From nobody Tue Dec 2 02:05:48 2025 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C1CD306B02 for ; Thu, 20 Nov 2025 10:39:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763635159; cv=none; b=OoFk0jqKhxddRuNmkaVFxr8IwQtggegHnHVoRTVQlg+5rsNoBppyFiaimIreA/VkknqSBMNENIa8EVkgvCgkJiUaHp60zdyuUhJFDyvEFAllJuDujoTuzVUtcXKP2Io5nsDZ9x39qGEvQEKSxTmd3fvi7UyRVWJhUP8VsRD8gEo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763635159; c=relaxed/simple; bh=FXQdQGSSxnGZe5fTanYaJCSQn9dW6/DpbT3X5VKCpSQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CidgF2LiAeMIIH4eoeFbOubTsjoLD4kRoFi7HDKJ/eD3IeIU1WT7aVqvdQPf1Sooi8L7inA23teqlDFPaCvXHN7eoMCxFFLeZH2JVFSJIxBV39Jtg6aKaEOwe9VWLP63nQ5VU+xBi81bDoK8oR17HcV6QJqypARyANjnZfIfhlk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=thingy.jp; spf=pass smtp.mailfrom=0x0f.com; dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp header.b=d2jBxe+Z; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=thingy.jp Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=0x0f.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp header.b="d2jBxe+Z" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-29812589890so9317985ad.3 for ; Thu, 20 Nov 2025 02:39:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thingy.jp; s=google; t=1763635156; x=1764239956; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ptek9aZDAHH5BbkXtUKp/FMaqKVeer3qFfxane+ASAw=; b=d2jBxe+ZNhG/JFckhUcg3uNoXZDh662FI2sxYez94QcotZ4YOZfPalveHaJ4oK8u8n FP+bM8PQehXFq6pooS+C+INie4Ss7C43+Kn3JGov1q32IdzNIJLsWF4GnPojuUtLuRzz hRuXbO9UICn+ICKHWmbgvfLZbZcU4ANCmJKDk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763635156; x=1764239956; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ptek9aZDAHH5BbkXtUKp/FMaqKVeer3qFfxane+ASAw=; b=Xm+zWQPolbv9Sc6V5PerPWWotC/gwMa036akwPJQ7suyyUy043cQFXukSZFf1Ce1H9 7DbSSkrEtWFXcXgR+i+H3lj8GWd2huEwl84zOeoCDC5R9cOP0wcmBebHnKacDUlZZEk+ CWbX9qfV45cFtn6OOKkT25jWWwSOwI5KsluaUTV7lsLTzRRoSkGgzh+bTrcelgPwsQe/ DIxrliNlR4b0orKa0UC+iVnGEsTJpMYQvr4VUeVpw9DL9iJGVJt4EQMsndLP8qW4rRFr teb9jnXDGul8Rm8Gw6pc0vX+GWpti7Qghf6vDM71BatWH77QnKmSErkoqDDzByr/FUJu /vAw== X-Gm-Message-State: AOJu0YzFytJAuxw21P+G5QlKSYOwDnRuYiMAPxvkT0QHoejZf888ep7+ Qebyf3x76jNOwB8Xjj0BAxqTwxtBGfLpOql796ViSRmNAcwtK0Y/0AdZ5Nevl+HjBgQNnod8unt aj4FRv3M= X-Gm-Gg: ASbGncubP3kOjdmq+pXM6lTumi2nNNC0v3djEzdDE17xrf0v9mIq7l6mCYuFIykrq5v id8su5r/L4glFrOWPAE0TTzkFkNJaklazrh0uSnYHhUjhCV37xcJGh5tKUEaGwHBiUAXEXsomuu CjOSU+Zc8OyPWdVjo5DAgeT+3T5HRNK/a0CPnjkMHjcErPsRqfUs50Ni3FXHu513egyIPpmmFm/ 6W360v6y6rPLfBP46kNgwRY7l16FKOo4/TwxhrO5H9ZGeNeS8Blf4ottJiH3HcGweDXtXncxAyk Vfmk2yLrwbv7u0eVASqYQiLHdsYTmDYQuwFYUST3HfliYnT5avosHyVqYYXKn9Yos+6Ob5KUN82 ZrGLp4YauhUgss/NfQP8cRnU8LmOGxp5DnAfZ74ZQCn7b8j3Gco+Lljz/gHLx5lnWkbTF5Zc2AJ vwCbP9sJk+Go6qBUbDaklKRKqkJ8wGoZlxlIauKn4nRSj6Tw6d18kxtKag9aqfiQITn+9NjE7uQ A== X-Google-Smtp-Source: AGHT+IF+jWEmjlMOf8RKOPq0GysvlZDFC5fvcy7UGrC0FWCIFejplgGyDUvM73oAIpCUjB0SbgqrTQ== X-Received: by 2002:a17:902:d586:b0:297:c638:d7ca with SMTP id d9443c01a7336-29b5ebbf47bmr26388565ad.14.1763635156446; Thu, 20 Nov 2025 02:39:16 -0800 (PST) Received: from kinako.work.home.arpa (p1352012-ipxg00a01sizuokaden.shizuoka.ocn.ne.jp. [114.145.28.12]) by smtp.googlemail.com with ESMTPSA id d9443c01a7336-29b5b1387e3sm22381035ad.24.2025.11.20.02.39.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 02:39:15 -0800 (PST) From: Daniel Palmer To: geert@linux-m68k.org, schmitzmic@gmail.com, gerg@kernel.org, linux-m68k@lists.linux-m68k.org Cc: linux-kernel@vger.kernel.org, Daniel Palmer Subject: [PATCH v2 1/2] m68k: mm: motorola: Split the early term containing the end of the RO region Date: Thu, 20 Nov 2025 19:38:53 +0900 Message-ID: <20251120103854.1630306-2-daniel@thingy.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251120103854.1630306-1-daniel@thingy.jp> References: <20251120103854.1630306-1-daniel@thingy.jp> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On the 020/030 the end of the RO region (from the start of kernel text to the end of the RO data) can end up on an "early termination" that represents 64 pages and is modelled as a pmd in the kernel. You cannot set flags on individual pages in the pmd as the pte level doesn't exist in the tables. This means it's not possible to set the write protect bit for a range of pages in the pmd and you either need to push RW stuff onto the next pmd which wastes memory or convert the early termination into a normal pmd with ptes first. There is already some logic for splitting the pmd at the start of memory into ptes so the first page can be unmapped. Refactor that logic out into a little function and use it for the existing use case and splitting the pmd that the tail of the RO region is on so its possible to set the wp bit on the RO pages within. Signed-off-by: Daniel Palmer --- arch/m68k/mm/motorola.c | 47 ++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/arch/m68k/mm/motorola.c b/arch/m68k/mm/motorola.c index 62283bc2ed79..9b5b9a52f819 100644 --- a/arch/m68k/mm/motorola.c +++ b/arch/m68k/mm/motorola.c @@ -298,6 +298,24 @@ static pmd_t * __init kernel_ptr_table(void) return last_pmd_table; } =20 +/* + * This splits an early term created by head.S into ptes + * so things like removing pages in the range, marking + * part of the range as write protected can happen. + */ +static inline pte_t * __init __split_early_term(unsigned long physaddr) +{ + pte_t *pte_dir, *pte_dir_tmp; + + pte_dir =3D kernel_page_table(); + pte_dir_tmp =3D pte_dir; + + for (int i =3D 0; i < PTRS_PER_PTE; physaddr +=3D