arch/arm64/mm/dump.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * Copyright (c) 2014, The Linux Foundation. All rights reserved.
   4  * Debug helper to dump the current kernel pagetables of the system
   5  * so that we can see what the various memory ranges are set to.
   6  *
   7  * Derived from x86 and arm implementation:
   8  * (C) Copyright 2008 Intel Corporation
   9  *
  10  * Author: Arjan van de Ven <arjan@linux.intel.com>
  11  */
  12 #include <linux/debugfs.h>
  13 #include <linux/errno.h>
  14 #include <linux/fs.h>
  15 #include <linux/io.h>
  16 #include <linux/init.h>
  17 #include <linux/mm.h>
  18 #include <linux/sched.h>
  19 #include <linux/seq_file.h>
  20
  21 #include <asm/fixmap.h>
  22 #include <asm/kasan.h>
  23 #include <asm/memory.h>
  24 #include <asm/pgtable.h>
  25 #include <asm/pgtable-hwdef.h>
  26 #include <asm/ptdump.h>
  27
  28 static const struct addr_marker address_markers[] = {
  29 #ifdef CONFIG_KASAN
  30         { KASAN_SHADOW_START,           "Kasan shadow start" },
  31         { KASAN_SHADOW_END,             "Kasan shadow end" },
  32 #endif
  33         { MODULES_VADDR,                "Modules start" },
  34         { MODULES_END,                  "Modules end" },
  35         { VMALLOC_START,                "vmalloc() area" },
  36         { VMALLOC_END,                  "vmalloc() end" },
  37         { FIXADDR_START,                "Fixmap start" },
  38         { FIXADDR_TOP,                  "Fixmap end" },
  39         { PCI_IO_START,                 "PCI I/O start" },
  40         { PCI_IO_END,                   "PCI I/O end" },
  41 #ifdef CONFIG_SPARSEMEM_VMEMMAP
  42         { VMEMMAP_START,                "vmemmap start" },
  43         { VMEMMAP_START + VMEMMAP_SIZE, "vmemmap end" },
  44 #endif
  45         { PAGE_OFFSET,                  "Linear mapping" },
  46         { -1,                           NULL },
  47 };
  48
  49 #define pt_dump_seq_printf(m, fmt, args...)     \
  50 ({                                              \
  51         if (m)                                  \
  52                 seq_printf(m, fmt, ##args);     \
  53 })
  54
  55 #define pt_dump_seq_puts(m, fmt)        \
  56 ({                                      \
  57         if (m)                          \
  58                 seq_printf(m, fmt);     \
  59 })
  60
  61 /*
  62  * The page dumper groups page table entries of the same type into a single
  63  * description. It uses pg_state to track the range information while
  64  * iterating over the pte entries. When the continuity is broken it then
  65  * dumps out a description of the range.
