1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2014, The Linux Foundation. All rights reserved. 4 * Debug helper to dump the current kernel pagetables of the system 5 * so that we can see what the various memory ranges are set to. 6 * 7 * Derived from x86 and arm implementation: 8 * (C) Copyright 2008 Intel Corporation 9 * 10 * Author: Arjan van de Ven <arjan@linux.intel.com> 11 */ 12 #include <linux/debugfs.h> 13 #include <linux/errno.h> 14 #include <linux/fs.h> 15 #include <linux/io.h> 16 #include <linux/init.h> 17 #include <linux/mm.h> 18 #include <linux/ptdump.h> 19 #include <linux/sched.h> 20 #include <linux/seq_file.h> 21 22 #include <asm/fixmap.h> 23 #include <asm/kasan.h> 24 #include <asm/memory.h> 25 #include <asm/pgtable-hwdef.h> 26 #include <asm/ptdump.h> 27 28 29 #define pt_dump_seq_printf(m, fmt, args...) \ 30 ({ \ 31 if (m) \ 32 seq_printf(m, fmt, ##args); \ 33 }) 34 35 #define pt_dump_seq_puts(m, fmt) \ 36 ({ \ 37 if (m) \ 38 seq_printf(m, fmt); \ 39 }) 40 41 static const struct ptdump_prot_bits pte_bits[] = { 42 { 43 .mask = PTE_VALID, 44 .val = PTE_VALID, 45 .set = " ", 46 .clear = "F", 47 }, { 48 .mask = PTE_USER, 49 .val = PTE_USER, 50 .set = "USR", 51 .clear = " ", 52 }, { 53 .mask = PTE_RDONLY, 54 .val = PTE_RDONLY, 55 .set = "ro", 56 .clear = "RW", 57 }, { 58 .mask = PTE_PXN, 59 .val = PTE_PXN, 60 .set = "NX", 61 .clear = "x ", 62 }, { 63 .mask = PTE_SHARED, 64 .val = PTE_SHARED, 65 .set = "SHD", 66 .clear = " ", 67 }, { 68 .mask = PTE_AF, 69 .val = PTE_AF, 70 .set = "AF", 71 .clear = " ", 72 }, { 73 .mask = PTE_NG, 74 .val = PTE_NG, 75 .set = "NG", 76 .clear = " ", 77 }, { 78 .mask = PTE_CONT, 79 .val = PTE_CONT, 80 .set = "CON", 81 .clear = " ", 82 }, { 83 .mask = PTE_TABLE_BIT, 84 .val = PTE_TABLE_BIT, 85 .set = " ", 86 .clear = "BLK", 87 }, { 88 .mask = PTE_UXN, 89 .val = PTE_UXN, 90 .set = "UXN", 91 .clear = " ", 92 }, { 93 .mask = PTE_GP, 94 .val = PTE_GP, 95 .set = "GP", 96 .clear = " ", 97 }, { 98 .mask = PTE_ATTRINDX_MASK, 99 .val = PTE_ATTRINDX(MT_DEVICE_nGnRnE), 100 .set = "DEVICE/nGnRnE", 101 }, { 102 .mask = PTE_ATTRINDX_MASK, 103 .val = PTE_ATTRINDX(MT_DEVICE_nGnRE), 104 .set = "DEVICE/nGnRE", 105 }, { 106 .mask = PTE_ATTRINDX_MASK, 107 .val = PTE_ATTRINDX(MT_NORMAL_NC), 108 .set = "MEM/NORMAL-NC", 109 }, { 110 .mask = PTE_ATTRINDX_MASK, 111 .val = PTE_ATTRINDX(MT_NORMAL), 112 .set = "MEM/NORMAL", 113 }, { 114 .mask = PTE_ATTRINDX_MASK, 115 .val = PTE_ATTRINDX(MT_NORMAL_TAGGED), 116 .set = "MEM/NORMAL-TAGGED", 117 } 118 }; 119 120 static struct ptdump_pg_level kernel_pg_levels[] __ro_after_init = { 121 { /* pgd */ 122 .name = "PGD", 123 .bits = pte_bits, 124 .num = ARRAY_SIZE(pte_bits), 125 }, { /* p4d */ 126 .name = "P4D", 127 .bits = pte_bits, 128 .num = ARRAY_SIZE(pte_bits), 129 }, { /* pud */ 130 .name = "PUD", 131 .bits = pte_bits, 132 .num = ARRAY_SIZE(pte_bits), 133 }, { /* pmd */ 134 .name = "PMD", 135 .bits = pte_bits, 136 .num = ARRAY_SIZE(pte_bits), 137 }, { /* pte */ 138 .name = "PTE", 139 .bits = pte_bits, 