arch/arm64/mm/ptdump.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Copyright (c) 2014, The Linux Foundation. All rights reserved.
   4  * Debug helper to dump the current kernel pagetables of the system
   5  * so that we can see what the various memory ranges are set to.
   6  *
   7  * Derived from x86 and arm implementation:
   8  * (C) Copyright 2008 Intel Corporation
   9  *
  10  * Author: Arjan van de Ven <arjan@linux.intel.com>
  11  */
  12 #include <linux/debugfs.h>
  13 #include <linux/errno.h>
  14 #include <linux/fs.h>
  15 #include <linux/io.h>
  16 #include <linux/init.h>
  17 #include <linux/mm.h>
  18 #include <linux/ptdump.h>
  19 #include <linux/sched.h>
  20 #include <linux/seq_file.h>
  21
  22 #include <asm/fixmap.h>
  23 #include <asm/kasan.h>
  24 #include <asm/memory.h>
  25 #include <asm/pgtable-hwdef.h>
  26 #include <asm/ptdump.h>
  27
  28
  29 #define pt_dump_seq_printf(m, fmt, args...)     \
  30 ({                                              \
  31         if (m)                                  \
  32                 seq_printf(m, fmt, ##args);     \
  33 })
  34
  35 #define pt_dump_seq_puts(m, fmt)        \
  36 ({                                      \
  37         if (m)                          \
  38                 seq_printf(m, fmt);     \
  39 })
  40
  41 /*
  42  * The page dumper groups page table entries of the same type into a single
  43  * description. It uses pg_state to track the range information while
  44  * iterating over the pte entries. When the continuity is broken it then
  45  * dumps out a description of the range.
  46  */
  47 struct pg_state {
  48         struct ptdump_state ptdump;
  49         struct seq_file *seq;
  50         const struct addr_marker *marker;
  51         unsigned long start_address;
  52         int level;
  53         u64 current_prot;
  54         bool check_wx;
  55         unsigned long wx_pages;
  56         unsigned long uxn_pages;
  57 };
  58
  59 struct prot_bits {
  60         u64             mask;
  61         u64             val;
  62         const char      *set;
  63         const char      *clear;
  64 };
  65
  66 static const struct prot_bits pte_bits[] = {
  67         {
  68                 .mask   = PTE_VALID,
  69                 .val    = PTE_VALID,
  70                 .set    = " ",
  71                 .clear  = "F",
  72         }, {
  73                 .mask   = PTE_USER,
  74                 .val    = PTE_USER,
  75                 .set    = "USR",
  76                 .clear  = "   ",
  77         }, {
  78                 .mask   = PTE_RDONLY,
  79                 .val    = PTE_RDONLY,
  80                 .set    = "ro",
  81                 .clear  = "RW",
  82         }, {
  83                 .mask   = PTE_PXN,
  84                 .val    = PTE_PXN,
  85                 .set    = "NX",
  86                 .clear  = "x ",
  87         }, {
  88                 .mask   = PTE_SHARED,
  89                 .val    = PTE_SHARED,
  90                 .set    = "SHD",
  91                 .clear  = "   ",
  92         }, {
  93                 .mask   = PTE_AF,
  94                 .val    = PTE_AF,
  95                 .set    = "AF",
  96                 .clear  = "  ",
  97         }, {
  98                 .mask   = PTE_NG,
  99                 .val    = PTE_NG,
 100                 .set    = "NG",
 101                 .clear  = "  ",
 102         }, {
 103                 .mask   = PTE_CONT,
 104                 .val    = PTE_CONT,
 105                 .set    = "CON",
 106                 .clear  = "   ",
 107         }, {
 108                 .mask   = PTE_TABLE_BIT,
 109                 .val    = PTE_TABLE_BIT,
 110                 .set    = "   ",
 111                 .clear  = "BLK",
 112         }, {
 113                 .mask   = PTE_UXN,
 114                 .val    = PTE_UXN,
 115                 .set    = "UXN",
 116                 .clear  = "   ",
 117         }, {
 118                 .mask   = PTE_GP,
 119                 .val    = PTE_GP,
 120                 .set    = "GP",
 121                 .clear  = "  ",
 122         }, {
 123                 .mask   = PTE_ATTRINDX_MASK,
 124                 .val    = PTE_ATTRINDX(MT_DEVICE_nGnRnE),
 125                 .set    = "DEVICE/nGnRnE",
 126         }, {
 127                 .mask   = PTE_ATTRINDX_MASK,
 128                 .val    = PTE_ATTRINDX(MT_DEVICE_nGnRE),
 129                 .set    = "DEVICE/nGnRE",
 130         }, {
 131                 .mask   = PTE_ATTRINDX_MASK,
 132                 .val    = PTE_ATTRINDX(MT_NORMAL_NC),
 133                 .set    = "MEM/NORMAL-NC",
 134         }, {
 135                 .mask   = PTE_ATTRINDX_MASK,