  66  */
  67 struct pg_state {
  68         struct seq_file *seq;
  69         const struct addr_marker *marker;
  70         unsigned long start_address;
  71         unsigned level;
  72         u64 current_prot;
  73         bool check_wx;
  74         unsigned long wx_pages;
  75         unsigned long uxn_pages;
  76 };
  77
  78 struct prot_bits {
  79         u64             mask;
  80         u64             val;
  81         const char      *set;
  82         const char      *clear;
  83 };
  84
  85 static const struct prot_bits pte_bits[] = {
  86         {
  87                 .mask   = PTE_VALID,
  88                 .val    = PTE_VALID,
  89                 .set    = " ",
  90                 .clear  = "F",
  91         }, {
  92                 .mask   = PTE_USER,
  93                 .val    = PTE_USER,
  94                 .set    = "USR",
  95                 .clear  = "   ",
  96         }, {
  97                 .mask   = PTE_RDONLY,
  98                 .val    = PTE_RDONLY,
  99                 .set    = "ro",
 100                 .clear  = "RW",
 101         }, {
 102                 .mask   = PTE_PXN,
 103                 .val    = PTE_PXN,
 104                 .set    = "NX",
 105                 .clear  = "x ",
 106         }, {
 107                 .mask   = PTE_SHARED,
 108                 .val    = PTE_SHARED,
 109                 .set    = "SHD",
 110                 .clear  = "   ",
 111         }, {
 112                 .mask   = PTE_AF,
 113                 .val    = PTE_AF,
 114                 .set    = "AF",
 115                 .clear  = "  ",
 116         }, {
 117                 .mask   = PTE_NG,
 118                 .val    = PTE_NG,
 119                 .set    = "NG",
 120                 .clear  = "  ",
 121         }, {
 122                 .mask   = PTE_CONT,
 123                 .val    = PTE_CONT,
 124                 .set    = "CON",
 125                 .clear  = "   ",
 126         }, {
 127                 .mask   = PTE_TABLE_BIT,
 128                 .val    = PTE_TABLE_BIT,
 129                 .set    = "   ",
 130                 .clear  = "BLK",
 131         }, {
 132                 .mask   = PTE_UXN,
 133                 .val    = PTE_UXN,
 134                 .set    = "UXN",
 135         }, {
 136                 .mask   = PTE_ATTRINDX_MASK,
 137                 .val    = PTE_ATTRINDX(MT_DEVICE_nGnRnE),
 138                 .set    = "DEVICE/nGnRnE",
 139         }, {
 140                 .mask   = PTE_ATTRINDX_MASK,
 141                 .val    = PTE_ATTRINDX(MT_DEVICE_nGnRE),
 142                 .set    = "DEVICE/nGnRE",
 143         }, {
 144                 .mask   = PTE_ATTRINDX_MASK,
 145                 .val    = PTE_ATTRINDX(MT_DEVICE_GRE),
 146                 .set    = "DEVICE/GRE",
 147         }, {
 148                 .mask   = PTE_ATTRINDX_MASK,
 149                 .val    = PTE_ATTRINDX(MT_NORMAL_NC),
 150                 .set    = "MEM/NORMAL-NC",
 151         }, {
 152                 .mask   = PTE_ATTRINDX_MASK,
 153                 .val    = PTE_ATTRINDX(MT_NORMAL),
 154                 .set    = "MEM/NORMAL",
 155         }
 156 };
 157
 158 struct pg_level {
 159         const struct prot_bits *bits;
 160         const char *name;
 161         size_t num;
 162         u64 mask;
 163 };
 164
 165 static struct pg_level pg_level[] = {
 166         {
 167         }, { /* pgd */
 168                 .name   = "PGD",
 169                 .bits   = pte_bits,
 170                 .num    = ARRAY_SIZE(pte_bits),
 171         }, { /* pud */
 172                 .name   = (CONFIG_PGTABLE_LEVELS > 3) ? "PUD" : "PGD",
 173                 .bits   = pte_bits,
 174                 .num    = ARRAY_SIZE(pte_bits),
 175         }, { /* pmd */
 176                 .name   = (CONFIG_PGTABLE_LEVELS > 2) ? "PMD" : "PGD",
 177                 .bits   = pte_bits,
 178                 .num    = ARRAY_SIZE(pte_bits),
 179         }, { /* pte */
 180                 .name   = "PTE",
 181                 .bits   = pte_bits,
 182                 .num    = ARRAY_SIZE(pte_bits),
 183         },
 184 };
 185
