
  29 #define pt_dump_seq_printf(m, fmt, args...)     \
  30 ({                                              \
  31         if (m)                                  \
  32                 seq_printf(m, fmt, ##args);     \
  33 })
  34
  35 #define pt_dump_seq_puts(m, fmt)        \
  36 ({                                      \
  37         if (m)                          \
  38                 seq_printf(m, fmt);     \
  39 })
  40
  41 static const struct ptdump_prot_bits pte_bits[] = {
  42         {
  43                 .mask   = PTE_VALID,
  44                 .val    = PTE_VALID,
  45                 .set    = " ",
  46                 .clear  = "F",
  47         }, {
  48                 .mask   = PTE_USER,
  49                 .val    = PTE_USER,
  50                 .set    = "USR",
  51                 .clear  = "   ",
  52         }, {
  53                 .mask   = PTE_RDONLY,
  54                 .val    = PTE_RDONLY,
  55                 .set    = "ro",
  56                 .clear  = "RW",
  57         }, {
  58                 .mask   = PTE_PXN,
  59                 .val    = PTE_PXN,
  60                 .set    = "NX",
  61                 .clear  = "x ",
  62         }, {
  63                 .mask   = PTE_SHARED,
  64                 .val    = PTE_SHARED,
  65                 .set    = "SHD",
  66                 .clear  = "   ",
  67         }, {
  68                 .mask   = PTE_AF,
  69                 .val    = PTE_AF,
  70                 .set    = "AF",
  71                 .clear  = "  ",
  72         }, {
  73                 .mask   = PTE_NG,
  74                 .val    = PTE_NG,
  75                 .set    = "NG",
  76                 .clear  = "  ",
  77         }, {
  78                 .mask   = PTE_CONT,
  79                 .val    = PTE_CONT,
  80                 .set    = "CON",
  81                 .clear  = "   ",
  82         }, {
  83                 .mask   = PTE_TABLE_BIT | PTE_VALID,
  84                 .val    = PTE_VALID,
  85                 .set    = "BLK",
  86                 .clear  = "   ",
  87         }, {
  88                 .mask   = PTE_UXN,
  89                 .val    = PTE_UXN,
  90                 .set    = "UXN",
  91                 .clear  = "   ",
  92         }, {
  93                 .mask   = PTE_GP,
  94                 .val    = PTE_GP,
  95                 .set    = "GP",
  96                 .clear  = "  ",
  97         }, {
  98                 .mask   = PTE_ATTRINDX_MASK,
  99                 .val    = PTE_ATTRINDX(MT_DEVICE_nGnRnE),
 100                 .set    = "DEVICE/nGnRnE",
 101         }, {
 102                 .mask   = PTE_ATTRINDX_MASK,
 103                 .val    = PTE_ATTRINDX(MT_DEVICE_nGnRE),
 104                 .set    = "DEVICE/nGnRE",
 105         }, {
 106                 .mask   = PTE_ATTRINDX_MASK,
 107                 .val    = PTE_ATTRINDX(MT_NORMAL_NC),
 108                 .set    = "MEM/NORMAL-NC",
 109         }, {
 110                 .mask   = PTE_ATTRINDX_MASK,
 111                 .val    = PTE_ATTRINDX(MT_NORMAL),
 112                 .set    = "MEM/NORMAL",
 113         }, {
 114                 .mask   = PTE_ATTRINDX_MASK,
 115                 .val    = PTE_ATTRINDX(MT_NORMAL_TAGGED),
 116                 .set    = "MEM/NORMAL-TAGGED",
 117         }
 118 };
 119
 120 static struct ptdump_pg_level kernel_pg_levels[] __ro_after_init = {
 121         { /* pgd */
 122                 .name   = "PGD",
 123                 .bits   = pte_bits,
 124                 .num    = ARRAY_SIZE(pte_bits),
 125         }, { /* p4d */
 126                 .name   = "P4D",
 127                 .bits   = pte_bits,
 128                 .num    = ARRAY_SIZE(pte_bits),
 129         }, { /* pud */
 130                 .name   = "PUD",
 131                 .bits   = pte_bits,
 132                 .num    = ARRAY_SIZE(pte_bits),
 133         }, { /* pmd */
 134                 .name   = "PMD",
 135                 .bits   = pte_bits,
 136                 .num    = ARRAY_SIZE(pte_bits),
 137         }, { /* pte */
 138                 .name   = "PTE",
 139                 .bits   = pte_bits,
 140                 .num    = ARRAY_SIZE(pte_bits),
 141         },
 142 };
 143
 144 static void dump_prot(struct ptdump_pg_state *st, const struct ptdump_prot_bits *bits,
 145                         size_t num)
 146 {
 147         unsigned i;
 148
 149         for (i = 0; i < num; i++, bits++) {
 150                 const char *s;
 151
 152                 if ((st->current_prot & bits->mask) == bits->val)
 153                         s = bits->set;
 154                 else
 155                         s = bits->clear;
 156
 157                 if (s)
 158                         pt_dump_seq_printf(st->seq, " %s", s);
 159         }
 160 }
 161
 162 static void note_prot_uxn(struct ptdump_pg_state *st, unsigned long addr)
 163 {
 164         if (!st->check_wx)
 165                 return;
 166
 167         if ((st->current_prot & PTE_UXN) == PTE_UXN)
 168                 return;
 169
 170         WARN_ONCE(1, "arm64/mm: Found non-UXN mapping at address %p/%pS\n",
 171                   (void *)st->start_address, (void *)st->start_address);
 172
 173         st->uxn_pages += (addr - st->start_address) / PAGE_SIZE;
 174 }
 175
 176 static void note_prot_wx(struct ptdump_pg_state *st, unsigned long addr)
 177 {
 178         if (!st->check_wx)
 179                 return;
 180         if ((st->current_prot & PTE_RDONLY) == PTE_RDONLY)
 181                 return;
 182         if ((st->current_prot & PTE_PXN) == PTE_PXN)
 183                 return;
 184
 185         WARN_ONCE(1, "arm64/mm: Found insecure W+X mapping at address %p/%pS\n",
 186                   (void *)st->start_address, (void *)st->start_address);
 187
 188         st->wx_pages += (addr - st->start_address) / PAGE_SIZE;
 189 }
 190
 191 void note_page(struct ptdump_state *pt_st, unsigned long addr, int level,
 192                u64 val)
 193 {
 194         struct ptdump_pg_state *st = container_of(pt_st, struct ptdump_pg_state, ptdump);
 195         struct ptdump_pg_level *pg_level = st->pg_level;
 196         static const char units[] = "KMGTPE";
 197         u64 prot = 0;
 198
 199         /* check if the current level has been folded dynamically */
 200         if (st->mm && ((level == 1 && mm_p4d_folded(st->mm)) ||
 201             (level == 2 && mm_pud_folded(st->mm))))
 202                 level = 0;
 203
 204         if (level >= 0)
 205                 prot = val & pg_level[level].mask;
 206
 207         if (st->level == -1) {
 208                 st->level = level;
 209                 st->current_prot = prot;
 210                 st->start_address = addr;
 211                 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 212         } else if (prot != st->current_prot || level != st->level ||
 213                    addr >= st->marker[1].start_address) {
 214                 const char *unit = units;
 215                 unsigned long delta;
 216
 217                 if (st->current_prot) {
 218                         note_prot_uxn(st, addr);
 219                         note_prot_wx(st, addr);
 220                 }
 221
 222                 pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
 223                                    st->start_address, addr);
 224
 225                 delta = (addr - st->start_address) >> 10;
 226                 while (!(delta & 1023) && unit[1]) {
 227                         delta >>= 10;
 228                         unit++;
 229                 }
 230                 pt_dump_seq_printf(st->seq, "%9lu%c %s", delta, *unit,
 231                                    pg_level[st->level].name);
 232                 if (st->current_prot && pg_level[st->level].bits)
 233                         dump_prot(st, pg_level[st->level].bits,
 234                                   pg_level[st->level].num);
 235                 pt_dump_seq_puts(st->seq, "\n");
 236
 237                 if (addr >= st->marker[1].start_address) {
 238                         st->marker++;
 239                         pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 240                 }
 241
 242                 st->start_address = addr;
 243                 st->current_prot = prot;
 244                 st->level = level;
 245         }
 246
 247         if (addr >= st->marker[1].start_address) {
 248                 st->marker++;
 249                 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 250         }
 251
 252 }
 253