 136                 .val    = PTE_ATTRINDX(MT_NORMAL),
 137                 .set    = "MEM/NORMAL",
 138         }, {
 139                 .mask   = PTE_ATTRINDX_MASK,
 140                 .val    = PTE_ATTRINDX(MT_NORMAL_TAGGED),
 141                 .set    = "MEM/NORMAL-TAGGED",
 142         }
 143 };
 144
 145 struct pg_level {
 146         const struct prot_bits *bits;
 147         const char *name;
 148         size_t num;
 149         u64 mask;
 150 };
 151
 152 static struct pg_level pg_level[] = {
 153         { /* pgd */
 154                 .name   = "PGD",
 155                 .bits   = pte_bits,
 156                 .num    = ARRAY_SIZE(pte_bits),
 157         }, { /* p4d */
 158                 .name   = "P4D",
 159                 .bits   = pte_bits,
 160                 .num    = ARRAY_SIZE(pte_bits),
 161         }, { /* pud */
 162                 .name   = (CONFIG_PGTABLE_LEVELS > 3) ? "PUD" : "PGD",
 163                 .bits   = pte_bits,
 164                 .num    = ARRAY_SIZE(pte_bits),
 165         }, { /* pmd */
 166                 .name   = (CONFIG_PGTABLE_LEVELS > 2) ? "PMD" : "PGD",
 167                 .bits   = pte_bits,
 168                 .num    = ARRAY_SIZE(pte_bits),
 169         }, { /* pte */
 170                 .name   = "PTE",
 171                 .bits   = pte_bits,
 172                 .num    = ARRAY_SIZE(pte_bits),
 173         },
 174 };
 175
 176 static void dump_prot(struct pg_state *st, const struct prot_bits *bits,
 177                         size_t num)
 178 {
 179         unsigned i;
 180
 181         for (i = 0; i < num; i++, bits++) {
 182                 const char *s;
 183
 184                 if ((st->current_prot & bits->mask) == bits->val)
 185                         s = bits->set;
 186                 else
 187                         s = bits->clear;
 188
 189                 if (s)
 190                         pt_dump_seq_printf(st->seq, " %s", s);
 191         }
 192 }
 193
 194 static void note_prot_uxn(struct pg_state *st, unsigned long addr)
 195 {
 196         if (!st->check_wx)
 197                 return;
 198
 199         if ((st->current_prot & PTE_UXN) == PTE_UXN)
 200                 return;
 201
 202         WARN_ONCE(1, "arm64/mm: Found non-UXN mapping at address %p/%pS\n",
 203                   (void *)st->start_address, (void *)st->start_address);
 204
 205         st->uxn_pages += (addr - st->start_address) / PAGE_SIZE;
 206 }
 207
 208 static void note_prot_wx(struct pg_state *st, unsigned long addr)
 209 {
 210         if (!st->check_wx)
 211                 return;
 212         if ((st->current_prot & PTE_RDONLY) == PTE_RDONLY)
 213                 return;
 214         if ((st->current_prot & PTE_PXN) == PTE_PXN)
 215                 return;
 216
 217         WARN_ONCE(1, "arm64/mm: Found insecure W+X mapping at address %p/%pS\n",
 218                   (void *)st->start_address, (void *)st->start_address);
 219
 220         st->wx_pages += (addr - st->start_address) / PAGE_SIZE;
 221 }
 222
 223 static void note_page(struct ptdump_state *pt_st, unsigned long addr, int level,
 224                       u64 val)
 225 {
 226         struct pg_state *st = container_of(pt_st, struct pg_state, ptdump);
 227         static const char units[] = "KMGTPE";
 228         u64 prot = 0;
 229
 230         if (level >= 0)
 231                 prot = val & pg_level[level].mask;
 232
 233         if (st->level == -1) {
 234                 st->level = level;
 235                 st->current_prot = prot;
 236                 st->start_address = addr;
 237                 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 238         } else if (prot != st->current_prot || level != st->level ||
 239                    addr >= st->marker[1].start_address) {
 240                 const char *unit = units;
 241                 unsigned long delta;
 242
 243                 if (st->current_prot) {
 244                         note_prot_uxn(st, addr);
 245                         note_prot_wx(st, addr);
 246                 }
 247
 248                 pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
 249                                    st->start_address, addr);
 250
 251                 delta = (addr - st->start_address) >> 10;
 252                 while (!(delta & 1023) && unit[1]) {
 253                         delta >>= 10;
 254                         unit++;
 255                 }
 256                 pt_dump_seq_printf(st->seq, "%9lu%c %s", delta, *unit,
 257                                    pg_level[st->level].name);
 258                 if (st->current_prot && pg_level[st->level].bits)
 259                         dump_prot(st, pg_level[st->level].bits,