 186 static void dump_prot(struct pg_state *st, const struct prot_bits *bits,
 187                         size_t num)
 188 {
 189         unsigned i;
 190
 191         for (i = 0; i < num; i++, bits++) {
 192                 const char *s;
 193
 194                 if ((st->current_prot & bits->mask) == bits->val)
 195                         s = bits->set;
 196                 else
 197                         s = bits->clear;
 198
 199                 if (s)
 200                         pt_dump_seq_printf(st->seq, " %s", s);
 201         }
 202 }
 203
 204 static void note_prot_uxn(struct pg_state *st, unsigned long addr)
 205 {
 206         if (!st->check_wx)
 207                 return;
 208
 209         if ((st->current_prot & PTE_UXN) == PTE_UXN)
 210                 return;
 211
 212         WARN_ONCE(1, "arm64/mm: Found non-UXN mapping at address %p/%pS\n",
 213                   (void *)st->start_address, (void *)st->start_address);
 214
 215         st->uxn_pages += (addr - st->start_address) / PAGE_SIZE;
 216 }
 217
 218 static void note_prot_wx(struct pg_state *st, unsigned long addr)
 219 {
 220         if (!st->check_wx)
 221                 return;
 222         if ((st->current_prot & PTE_RDONLY) == PTE_RDONLY)
 223                 return;
 224         if ((st->current_prot & PTE_PXN) == PTE_PXN)
 225                 return;
 226
 227         WARN_ONCE(1, "arm64/mm: Found insecure W+X mapping at address %p/%pS\n",
 228                   (void *)st->start_address, (void *)st->start_address);
 229
 230         st->wx_pages += (addr - st->start_address) / PAGE_SIZE;
 231 }
 232
 233 static void note_page(struct pg_state *st, unsigned long addr, unsigned level,
 234                                 u64 val)
 235 {
 236         static const char units[] = "KMGTPE";
 237         u64 prot = val & pg_level[level].mask;
 238
 239         if (!st->level) {
 240                 st->level = level;
 241                 st->current_prot = prot;
 242                 st->start_address = addr;
 243                 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 244         } else if (prot != st->current_prot || level != st->level ||
 245                    addr >= st->marker[1].start_address) {
 246                 const char *unit = units;
 247                 unsigned long delta;
 248
 249                 if (st->current_prot) {
 250                         note_prot_uxn(st, addr);
 251                         note_prot_wx(st, addr);
 252                         pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
 253                                    st->start_address, addr);
 254
 255                         delta = (addr - st->start_address) >> 10;
 256                         while (!(delta & 1023) && unit[1]) {
 257                                 delta >>= 10;
 258                                 unit++;
 259                         }
 260                         pt_dump_seq_printf(st->seq, "%9lu%c %s", delta, *unit,
 261                                    pg_level[st->level].name);
 262                         if (pg_level[st->level].bits)
 263                                 dump_prot(st, pg_level[st->level].bits,
 264                                           pg_level[st->level].num);
 265                         pt_dump_seq_puts(st->seq, "\n");
 266                 }
 267
 268                 if (addr >= st->marker[1].start_address) {
 269                         st->marker++;
 270                         pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 271                 }
 272
 273                 st->start_address = addr;
 274                 st->current_prot = prot;
 275                 st->level = level;
 276         }
 277
 278         if (addr >= st->marker[1].start_address) {
 279                 st->marker++;
 280                 pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
 281         }
 282
 283 }
 284
 285 static void walk_pte(struct pg_state *st, pmd_t *pmdp, unsigned long start,
 286                      unsigned long end)
 287 {
 288         unsigned long addr = start;
 289         pte_t *ptep = pte_offset_kernel(pmdp, start);
 290
 291         do {
