The patch titled Subject: mm: enforce that vmap can't map pages executable has been removed from the -mm tree. Its filename was mm-enforce-that-vmap-cant-map-pages-executable.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Christoph Hellwig <hch@xxxxxx> Subject: mm: enforce that vmap can't map pages executable To help enforcing the W^X protection don't allow remapping existing pages as executable. x86 bits from Peter Zijlstra, arm64 bits from Mark Rutland. Link: http://lkml.kernel.org/r/20200414131348.444715-20-hch@xxxxxx Signed-off-by: Christoph Hellwig <hch@xxxxxx> Acked-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> Cc: Mark Rutland <mark.rutland@xxxxxxx>. Cc: Christian Borntraeger <borntraeger@xxxxxxxxxx> Cc: Christophe Leroy <christophe.leroy@xxxxxx> Cc: Daniel Vetter <daniel@xxxxxxxx> Cc: Daniel Vetter <daniel.vetter@xxxxxxxx> Cc: David Airlie <airlied@xxxxxxxx> Cc: Gao Xiang <xiang@xxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> Cc: Johannes Weiner <hannes@xxxxxxxxxxx> Cc: "K. Y. Srinivasan" <kys@xxxxxxxxxxxxx> Cc: Laura Abbott <labbott@xxxxxxxxxx> Cc: Michael Kelley <mikelley@xxxxxxxxxxxxx> Cc: Minchan Kim <minchan@xxxxxxxxxx> Cc: Nitin Gupta <ngupta@xxxxxxxxxx> Cc: Robin Murphy <robin.murphy@xxxxxxx> Cc: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx> Cc: Stephen Hemminger <sthemmin@xxxxxxxxxxxxx> Cc: Sumit Semwal <sumit.semwal@xxxxxxxxxx> Cc: Wei Liu <wei.liu@xxxxxxxxxx> Cc: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx> Cc: Catalin Marinas <catalin.marinas@xxxxxxx> Cc: Heiko Carstens <heiko.carstens@xxxxxxxxxx> Cc: Paul Mackerras <paulus@xxxxxxxxxx> Cc: Vasily Gorbik <gor@xxxxxxxxxxxxx> Cc: Will Deacon <will@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- arch/arm64/include/asm/pgtable.h | 3 +++ arch/x86/include/asm/pgtable_types.h | 6 ++++++ include/asm-generic/pgtable.h | 4 ++++ mm/vmalloc.c | 2 +- 4 files changed, 14 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/pgtable.h~mm-enforce-that-vmap-cant-map-pages-executable +++ a/arch/arm64/include/asm/pgtable.h @@ -407,6 +407,9 @@ static inline pmd_t pmd_mkdevmap(pmd_t p #define __pgprot_modify(prot,mask,bits) \ __pgprot((pgprot_val(prot) & ~(mask)) | (bits)) +#define pgprot_nx(prot) \ + __pgprot_modify(prot, 0, PTE_PXN) + /* * Mark the prot value as uncacheable and unbufferable. */ --- a/arch/x86/include/asm/pgtable_types.h~mm-enforce-that-vmap-cant-map-pages-executable +++ a/arch/x86/include/asm/pgtable_types.h @@ -282,6 +282,12 @@ typedef struct pgprot { pgprotval_t pgpr typedef struct { pgdval_t pgd; } pgd_t; +static inline pgprot_t pgprot_nx(pgprot_t prot) +{ + return __pgprot(pgprot_val(prot) | _PAGE_NX); +} +#define pgprot_nx pgprot_nx + #ifdef CONFIG_X86_PAE /* --- a/include/asm-generic/pgtable.h~mm-enforce-that-vmap-cant-map-pages-executable +++ a/include/asm-generic/pgtable.h @@ -491,6 +491,10 @@ static inline int arch_unmap_one(struct #define flush_tlb_fix_spurious_fault(vma, address) flush_tlb_page(vma, address) #endif +#ifndef pgprot_nx +#define pgprot_nx(prot) (prot) +#endif + #ifndef pgprot_noncached #define pgprot_noncached(prot) (prot) #endif --- a/mm/vmalloc.c~mm-enforce-that-vmap-cant-map-pages-executable +++ a/mm/vmalloc.c @@ -2391,7 +2391,7 @@ void *vmap(struct page **pages, unsigned if (!area) return NULL; - if (map_kernel_range((unsigned long)area->addr, size, prot, + if (map_kernel_range((unsigned long)area->addr, size, pgprot_nx(prot), pages) < 0) { vunmap(area->addr); return NULL; _ Patches currently in -mm which might be from hch@xxxxxx are exec-simplify-the-copy_strings_kernel-calling-convention.patch exec-open-code-copy_string_kernel.patch amdgpu-a-null-mm-does-not-mean-a-thread-is-a-kthread.patch kernel-move-use_mm-unuse_mm-to-kthreadc.patch kernel-move-use_mm-unuse_mm-to-kthreadc-v2.patch kernel-better-document-the-use_mm-unuse_mm-api-contract.patch kernel-better-document-the-use_mm-unuse_mm-api-contract-v2.patch kernel-set-user_ds-in-kthread_use_mm.patch arm-fix-the-flush_icache_range-arguments-in-set_fiq_handler.patch nds32-unexport-flush_icache_page.patch powerpc-unexport-flush_icache_user_range.patch unicore32-remove-flush_cache_user_range.patch asm-generic-fix-the-inclusion-guards-for-cacheflushh.patch asm-generic-dont-include-linux-mmh-in-cacheflushh.patch asm-generic-dont-include-linux-mmh-in-cacheflushh-fix.patch asm-generic-improve-the-flush_dcache_page-stub.patch alpha-use-asm-generic-cacheflushh.patch arm64-use-asm-generic-cacheflushh.patch c6x-use-asm-generic-cacheflushh.patch hexagon-use-asm-generic-cacheflushh.patch ia64-use-asm-generic-cacheflushh.patch microblaze-use-asm-generic-cacheflushh.patch m68knommu-use-asm-generic-cacheflushh.patch openrisc-use-asm-generic-cacheflushh.patch powerpc-use-asm-generic-cacheflushh.patch riscv-use-asm-generic-cacheflushh.patch armsparcunicore32-remove-flush_icache_user_range.patch mm-rename-flush_icache_user_range-to-flush_icache_user_page.patch asm-generic-add-a-flush_icache_user_range-stub.patch sh-implement-flush_icache_user_range.patch xtensa-implement-flush_icache_user_range.patch arm-rename-flush_cache_user_range-to-flush_icache_user_range.patch m68k-implement-flush_icache_user_range.patch exec-only-build-read_code-when-needed.patch exec-use-flush_icache_user_range-in-read_code.patch binfmt_flat-use-flush_icache_user_range.patch nommu-use-flush_icache_user_range-in-brk-and-mmap.patch module-move-the-set_fs-hack-for-flush_icache_range-to-m68k.patch maccess-unexport-probe_kernel_write-and-probe_user_write.patch maccess-remove-various-unused-weak-aliases.patch maccess-remove-duplicate-kerneldoc-comments.patch maccess-clarify-kerneldoc-comments.patch maccess-update-the-top-of-file-comment.patch maccess-rename-strncpy_from_unsafe_user-to-strncpy_from_user_nofault.patch maccess-rename-strncpy_from_unsafe_strict-to-strncpy_from_kernel_nofault.patch maccess-rename-strnlen_unsafe_user-to-strnlen_user_nofault.patch maccess-remove-probe_read_common-and-probe_write_common.patch maccess-unify-the-probe-kernel-arch-hooks.patch bpf-factor-out-a-bpf_trace_copy_string-helper.patch bpf-handle-the-compat-string-in-bpf_trace_copy_string-better.patch bpf-rework-the-compat-kernel-probe-handling.patch tracing-kprobes-handle-mixed-kernel-userspace-probes-better.patch maccess-remove-strncpy_from_unsafe.patch maccess-always-use-strict-semantics-for-probe_kernel_read.patch maccess-move-user-access-routines-together.patch maccess-allow-architectures-to-provide-kernel-probing-directly.patch x86-use-non-set_fs-based-maccess-routines.patch maccess-return-erange-when-copy_from_kernel_nofault_allowed-fails.patch