 260                                   pg_level[st->level].num);
 261                 pt_dump_seq_puts(st->seq, "\n");
 262
 263                 if (addr >= st->marker[1].start_address) {
 264                         st->marker++;
 265                         pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 266                 }
 267
 268                 st->start_address = addr;
 269                 st->current_prot = prot;
 270                 st->level = level;
 271         }
 272
 273         if (addr >= st->marker[1].start_address) {
 274                 st->marker++;
 275                 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 276         }
 277
 278 }
 279
 280 void ptdump_walk(struct seq_file *s, struct ptdump_info *info)
 281 {
 282         unsigned long end = ~0UL;
 283         struct pg_state st;
 284
 285         if (info->base_addr < TASK_SIZE_64)
 286                 end = TASK_SIZE_64;
 287
 288         st = (struct pg_state){
 289                 .seq = s,
 290                 .marker = info->markers,
 291                 .level = -1,
 292                 .ptdump = {
 293                         .note_page = note_page,
 294                         .range = (struct ptdump_range[]){
 295                                 {info->base_addr, end},
 296                                 {0, 0}
 297                         }
 298                 }
 299         };
 300
 301         ptdump_walk_pgd(&st.ptdump, info->mm, NULL);
 302 }
 303
 304 static void __init ptdump_initialize(void)
 305 {
 306         unsigned i, j;
 307
 308         for (i = 0; i < ARRAY_SIZE(pg_level); i++)
 309                 if (pg_level[i].bits)
 310                         for (j = 0; j < pg_level[i].num; j++)
 311                                 pg_level[i].mask |= pg_level[i].bits[j].mask;
 312 }
 313
 314 static struct ptdump_info kernel_ptdump_info __ro_after_init = {
 315         .mm             = &init_mm,
 316         .base_addr      = PAGE_OFFSET,
 317 };
 318
 319 void ptdump_check_wx(void)
 320 {
 321         struct pg_state st = {
 322                 .seq = NULL,
 323                 .marker = (struct addr_marker[]) {
 324                         { 0, NULL},
 325                         { -1, NULL},
 326                 },
 327                 .level = -1,
 328                 .check_wx = true,
 329                 .ptdump = {
 330                         .note_page = note_page,
 331                         .range = (struct ptdump_range[]) {
 332                                 {PAGE_OFFSET, ~0UL},
 333                                 {0, 0}
 334                         }
 335                 }
 336         };
 337
 338         ptdump_walk_pgd(&st.ptdump, &init_mm, NULL);
 339
 340         if (st.wx_pages || st.uxn_pages)
 341                 pr_warn("Checked W+X mappings: FAILED, %lu W+X pages found, %lu non-UXN pages found\n",
 342                         st.wx_pages, st.uxn_pages);
 343         else
 344                 pr_info("Checked W+X mappings: passed, no W+X pages found\n");
 345 }
 346
 347 static int __init ptdump_init(void)
 348 {
 349         u64 page_offset = _PAGE_OFFSET(vabits_actual);
 350         u64 vmemmap_start = (u64)virt_to_page((void *)page_offset);
 351         struct addr_marker m[] = {
 352                 { PAGE_OFFSET,          "Linear Mapping start" },
 353                 { PAGE_END,             "Linear Mapping end" },
 354 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
 355                 { KASAN_SHADOW_START,   "Kasan shadow start" },
 356                 { KASAN_SHADOW_END,     "Kasan shadow end" },
 357 #endif
 358                 { MODULES_VADDR,        "Modules start" },
 359                 { MODULES_END,          "Modules end" },
 360                 { VMALLOC_START,        "vmalloc() area" },
 361                 { VMALLOC_END,          "vmalloc() end" },
 362                 { vmemmap_start,        "vmemmap start" },
 363                 { VMEMMAP_END,          "vmemmap end" },
 364                 { PCI_IO_START,         "PCI I/O start" },
 365                 { PCI_IO_END,           "PCI I/O end" },
 366                 { FIXADDR_TOT_START,    "Fixmap start" },
 367                 { FIXADDR_TOP,          "Fixmap end" },
 368                 { -1,                   NULL },
 369         };
 370         static struct addr_marker address_markers[ARRAY_SIZE(m)] __ro_after_init;
 371
 372         kernel_ptdump_info.markers = memcpy(address_markers, m, sizeof(m));
 373
 374         ptdump_initialize();
 375         ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables");
 376         return 0;
 377 }
 378 device_initcall(ptdump_init);