ptdump.c 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (c) 2014, The Linux Foundation. All rights reserved.
  4. * Debug helper to dump the current kernel pagetables of the system
  5. * so that we can see what the various memory ranges are set to.
  6. *
  7. * Derived from x86 and arm implementation:
  8. * (C) Copyright 2008 Intel Corporation
  9. *
  10. * Author: Arjan van de Ven <arjan@linux.intel.com>
  11. */
  12. #include <linux/debugfs.h>
  13. #include <linux/errno.h>
  14. #include <linux/fs.h>
  15. #include <linux/io.h>
  16. #include <linux/init.h>
  17. #include <linux/mm.h>
  18. #include <linux/ptdump.h>
  19. #include <linux/sched.h>
  20. #include <linux/seq_file.h>
  21. #include <asm/fixmap.h>
  22. #include <asm/kasan.h>
  23. #include <asm/memory.h>
  24. #include <asm/pgtable-hwdef.h>
  25. #include <asm/ptdump.h>
  26. #define pt_dump_seq_printf(m, fmt, args...) \
  27. ({ \
  28. if (m) \
  29. seq_printf(m, fmt, ##args); \
  30. })
  31. #define pt_dump_seq_puts(m, fmt) \
  32. ({ \
  33. if (m) \
  34. seq_printf(m, fmt); \
  35. })
  36. static const struct ptdump_prot_bits pte_bits[] = {
  37. {
  38. .mask = PTE_VALID,
  39. .val = PTE_VALID,
  40. .set = " ",
  41. .clear = "F",
  42. }, {
  43. .mask = PTE_USER,
  44. .val = PTE_USER,
  45. .set = "USR",
  46. .clear = " ",
  47. }, {
  48. .mask = PTE_RDONLY,
  49. .val = PTE_RDONLY,
  50. .set = "ro",
  51. .clear = "RW",
  52. }, {
  53. .mask = PTE_PXN,
  54. .val = PTE_PXN,
  55. .set = "NX",
  56. .clear = "x ",
  57. }, {
  58. .mask = PTE_SHARED,
  59. .val = PTE_SHARED,
  60. .set = "SHD",
  61. .clear = " ",
  62. }, {
  63. .mask = PTE_AF,
  64. .val = PTE_AF,
  65. .set = "AF",
  66. .clear = " ",
  67. }, {
  68. .mask = PTE_NG,
  69. .val = PTE_NG,
  70. .set = "NG",
  71. .clear = " ",
  72. }, {
  73. .mask = PTE_CONT,
  74. .val = PTE_CONT,
  75. .set = "CON",
  76. .clear = " ",
  77. }, {
  78. .mask = PMD_TYPE_MASK,
  79. .val = PMD_TYPE_SECT,
  80. .set = "BLK",
  81. .clear = " ",
  82. }, {
  83. .mask = PTE_UXN,
  84. .val = PTE_UXN,
  85. .set = "UXN",
  86. .clear = " ",
  87. }, {
  88. .mask = PTE_GP,
  89. .val = PTE_GP,
  90. .set = "GP",
  91. .clear = " ",
  92. }, {
  93. .mask = PTE_ATTRINDX_MASK,
  94. .val = PTE_ATTRINDX(MT_DEVICE_nGnRnE),
  95. .set = "DEVICE/nGnRnE",
  96. }, {
  97. .mask = PTE_ATTRINDX_MASK,
  98. .val = PTE_ATTRINDX(MT_DEVICE_nGnRE),
  99. .set = "DEVICE/nGnRE",
  100. }, {
  101. .mask = PTE_ATTRINDX_MASK,
  102. .val = PTE_ATTRINDX(MT_NORMAL_NC),
  103. .set = "MEM/NORMAL-NC",
  104. }, {
  105. .mask = PTE_ATTRINDX_MASK,
  106. .val = PTE_ATTRINDX(MT_NORMAL),
  107. .set = "MEM/NORMAL",
  108. }, {
  109. .mask = PTE_ATTRINDX_MASK,
  110. .val = PTE_ATTRINDX(MT_NORMAL_TAGGED),
  111. .set = "MEM/NORMAL-TAGGED",
  112. }
  113. };
  114. static struct ptdump_pg_level kernel_pg_levels[] __ro_after_init = {
  115. { /* pgd */
  116. .name = "PGD",
  117. .bits = pte_bits,
  118. .num = ARRAY_SIZE(pte_bits),
  119. }, { /* p4d */
  120. .name = "P4D",
  121. .bits = pte_bits,
  122. .num = ARRAY_SIZE(pte_bits),
  123. }, { /* pud */
  124. .name = "PUD",
  125. .bits = pte_bits,
  126. .num = ARRAY_SIZE(pte_bits),
  127. }, { /* pmd */
  128. .name = "PMD",
  129. .bits = pte_bits,
  130. .num = ARRAY_SIZE(pte_bits),
  131. }, { /* pte */
  132. .name = "PTE",
  133. .bits = pte_bits,
  134. .num = ARRAY_SIZE(pte_bits),
  135. },
  136. };
  137. static void dump_prot(struct ptdump_pg_state *st, const struct ptdump_prot_bits *bits,
  138. size_t num)
  139. {
  140. unsigned i;
  141. for (i = 0; i < num; i++, bits++) {
  142. const char *s;
  143. if ((st->current_prot & bits->mask) == bits->val)
  144. s = bits->set;
  145. else
  146. s = bits->clear;
  147. if (s)