140 .num = ARRAY_SIZE(pte_bits), 141 }, 142 }; 143 144 static void dump_prot(struct ptdump_pg_state *st, const struct ptdump_prot_bits *bits, 145 size_t num) 146 { 147 unsigned i; 148 149 for (i = 0; i < num; i++, bits++) { 150 const char *s; 151 152 if ((st->current_prot & bits->mask) == bits->val) 153 s = bits->set; 154 else 155 s = bits->clear; 156 157 if (s) 158 pt_dump_seq_printf(st->seq, " %s", s); 159 } 160 } 161 162 static void note_prot_uxn(struct ptdump_pg_state *st, unsigned long addr) 163 { 164 if (!st->check_wx) 165 return; 166 167 if ((st->current_prot & PTE_UXN) == PTE_UXN) 168 return; 169 170 WARN_ONCE(1, "arm64/mm: Found non-UXN mapping at address %p/%pS\n", 171 (void *)st->start_address, (void *)st->start_address); 172 173 st->uxn_pages += (addr - st->start_address) / PAGE_SIZE; 174 } 175 176 static void note_prot_wx(struct ptdump_pg_state *st, unsigned long addr) 177 { 178 if (!st->check_wx) 179 return; 180 if ((st->current_prot & PTE_RDONLY) == PTE_RDONLY) 181 return; 182 if ((st->current_prot & PTE_PXN) == PTE_PXN) 183 return; 184 185 WARN_ONCE(1, "arm64/mm: Found insecure W+X mapping at address %p/%pS\n", 186 (void *)st->start_address, (void *)st->start_address); 187 188 st->wx_pages += (addr - st->start_address) / PAGE_SIZE; 189 } 190 191 void note_page(struct ptdump_state *pt_st, unsigned long addr, int level, 192 u64 val) 193 { 194 struct ptdump_pg_state *st = container_of(pt_st, struct ptdump_pg_state, ptdump); 195 struct ptdump_pg_level *pg_level = st->pg_level; 196 static const char units[] = "KMGTPE"; 197 u64 prot = 0; 198 199 /* check if the current level has been folded dynamically */ 200 if (st->mm && ((level == 1 && mm_p4d_folded(st->mm)) || 201 (level == 2 && mm_pud_folded(st->mm)))) 202 level = 0; 203 204 if (level >= 0) 205 prot = val & pg_level[level].mask; 206 207 if (st->level == -1) { 208 st->level = level; 209 st->current_prot = prot; 210 st->start_address = addr; 211 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name); 212 } else if (prot != st->current_prot || level != st->level || 213 addr >= st->marker[1].start_address) { 214 const char *unit = units; 215 unsigned long delta; 216 217 if (st->current_prot) { 218 note_prot_uxn(st, addr); 219 note_prot_wx(st, addr); 220 } 221 222 pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx ", 223 st->start_address, addr); 224 225 delta = (addr - st->start_address) >> 10; 226 while (!(delta & 1023) && unit[1]) { 227 delta >>= 10; 228 unit++; 229 } 230 pt_dump_seq_printf(st->seq, "%9lu%c %s", delta, *unit, 231 pg_level[st->level].name); 232 if (st->current_prot && pg_level[st->level].bits) 233 dump_prot(st, pg_level[st->level].bits, 234 pg_level[st->level].num); 235 pt_dump_seq_puts(st->seq, "\n"); 236 237 if (addr >= st->marker[1].start_address) { 238 st->marker++; 239 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name); 240 } 241 242 st->start_address = addr; 243 st->current_prot = prot; 244 st->level = level; 245 } 246 247 if (addr >= st->marker[1].start_address) { 