Mailing List Archive

[xen master] x86/boot: Restrict directmap permissions for .text/.rodata
commit 631369b38ed468d30d781b82f7bbd16c70330152
Author: Andrew Cooper <andrew.cooper3@citrix.com>
AuthorDate: Mon Dec 6 13:07:40 2021 +0000
Commit: Andrew Cooper <andrew.cooper3@citrix.com>
CommitDate: Tue Mar 28 11:57:56 2023 +0100

x86/boot: Restrict directmap permissions for .text/.rodata

While we've been diligent to ensure that the main text/data/rodata mappings
have suitable restrictions, their aliases via the directmap were left fully
read/write. Worse, we even had pieces of code making use of this as a
feature.

Restrict the permissions for .text/rodata, as we have no legitimate need for
writeability of these areas via the directmap alias. Note that the
compile-time allocated pagetables do get written through their directmap
alias, so need to remain writeable.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/setup.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 2b44a3ae26..b29229933d 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1667,6 +1667,16 @@ void __init noreturn __start_xen(unsigned long mbi_p)
destroy_xen_mappings((unsigned long)&__2M_rwdata_end,
ROUNDUP((unsigned long)&__2M_rwdata_end, MB(2)));

+ /*
+ * Mark all of .text and .rodata as RO in the directmap - we don't want
+ * these sections writeable via any alias. The compile-time allocated
+ * pagetables are written via their directmap alias, so data/bss needs to
+ * remain writeable.
+ */
+ modify_xen_mappings((unsigned long)__va(__pa(_start)),
+ (unsigned long)__va(__pa(__2M_rodata_end)),
+ PAGE_HYPERVISOR_RO);
+
nr_pages = 0;
for ( i = 0; i < e820.nr_map; i++ )
if ( e820.map[i].type == E820_RAM )
--
generated by git-patchbot for /home/xen/git/xen.git#master