  148. pt_dump_seq_printf(st->seq, " %s", s);
  149. }
  150. }
  151. static void note_prot_uxn(struct ptdump_pg_state *st, unsigned long addr)
  152. {
  153. if (!st->check_wx)
  154. return;
  155. if ((st->current_prot & PTE_UXN) == PTE_UXN)
  156. return;
  157. WARN_ONCE(1, "arm64/mm: Found non-UXN mapping at address %p/%pS\n",
  158. (void *)st->start_address, (void *)st->start_address);
  159. st->uxn_pages += (addr - st->start_address) / PAGE_SIZE;
  160. }
  161. static void note_prot_wx(struct ptdump_pg_state *st, unsigned long addr)
  162. {
  163. if (!st->check_wx)
  164. return;
  165. if ((st->current_prot & PTE_RDONLY) == PTE_RDONLY)
  166. return;
  167. if ((st->current_prot & PTE_PXN) == PTE_PXN)
  168. return;
  169. WARN_ONCE(1, "arm64/mm: Found insecure W+X mapping at address %p/%pS\n",
  170. (void *)st->start_address, (void *)st->start_address);
  171. st->wx_pages += (addr - st->start_address) / PAGE_SIZE;
  172. }
  173. void note_page(struct ptdump_state *pt_st, unsigned long addr, int level,
  174. pteval_t val)
  175. {
  176. struct ptdump_pg_state *st = container_of(pt_st, struct ptdump_pg_state, ptdump);
  177. struct ptdump_pg_level *pg_level = st->pg_level;
  178. static const char units[] = "KMGTPE";
  179. ptdesc_t prot = 0;
  180. /* check if the current level has been folded dynamically */
  181. if (st->mm && ((level == 1 && mm_p4d_folded(st->mm)) ||
  182. (level == 2 && mm_pud_folded(st->mm))))
  183. level = 0;
  184. if (level >= 0)
  185. prot = val & pg_level[level].mask;
  186. if (st->level == -1) {
  187. st->level = level;
  188. st->current_prot = prot;
  189. st->start_address = addr;
  190. pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
  191. } else if (prot != st->current_prot || level != st->level ||
  192. addr >= st->marker[1].start_address) {
  193. const char *unit = units;
  194. unsigned long delta;
  195. if (st->current_prot) {
  196. note_prot_uxn(st, addr);
  197. note_prot_wx(st, addr);
  198. }
  199. pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx ",
  200. st->start_address, addr);
  201. delta = (addr - st->start_address) >> 10;
  202. while (!(delta & 1023) && unit[1]) {
  203. delta >>= 10;
  204. unit++;
  205. }
  206. pt_dump_seq_printf(st->seq, "%9lu%c %s", delta, *unit,
  207. pg_level[st->level].name);
  208. if (st->current_prot && pg_level[st->level].bits)
  209. dump_prot(st, pg_level[st->level].bits,
  210. pg_level[st->level].num);
  211. pt_dump_seq_puts(st->seq, "\n");
  212. if (addr >= st->marker[1].start_address) {
  213. st->marker++;
  214. pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
  215. }
  216. st->start_address = addr;
  217. st->current_prot = prot;
  218. st->level = level;
  219. }
  220. if (addr >= st->marker[1].start_address) {
  221. st->marker++;
  222. pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
  223. }
  224. }
  225. void note_page_pte(struct ptdump_state *pt_st, unsigned long addr, pte_t pte)
  226. {
  227. note_page(pt_st, addr, 4, pte_val(pte));
  228. }
  229. void note_page_pmd(struct ptdump_state *pt_st, unsigned long addr, pmd_t pmd)
  230. {
  231. note_page(pt_st, addr, 3, pmd_val(pmd));
  232. }
  233. void note_page_pud(struct ptdump_state *pt_st, unsigned long addr, pud_t pud)
  234. {
  235. note_page(pt_st, addr, 2, pud_val(pud));
  236. }
  237. void note_page_p4d(struct ptdump_state *pt_st, unsigned long addr, p4d_t p4d)
  238. {
  239. note_page(pt_st, addr, 1, p4d_val(p4d));
  240. }
  241. void note_page_pgd(struct ptdump_state *pt_st, unsigned long addr, pgd_t pgd)
  242. {
  243. note_page(pt_st, addr, 0, pgd_val(pgd));
  244. }
  245. void note_page_flush(struct ptdump_state *pt_st)
  246. {
  247. pte_t pte_zero = {0};
  248. note_page(pt_st, 0, -1, pte_val(pte_zero));