248 st->marker++; 249 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name); 250 } 251 252 } 253 254 void ptdump_walk(struct seq_file *s, struct ptdump_info *info) 255 { 256 unsigned long end = ~0UL; 257 struct ptdump_pg_state st; 258 259 if (info->base_addr < TASK_SIZE_64) 260 end = TASK_SIZE_64; 261 262 st = (struct ptdump_pg_state){ 263 .seq = s, 264 .marker = info->markers, 265 .mm = info->mm, 266 .pg_level = &kernel_pg_levels[0], 267 .level = -1, 268 .ptdump = { 269 .note_page = note_page, 270 .range = (struct ptdump_range[]){ 271 {info->base_addr, end}, 272 {0, 0} 273 } 274 } 275 }; 276 277 ptdump_walk_pgd(&st.ptdump, info->mm, NULL); 278 } 279 280 static void __init ptdump_initialize(void) 281 { 282 unsigned i, j; 283 284 for (i = 0; i < ARRAY_SIZE(kernel_pg_levels); i++) 285 if (kernel_pg_levels[i].bits) 286 for (j = 0; j < kernel_pg_levels[i].num; j++) 287 kernel_pg_levels[i].mask |= kernel_pg_levels[i].bits[j].mask; 288 } 289 290 static struct ptdump_info kernel_ptdump_info __ro_after_init = { 291 .mm = &init_mm, 292 }; 293 294 bool ptdump_check_wx(void) 295 { 296 struct ptdump_pg_state st = { 297 .seq = NULL, 298 .marker = (struct addr_marker[]) { 299 { 0, NULL}, 300 { -1, NULL}, 301 }, 302 .pg_level = &kernel_pg_levels[0], 303 .level = -1, 304 .check_wx = true, 305 .ptdump = { 306 .note_page = note_page, 307 .range = (struct ptdump_range[]) { 308 {_PAGE_OFFSET(vabits_actual), ~0UL}, 309 {0, 0} 310 } 311 } 312 }; 313 314 ptdump_walk_pgd(&st.ptdump, &init_mm, NULL); 315 316 if (st.wx_pages || st.uxn_pages) { 317 pr_warn("Checked W+X mappings: FAILED, %lu W+X pages found, %lu non-UXN pages found\n", 318 st.wx_pages, st.uxn_pages); 319 320 return false; 321 } else { 322 pr_info("Checked W+X mappings: passed, no W+X pages found\n"); 323 324 return true; 325 } 326 } 327 328 static int __init ptdump_init(void) 329 { 330 u64 page_offset = _PAGE_OFFSET(vabits_actual); 331 u64 vmemmap_start = (u64)virt_to_page((void *)page_offset); 332 struct addr_marker m[] = { 333 { PAGE_OFFSET, "Linear Mapping start" }, 334 { PAGE_END, "Linear Mapping end" }, 335 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) 336 { KASAN_SHADOW_START, "Kasan shadow start" }, 337 { KASAN_SHADOW_END, "Kasan shadow end" }, 338 #endif 339 { MODULES_VADDR, "Modules start" }, 340 { MODULES_END, "Modules end" }, 341 { VMALLOC_START, "vmalloc() area" }, 342 { VMALLOC_END, "vmalloc() end" }, 343 { vmemmap_start, "vmemmap start" }, 344 { VMEMMAP_END, "vmemmap end" }, 345 { PCI_IO_START, "PCI I/O start" }, 346 { PCI_IO_END, "PCI I/O end" }, 347 { FIXADDR_TOT_START, "Fixmap start" }, 348 { FIXADDR_TOP, "Fixmap end" }, 349 { -1, NULL }, 350 }; 351 static struct addr_marker address_markers[ARRAY_SIZE(m)] __ro_after_init; 352 353 kernel_ptdump_info.markers = memcpy(address_markers, m, sizeof(m)); 354 kernel_ptdump_info.base_addr = page_offset; 355 356 ptdump_initialize(); 357 ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables"); 358 return 0; 359 } 360 device_initcall(ptdump_init); 361