+ Kevin Broadsky. On 29/08/2025 16:59, Ard Biesheuvel wrote: > On Fri, 29 Aug 2025 at 17:49, Kees Cook <[email protected]> wrote: >> >> Seen during KPTI initialization: >> >> CFI failure at create_kpti_ng_temp_pgd+0x124/0xce8 (target: >> kpti_ng_pgd_alloc+0x0/0x14; expected type: 0xd61b88b6) >> >> The call site is alloc_init_pud() at arch/arm64/mm/mmu.c: >> >> pud_phys = pgtable_alloc(TABLE_PUD); >> >> alloc_init_pud() has the prototype: >> >> static void alloc_init_pud(p4d_t *p4dp, unsigned long addr, unsigned long >> end, >> phys_addr_t phys, pgprot_t prot, >> phys_addr_t (*pgtable_alloc)(enum pgtable_type), >> int flags) >> >> where the pgtable_alloc() prototype is declared. >> >> The target (kpti_ng_pgd_alloc) is used in arch/arm64/kernel/cpufeature.c: >> >> create_kpti_ng_temp_pgd(kpti_ng_temp_pgd, __pa(alloc), KPTI_NG_TEMP_VA, >> PAGE_SIZE, PAGE_KERNEL, kpti_ng_pgd_alloc, 0); >> >> which is an alias for __create_pgd_mapping_locked() with prototype: >> >> extern __alias(__create_pgd_mapping_locked) >> void create_kpti_ng_temp_pgd(pgd_t *pgdir, phys_addr_t phys, >> unsigned long virt, >> phys_addr_t size, pgprot_t prot, >> phys_addr_t (*pgtable_alloc)(enum >> pgtable_type), >> int flags); >> >> __create_pgd_mapping_locked() passes the function pointer down: >> >> __create_pgd_mapping_locked() -> alloc_init_p4d() -> alloc_init_pud() >> >> But the target function (kpti_ng_pgd_alloc) has the wrong signature: >> >> static phys_addr_t __init kpti_ng_pgd_alloc(int shift); >> >> The "int" should be "enum pgtable_type". >> >> To make "enum pgtable_type" available to cpufeature.c, move >> enum pgtable_type definition from arch/arm64/mm/mmu.c to >> arch/arm64/include/asm/mmu.h. >> >> Adjust kpti_ng_pgd_alloc to use "enum pgtable_type" instead of "int". >> The function behavior remains identical (parameter is unused). >> >> Fixes: 47546a1912fc ("arm64: mm: install KPTI nG mappings with MMU enabled") > > Shouldn't this be > > Fixes: c64f46ee1377 ("arm64: mm: use enum to identify pgtable level > instead of *_SHIFT")
You beat me to it; agreed. I've added Kevin, who made that change incase there are any other subtlety. > > >> Signed-off-by: Kees Cook <[email protected]> > > Acked-by: Ard Biesheuvel <[email protected]> Reviewed-by: Ryan Roberts <[email protected]> > > >> --- >> Cc: Ard Biesheuvel <[email protected]> >> Cc: Catalin Marinas <[email protected]> >> Cc: Will Deacon <[email protected]> >> Cc: Oliver Upton <[email protected]> >> Cc: Anshuman Khandual <[email protected]> >> Cc: Yue Haibing <[email protected]> >> Cc: Mark Rutland <[email protected]> >> Cc: Marc Zyngier <[email protected]> >> Cc: Mark Brown <[email protected]> >> Cc: <[email protected]> >> --- >> arch/arm64/include/asm/mmu.h | 7 +++++++ >> arch/arm64/kernel/cpufeature.c | 5 +++-- >> arch/arm64/mm/mmu.c | 7 ------- >> 3 files changed, 10 insertions(+), 9 deletions(-) >> >> diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h >> index 6e8aa8e72601..49f1a810df16 100644 >> --- a/arch/arm64/include/asm/mmu.h >> +++ b/arch/arm64/include/asm/mmu.h >> @@ -17,6 +17,13 @@ >> #include <linux/refcount.h> >> #include <asm/cpufeature.h> >> >> +enum pgtable_type { >> + TABLE_PTE, >> + TABLE_PMD, >> + TABLE_PUD, >> + TABLE_P4D, >> +}; >> + >> typedef struct { >> atomic64_t id; >> #ifdef CONFIG_COMPAT >> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c >> index 9ad065f15f1d..e49d142a281f 100644 >> --- a/arch/arm64/kernel/cpufeature.c >> +++ b/arch/arm64/kernel/cpufeature.c >> @@ -84,6 +84,7 @@ >> #include <asm/hwcap.h> >> #include <asm/insn.h> >> #include <asm/kvm_host.h> >> +#include <asm/mmu.h> >> #include <asm/mmu_context.h> >> #include <asm/mte.h> >> #include <asm/hypervisor.h> >> @@ -1945,11 +1946,11 @@ static bool has_pmuv3(const struct >> arm64_cpu_capabilities *entry, int scope) >> extern >> void create_kpti_ng_temp_pgd(pgd_t *pgdir, phys_addr_t phys, unsigned long >> virt, >> phys_addr_t size, pgprot_t prot, >> - phys_addr_t (*pgtable_alloc)(int), int flags); >> + phys_addr_t (*pgtable_alloc)(enum >> pgtable_type), int flags); >> >> static phys_addr_t __initdata kpti_ng_temp_alloc; >> >> -static phys_addr_t __init kpti_ng_pgd_alloc(int shift) >> +static phys_addr_t __init kpti_ng_pgd_alloc(enum pgtable_type type) >> { >> kpti_ng_temp_alloc -= PAGE_SIZE; >> return kpti_ng_temp_alloc; >> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c >> index 34e5d78af076..183801520740 100644 >> --- a/arch/arm64/mm/mmu.c >> +++ b/arch/arm64/mm/mmu.c >> @@ -47,13 +47,6 @@ >> #define NO_CONT_MAPPINGS BIT(1) >> #define NO_EXEC_MAPPINGS BIT(2) /* assumes FEAT_HPDS is not used */ >> >> -enum pgtable_type { >> - TABLE_PTE, >> - TABLE_PMD, >> - TABLE_PUD, >> - TABLE_P4D, >> -}; >> - >> u64 kimage_voffset __ro_after_init; >> EXPORT_SYMBOL(kimage_voffset); >> >> -- >> 2.34.1 >>