  249. }
  250. static void arm64_ptdump_walk_pgd(struct ptdump_state *st, struct mm_struct *mm)
  251. {
  252. static_branch_inc(&arm64_ptdump_lock_key);
  253. ptdump_walk_pgd(st, mm, NULL);
  254. static_branch_dec(&arm64_ptdump_lock_key);
  255. }
  256. void ptdump_walk(struct seq_file *s, struct ptdump_info *info)
  257. {
  258. unsigned long end = ~0UL;
  259. struct ptdump_pg_state st;
  260. if (info->base_addr < TASK_SIZE_64)
  261. end = TASK_SIZE_64;
  262. st = (struct ptdump_pg_state){
  263. .seq = s,
  264. .marker = info->markers,
  265. .mm = info->mm,
  266. .pg_level = &kernel_pg_levels[0],
  267. .level = -1,
  268. .ptdump = {
  269. .note_page_pte = note_page_pte,
  270. .note_page_pmd = note_page_pmd,
  271. .note_page_pud = note_page_pud,
  272. .note_page_p4d = note_page_p4d,
  273. .note_page_pgd = note_page_pgd,
  274. .note_page_flush = note_page_flush,
  275. .range = (struct ptdump_range[]){
  276. {info->base_addr, end},
  277. {0, 0}
  278. }
  279. }
  280. };
  281. arm64_ptdump_walk_pgd(&st.ptdump, info->mm);
  282. }
  283. static void __init ptdump_initialize(void)
  284. {
  285. unsigned i, j;
  286. for (i = 0; i < ARRAY_SIZE(kernel_pg_levels); i++)
  287. if (kernel_pg_levels[i].bits)
  288. for (j = 0; j < kernel_pg_levels[i].num; j++)
  289. kernel_pg_levels[i].mask |= kernel_pg_levels[i].bits[j].mask;
  290. }
  291. static struct ptdump_info kernel_ptdump_info __ro_after_init = {
  292. .mm = &init_mm,
  293. };
  294. bool ptdump_check_wx(void)
  295. {
  296. struct ptdump_pg_state st = {
  297. .seq = NULL,
  298. .marker = (struct addr_marker[]) {
  299. { 0, NULL},
  300. { -1, NULL},
  301. },
  302. .pg_level = &kernel_pg_levels[0],
  303. .level = -1,
  304. .check_wx = true,
  305. .ptdump = {
  306. .note_page_pte = note_page_pte,
  307. .note_page_pmd = note_page_pmd,
  308. .note_page_pud = note_page_pud,
  309. .note_page_p4d = note_page_p4d,
  310. .note_page_pgd = note_page_pgd,
  311. .note_page_flush = note_page_flush,
  312. .range = (struct ptdump_range[]) {
  313. {_PAGE_OFFSET(vabits_actual), ~0UL},
  314. {0, 0}
  315. }
  316. }
  317. };
  318. arm64_ptdump_walk_pgd(&st.ptdump, &init_mm);
  319. if (st.wx_pages || st.uxn_pages) {
  320. pr_warn("Checked W+X mappings: FAILED, %lu W+X pages found, %lu non-UXN pages found\n",
  321. st.wx_pages, st.uxn_pages);
  322. return false;
  323. } else {
  324. pr_info("Checked W+X mappings: passed, no W+X pages found\n");
  325. return true;
  326. }
  327. }
  328. static int __init ptdump_init(void)
  329. {
  330. u64 page_offset = _PAGE_OFFSET(vabits_actual);
  331. u64 vmemmap_start = (u64)virt_to_page((void *)page_offset);
  332. struct addr_marker m[] = {
  333. { PAGE_OFFSET, "Linear Mapping start" },
  334. { PAGE_END, "Linear Mapping end" },
  335. #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
  336. { KASAN_SHADOW_START, "Kasan shadow start" },
  337. { KASAN_SHADOW_END, "Kasan shadow end" },
  338. #endif
  339. { MODULES_VADDR, "Modules start" },
  340. { MODULES_END, "Modules end" },
  341. { VMALLOC_START, "vmalloc() area" },
  342. { VMALLOC_END, "vmalloc() end" },
  343. { vmemmap_start, "vmemmap start" },
  344. { VMEMMAP_END, "vmemmap end" },
  345. { PCI_IO_START, "PCI I/O start" },
  346. { PCI_IO_END, "PCI I/O end" },
  347. { FIXADDR_TOT_START, "Fixmap start" },
  348. { FIXADDR_TOP, "Fixmap end" },
  349. { -1, NULL },
  350. };
  351. static struct addr_marker address_markers[ARRAY_SIZE(m)] __ro_after_init;
  352. kernel_ptdump_info.markers = memcpy(address_markers, m, sizeof(m));
  353. kernel_ptdump_info.base_addr = page_offset;
  354. ptdump_initialize();
  355. ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables");
  356. return 0;
  357. }
  358. device_initcall(ptdump_init);