 254 void ptdump_walk(struct seq_file *s, struct ptdump_info *info)
 255 {
 256         unsigned long end = ~0UL;
 257         struct ptdump_pg_state st;
 258
 259         if (info->base_addr < TASK_SIZE_64)
 260                 end = TASK_SIZE_64;
 261
 262         st = (struct ptdump_pg_state){
 263                 .seq = s,
 264                 .marker = info->markers,
 265                 .mm = info->mm,
 266                 .pg_level = &kernel_pg_levels[0],
 267                 .level = -1,
 268                 .ptdump = {
 269                         .note_page = note_page,
 270                         .range = (struct ptdump_range[]){
 271                                 {info->base_addr, end},
 272                                 {0, 0}
 273                         }
 274                 }
 275         };
 276
 277         ptdump_walk_pgd(&st.ptdump, info->mm, NULL);
 278 }
 279
 280 static void __init ptdump_initialize(void)
 281 {
 282         unsigned i, j;
 283
 284         for (i = 0; i < ARRAY_SIZE(kernel_pg_levels); i++)
 285                 if (kernel_pg_levels[i].bits)
 286                         for (j = 0; j < kernel_pg_levels[i].num; j++)
 287                                 kernel_pg_levels[i].mask |= kernel_pg_levels[i].bits[j].mask;
 288 }
 289
 290 static struct ptdump_info kernel_ptdump_info __ro_after_init = {
 291         .mm             = &init_mm,
 292 };
 293
 294 bool ptdump_check_wx(void)
 295 {
 296         struct ptdump_pg_state st = {
 297                 .seq = NULL,
 298                 .marker = (struct addr_marker[]) {
 299                         { 0, NULL},
 300                         { -1, NULL},
 301                 },
 302                 .pg_level = &kernel_pg_levels[0],
 303                 .level = -1,
 304                 .check_wx = true,
 305                 .ptdump = {
 306                         .note_page = note_page,
 307                         .range = (struct ptdump_range[]) {
 308                                 {_PAGE_OFFSET(vabits_actual), ~0UL},
 309                                 {0, 0}
 310                         }
 311                 }
 312         };
 313
 314         ptdump_walk_pgd(&st.ptdump, &init_mm, NULL);
 315
 316         if (st.wx_pages || st.uxn_pages) {
 317                 pr_warn("Checked W+X mappings: FAILED, %lu W+X pages found, %lu non-UXN pages found\n",
 318                         st.wx_pages, st.uxn_pages);
 319
 320                 return false;
 321         } else {
 322                 pr_info("Checked W+X mappings: passed, no W+X pages found\n");
 323
 324                 return true;
 325         }
 326 }
 327
 328 static int __init ptdump_init(void)
 329 {
 330         u64 page_offset = _PAGE_OFFSET(vabits_actual);
 331         u64 vmemmap_start = (u64)virt_to_page((void *)page_offset);
 332         struct addr_marker m[] = {
 333                 { PAGE_OFFSET,          "Linear Mapping start" },
 334                 { PAGE_END,             "Linear Mapping end" },
 335 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
 336                 { KASAN_SHADOW_START,   "Kasan shadow start" },
 337                 { KASAN_SHADOW_END,     "Kasan shadow end" },
 338 #endif
 339                 { MODULES_VADDR,        "Modules start" },
 340                 { MODULES_END,          "Modules end" },
 341                 { VMALLOC_START,        "vmalloc() area" },
 342                 { VMALLOC_END,          "vmalloc() end" },
 343                 { vmemmap_start,        "vmemmap start" },
 344                 { VMEMMAP_END,          "vmemmap end" },
 345                 { PCI_IO_START,         "PCI I/O start" },
 346                 { PCI_IO_END,           "PCI I/O end" },
 347                 { FIXADDR_TOT_START,    "Fixmap start" },
 348                 { FIXADDR_TOP,          "Fixmap end" },
 349                 { -1,                   NULL },
 350         };
 351         static struct addr_marker address_markers[ARRAY_SIZE(m)] __ro_after_init;
 352
 353         kernel_ptdump_info.markers = memcpy(address_markers, m, sizeof(m));
 354         kernel_ptdump_info.base_addr = page_offset;
 355
 356         ptdump_initialize();
 357         ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables");
 358         return 0;
 359 }
 360 device_initcall(ptdump_init);