From: oleg@redhat.com (Oleg Nesterov)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH v4] ARM: uprobes xol write directly to userspace
Date: Wed, 16 Apr 2014 18:43:10 +0200 [thread overview]
Message-ID: <20140416164310.GA15739@redhat.com> (raw)
In-Reply-To: <20140416.110031.1269128188581361698.davem@davemloft.net>
On 04/16, David Miller wrote:
>
> From: Oleg Nesterov <oleg@redhat.com>
> Date: Wed, 16 Apr 2014 16:51:07 +0200
>
> > On 04/15, Victor Kamensky wrote:
> >>
> >> --- a/kernel/events/uprobes.c
> >> +++ b/kernel/events/uprobes.c
> >> @@ -1149,7 +1149,7 @@ static int xol_add_vma(struct mm_struct *mm, struct xol_area *area)
> >> }
> >>
> >> ret = install_special_mapping(mm, area->vaddr, PAGE_SIZE,
> >> - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, &area->page);
> >> + VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO|VM_WRITE, &area->page);
> >
> > Yes, this is nasty.
> >
> > I would like to have a reason to nack this change ;) Unfortunately the current
> > code is buggy too and we need to protect the kernel from malicious applications
> > which can rewrite the insn we are going to step over in UTASK_SSTEP state anyway.
>
> I think there may be a way to achieve your objectives.
>
> Pass MAP_SHARED into the flags argument of get_unmapped_area(), and
> pass the pfn of the xol page in as "pgoff".
>
> This will make the xol page get mapped into the user process at an
> address which is "D-cache congruent" to the kernel side mapping.
>
> So all kernel stores to the page will use the same D-cache line that
> user space accesses to it will.
Thanks... I didn't know..
But did you really mean get_unmapped_area(pgoff => page_to_pfn(area->page)) ?
I simply can't understand how this can work, arm (and x86) really use it as
"pgoff << PAGE_SHIFT" align_offset accounted in unmapped_area() ?
_Perhaps_ this can help as a "random number" unique for every xol mapping ?
Hmm, no, I don't understand this COLOUR_ALIGN() magic on arm, but unlikely
this is true.
Help!
> So we end up with all of the benefits of storing directly to
> userspace, along with what you're trying to achieve.
And in this case we can avoid copy_to_user(), right ?
Oleg.
next prev parent reply other threads:[~2014-04-16 16:43 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-16 5:31 [RFC PATCH v4] ARM: uprobes xol write directly to userspace Victor Kamensky
2014-04-16 5:31 ` Victor Kamensky
2014-04-16 14:51 ` Oleg Nesterov
2014-04-16 15:00 ` David Miller
2014-04-16 16:43 ` Oleg Nesterov [this message]
2014-04-16 17:38 ` David Miller
2014-04-16 19:18 ` Oleg Nesterov
2014-04-16 19:37 ` David Miller
2014-04-16 20:24 ` David Long
2014-04-16 21:21 ` David Miller
2014-04-16 22:01 ` Victor Kamensky
2014-04-16 22:25 ` Russell King - ARM Linux
2014-04-16 23:19 ` David Long
2014-04-21 16:16 ` David Long
2014-04-21 16:41 ` Linus Torvalds
2014-04-21 17:56 ` Victor Kamensky
2014-04-16 19:53 ` Russell King - ARM Linux
2014-04-16 20:23 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140416164310.GA15739@redhat.com \
--to=oleg@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.