PAGE_SIZE, i++) + pte_val(*pte_dir_tmp++) =3D physaddr; + + return pte_dir; +} + static void __init map_node(int node) { unsigned long physaddr, virtaddr, size; @@ -348,25 +366,34 @@ static void __init map_node(int node) =20 if (CPU_IS_020_OR_030) { if (virtaddr) { + const unsigned long ro_tail_pmd =3D + ((unsigned long) __end_rodata) & PMD_MASK; + + if (virtaddr =3D=3D ro_tail_pmd) { +#ifdef DEBUG + printk("[wp split]\n"); +#endif + pte_dir =3D __split_early_term(physaddr); + pmd_set(pmd_dir, pte_dir); +} + else { #ifdef DEBUG - printk ("[early term]"); + printk("[early term]"); #endif - pmd_val(*pmd_dir) =3D physaddr; - physaddr +=3D PMD_SIZE; + pmd_val(*pmd_dir) =3D physaddr; + } } else { - int i; #ifdef DEBUG printk ("[zero map]"); #endif - pte_dir =3D kernel_page_table(); + pte_dir =3D __split_early_term(physaddr); + /* Remove the zero page */ + pte_val(*pte_dir) =3D 0; pmd_set(pmd_dir, pte_dir); - - pte_val(*pte_dir++) =3D 0; - physaddr +=3D PAGE_SIZE; - for (i =3D 1; i < PTRS_PER_PTE; physaddr +=3D PAGE_SIZE, i++) - pte_val(*pte_dir++) =3D physaddr; } + size -=3D PMD_SIZE; + physaddr +=3D PMD_SIZE; virtaddr +=3D PMD_SIZE; } else { if (!pmd_present(*pmd_dir)) { --=20 2.51.0 From nobody Tue Dec 2 02:05:48 2025 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FBDA32D44E for ; Thu, 20 Nov 2025 10:39:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763635161; cv=none; b=FI24UGQ5qgOhstAKbXf8Ds4pZ7+BUGH4xJoBvKqToQa5J1Qp018g40J5FTNKINLxjnL4OBP0IAUGCUnc8X2bhmYdqhS8tG2/cnzO/aS5z3yOuSdwiQbuo5ioJsQD9d0Nc2c9Oz70OZvkV6nnnycFF2WkOw4uoHO+RgRpivFRd8M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763635161; c=relaxed/simple; bh=BHE8ecW080hEUBYHsfRQy6FJfv9ooT+paLaeKuAiPQ4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=evWyx2SXIK8MN1xGAtI+tMZroJtfqCnGazhLrLHeIXYsGEQhG6oOvIAbyKQnNr+mciqO93BZLgNjXcRrNGymDc7xWjyo8Z+TeWdhas7dA5kJ60XAD4O2lnxYP2YCSytFgIQId9eWbFLbvAwtgJ4gb/pQqzrGL98rhjNz3rYAbyM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=thingy.jp; spf=pass smtp.mailfrom=0x0f.com; dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp header.b=NX64U5la; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=thingy.jp Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=0x0f.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp header.b="NX64U5la" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-298145fe27eso11387905ad.1 for ; Thu, 20 Nov 2025 02:39:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thingy.jp; s=google; t=1763635159; x=1764239959; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hhwxa2PuTpIzju4Jjb3k2siPGNsjvz97d+Kdch7Zl9s=; b=NX64U5la/hHahDLBXIuPIwSkdrQK5m0oR6ekJ+xSdUbrBtBA+mfVf2bA2DvsEij4IF VOz3WXlQaXlMloEkLUGWkCs1tjhw1rJ8ajqgda3YFnP3274au9WDNHaKeFDnCcaAwQ1y