 292                 note_page(st, addr, 4, READ_ONCE(pte_val(*ptep)));
 293         } while (ptep++, addr += PAGE_SIZE, addr != end);
 294 }
 295
 296 static void walk_pmd(struct pg_state *st, pud_t *pudp, unsigned long start,
 297                      unsigned long end)
 298 {
 299         unsigned long next, addr = start;
 300         pmd_t *pmdp = pmd_offset(pudp, start);
 301
 302         do {
 303                 pmd_t pmd = READ_ONCE(*pmdp);
 304                 next = pmd_addr_end(addr, end);
 305
 306                 if (pmd_none(pmd) || pmd_sect(pmd)) {
 307                         note_page(st, addr, 3, pmd_val(pmd));
 308                 } else {
 309                         BUG_ON(pmd_bad(pmd));
 310                         walk_pte(st, pmdp, addr, next);
 311                 }
 312         } while (pmdp++, addr = next, addr != end);
 313 }
 314
 315 static void walk_pud(struct pg_state *st, pgd_t *pgdp, unsigned long start,
 316                      unsigned long end)
 317 {
 318         unsigned long next, addr = start;
 319         pud_t *pudp = pud_offset(pgdp, start);
 320
 321         do {
 322                 pud_t pud = READ_ONCE(*pudp);
 323                 next = pud_addr_end(addr, end);
 324
 325                 if (pud_none(pud) || pud_sect(pud)) {
 326                         note_page(st, addr, 2, pud_val(pud));
 327                 } else {
 328                         BUG_ON(pud_bad(pud));
 329                         walk_pmd(st, pudp, addr, next);
 330                 }
 331         } while (pudp++, addr = next, addr != end);
 332 }
 333
 334 static void walk_pgd(struct pg_state *st, struct mm_struct *mm,
 335                      unsigned long start)
 336 {
 337         unsigned long end = (start < TASK_SIZE_64) ? TASK_SIZE_64 : 0;
 338         unsigned long next, addr = start;
 339         pgd_t *pgdp = pgd_offset(mm, start);
 340
 341         do {
 342                 pgd_t pgd = READ_ONCE(*pgdp);
 343                 next = pgd_addr_end(addr, end);
 344
 345                 if (pgd_none(pgd)) {
 346                         note_page(st, addr, 1, pgd_val(pgd));
 347                 } else {
 348                         BUG_ON(pgd_bad(pgd));
 349                         walk_pud(st, pgdp, addr, next);
 350                 }
 351         } while (pgdp++, addr = next, addr != end);
 352 }
 353
 354 void ptdump_walk_pgd(struct seq_file *m, struct ptdump_info *info)
 355 {
 356         struct pg_state st = {
 357                 .seq = m,
 358                 .marker = info->markers,
 359         };
 360
 361         walk_pgd(&st, info->mm, info->base_addr);
 362
 363         note_page(&st, 0, 0, 0);
 364 }
 365
 366 static void ptdump_initialize(void)
 367 {
 368         unsigned i, j;
 369
 370         for (i = 0; i < ARRAY_SIZE(pg_level); i++)
 371                 if (pg_level[i].bits)
 372                         for (j = 0; j < pg_level[i].num; j++)
 373                                 pg_level[i].mask |= pg_level[i].bits[j].mask;
 374 }
 375
 376 static struct ptdump_info kernel_ptdump_info = {
 377         .mm             = &init_mm,
 378         .markers        = address_markers,
 379         .base_addr      = VA_START,
 380 };
 381
 382 void ptdump_check_wx(void)
 383 {
 384         struct pg_state st = {
 385                 .seq = NULL,
 386                 .marker = (struct addr_marker[]) {
 387                         { 0, NULL},
 388                         { -1, NULL},
 389                 },
 390                 .check_wx = true,
 391         };
 392
 393         walk_pgd(&st, &init_mm, VA_START);
 394         note_page(&st, 0, 0, 0);
 395         if (st.wx_pages || st.uxn_pages)
 396                 pr_warn("Checked W+X mappings: FAILED, %lu W+X pages found, %lu non-UXN pages found\n",
 397                         st.wx_pages, st.uxn_pages);
 398         else
 399                 pr_info("Checked W+X mappings: passed, no W+X pages found\n");
 400 }
 401
 402 static int ptdump_init(void)
 403 {
 404         ptdump_initialize();
 405         ptdump_debugfs_register(&kernel_ptdump_info, "kernel_page_tables");
 406         return 0;
 407 }
 408 device_initcall(ptdump_init);