y/WT1ArbROmxr8rdQgw1f7QLYGYZkHMPi2laQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763635159; x=1764239959; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=hhwxa2PuTpIzju4Jjb3k2siPGNsjvz97d+Kdch7Zl9s=; b=JTMNtM6tvJUkILXh0DJ3ZkV+2UlXNhnkWWxZTX4pi7avEE4CwrLwecFeFRR7Una7TC vX669YWahsDFohalvniC3WoUh+WrIbujHdKWrpa5+VepuKv3zxXulkKt0tJ+Q9U/OXF5 B3dA5gT5zLLTb247TTAShYLGTkvCioP7mgupbmmQkSy90ELg1w1deuey/RsohDZsNj7v Hv/WyPYO4VV2Lmu+3NLfP/1QtJRBkRwtaEka7uly/X6kuF+tJwXicDZqHriAeLR4cAhx 8rfokPTtUFeSqOfSNSwmgOyOxp03GFcKWUgkncm/zE53aMfW7NI7yVGh1kkxX6tP1D9E vFtw== X-Gm-Message-State: AOJu0Yx+tTMpaADFDH06DFeShislvijAxO/QjjgG6TbnJTxEg2u2sLgl ODbq+SiyC6kiTltjaIh5zCdMRrbehWWMDF8pnC6eNF80+PNYupSPp9TWxDHpaDLOn8k= X-Gm-Gg: ASbGncsY31jIhNaRRY4iNULadlUfJqxeel7bNDZETd2lWKvw4JoyvowAd8vms/ro+JX Ps09SRWER4Z+bDH2Tq2dWjqYzhVLvJQoV0TRftJQ6cILYKegbtiDMYVXMWyrhnElB7kTtC209M0 ty0LnMcxWwP8UBF3PIahkZHvcn4HrTUqtTXG/DyNw84z08iqvZoQ+rYROWst/iU8Dq67B7ol6MK XQpd9A2Kr7VxRZibKOBbIrEX8vTpN+EtS7wArIh7OcTdbDIKjFHkm/Pz2dRx5+sugbf2AIS5LmQ K9FdaGzxO+haNF3bsqFIEqy8OxIlpo6xoUu7wUc4V24yZZrPUaM0KQjjeeacLv0moNWj1AZ5SRn eLQGOpA3RL/0hkLH/AwQ9/Q3QJu+oCgTMHcf31hpGQ6+Y7rlq421RfQGcpOrR0cIt4uUUebt6Rb aCQdPctZ/k99O3G9qGAN9/bH+a40yjuJUeTwmG8upcbe7AzzYWGCXMZOKM/bMbQsd2NXYi7TMOT Q== X-Google-Smtp-Source: AGHT+IEJHD9EOFgAlpBP7xrnEfuWDeJ5213S3zMr53sttOFn6TCus9wLiTU7vAcQ3zsDVAbTLEnEjg== X-Received: by 2002:a17:902:f689:b0:295:50f5:c0e1 with SMTP id d9443c01a7336-29b5b06a956mr42913245ad.15.1763635159468; Thu, 20 Nov 2025 02:39:19 -0800 (PST) Received: from kinako.work.home.arpa (p1352012-ipxg00a01sizuokaden.shizuoka.ocn.ne.jp. [114.145.28.12]) by smtp.googlemail.com with ESMTPSA id d9443c01a7336-29b5b1387e3sm22381035ad.24.2025.11.20.02.39.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 02:39:18 -0800 (PST) From: Daniel Palmer To: geert@linux-m68k.org, schmitzmic@gmail.com, gerg@kernel.org, linux-m68k@lists.linux-m68k.org Cc: linux-kernel@vger.kernel.org, Daniel Palmer Subject: [PATCH v2 2/2] m68k: Implement kernel memory protection Date: Thu, 20 Nov 2025 19:38:54 +0900 Message-ID: <20251120103854.1630306-3-daniel@thingy.jp> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251120103854.1630306-1-daniel@thingy.jp> References: <20251120103854.1630306-1-daniel@thingy.jp> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Every time I boot linux on my various m68k machines I see "This architecture does not have kernel memory protection." I wondered why this was as some of my machines even have one of those fancy MMU doodads. I worked out it was because we don't have CONFIG_ARCH_HAS_STRICT_KERNEL_RWX, found kernel_set_cachemode() seemed like it had the code for setting some extra flags for kernel pages and turned that into something that sets write protect for kernel pages. So now we can make CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=3Dy and provide mark_rodata_ro() to mark the kernel text and rodata as write protected. The test enabled by CONFIG_DEBUG_RODATA_TEST=3Dy says this is working. Tested on Amiga 4000 (060), virt (040), MVME147 (030) Signed-off-by: Daniel Palmer --- arch/m68k/Kconfig | 1 + arch/m68k/mm/init.c | 73 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig index 11835eb59d94..2137fd19ffbd 100644 --- a/arch/m68k/Kconfig +++ b/arch/m68k/Kconfig @@ -8,6 +8,7 @@ config M68K select ARCH_HAS_CPU_FINALIZE_INIT if MMU select ARCH_HAS_CURRENT_STACK_POINTER select ARCH_HAS_DMA_PREP_COHERENT if M68K_NONCOHERENT_DMA && !COLDFIRE + select ARCH_HAS_STRICT_KERNEL_RWX if MMU select ARCH_HAS_SYNC_DMA_FOR_DEVICE if M68K_NONCOHERENT_DMA select ARCH_HAVE_NMI_SAFE_CMPXCHG if RMW_INSNS select ARCH_MIGHT_HAVE_PC_PARPORT if ISA diff --git a/arch/m68k/mm/init.c b/arch/m68k/mm/init.c index 488411af1b3f..f11597751741 100644 --- a/arch/m68k/mm/init.c +++ b/arch/m68k/mm/init.c @@ -123,3 +123,76 @@ void __init mem_init(void) { init_pointer_tables(); } + +#ifdef CONFIG_MMU +/* + * Based on (basically copy/pasted) kernel_set_cachemode() because + * presumably that is correct and covers the required differences. + */ +static void __mark_ro_data(unsigned long virtaddr, ssize_t size) +{ + pgd_t *pgd_dir; + p4d_t *p4d_dir; + pud_t *pud_dir; + pmd_t *pmd_dir; + pte_t *pte_dir; + + while (size > 0) { + pgd_dir =3D pgd_offset_k(virtaddr); + p4d_dir =3D p4d_offset(pgd_dir, virtaddr); + pud_dir =3D pud_offset(p4d_dir, virtaddr); + if (pud_bad(*pud_dir)) { + pud_clear(pud_dir); + return; + } + pmd_dir =3D pmd_offset(pud_dir, virtaddr); + +#if CONFIG_PGTABLE_LEVELS =3D=3D 3 + if (CPU_IS_020_OR_030) { + unsigned long pmd =3D pmd_val(*pmd_dir); + + if ((pmd & _DESCTYPE_MASK) =3D=3D _PAGE_PRESENT) { + /* We cannot write protect part of an early term */ + if (WARN_ON(size < PMD_SIZE)) + break; + + *pmd_dir =3D __pmd(pmd | _PAGE_RONLY); + virtaddr +=3D PMD_SIZE; + size -=3D PMD_SIZE; + continue; + } + } +#endif + + if (pmd_bad(*pmd_dir)) { + pmd_clear(pmd_dir); + return; + } + + /* We cannot write protect part of a page */ + if (WARN_ON(size < PAGE_SIZE)) + break; + + pte_dir =3D pte_offset_kernel(pmd_dir, virtaddr); + + set_pte(pte_dir, pte_wrprotect(*pte_dir)); + virtaddr +=3D PAGE_SIZE; + size -=3D PAGE_SIZE; + } +} + +void mark_rodata_ro(void) +{ + unsigned long start; + unsigned long end; + + /* kernel text + 1 page , kernel_pg_dir lives in the first page, so skip = that */ + start =3D (unsigned long) _stext + PAGE_SIZE; + end =3D (unsigned long) __end_rodata; + + pr_info("Write protecting kernel text and read-only data: 0x%lx - 0x%lx\n= ", start, end); + __mark_ro_data(start, end - start); + + flush_tlb_all(); +} +#endif --=20 2.51.0