From: Peter Zijlstra <peterz@infradead.org>
To: Nadav Amit <namit@vmware.com>
Cc: Ingo Molnar <mingo@redhat.com>,
LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Kees Cook <keescook@chromium.org>,
Dave Hansen <dave.hansen@intel.com>,
Masami Hiramatsu <mhiramat@kernel.org>
Subject: Re: [PATCH v4 06/10] x86/alternative: use temporary mm for text poking
Date: Mon, 12 Nov 2018 01:41:40 +0100 [thread overview]
Message-ID: <20181112004140.GF3056@worktop> (raw)
In-Reply-To: <70EACCF7-D854-4051-9F71-4E966FD6C37B@vmware.com>
On Mon, Nov 12, 2018 at 12:09:32AM +0000, Nadav Amit wrote:
> > On Sun, Nov 11, 2018 at 08:53:07PM +0000, Nadav Amit wrote:
> >
> >>>> + /*
> >>>> + * The lock is not really needed, but this allows to avoid open-coding.
> >>>> + */
> >>>> + ptep = get_locked_pte(poking_mm, poking_addr, &ptl);
> >>>> +
> >>>> + /*
> >>>> + * If we failed to allocate a PTE, fail. This should *never* happen,
> >>>> + * since we preallocate the PTE.
> >>>> + */
> >>>> + if (WARN_ON_ONCE(!ptep))
> >>>> + goto out;
> >>>
> >>> Since we hard rely on init getting that right; can't we simply get rid
> >>> of this?
> I understand. So the question is - what would you prefer: something like
> PARANOID_WARN_ON_ONCE() or should I just remove the assertion?
Something like:
/*
* @ptep cannot be NULL per construction in poking_init().
*/
And then leave it at that. If it ever comes unstuck we'll get the NULL
deref, which is just as good as a BUG_ON().
> >>>> +out:
> >>>> + if (memcmp(addr, opcode, len))
> >>>> + r = -EFAULT;
> >>>
> >>> How could this ever fail? And how can we reliably recover from that?
> >>
> >> This code has been there before (with slightly uglier code). Before this
> >> patch, a BUG_ON() was used here. However, I noticed that kgdb actually
> >> checks that text_poke() succeeded after calling it and gracefully fail.
> >> However, this was useless, since text_poke() would panic before kgdb gets
> >> the chance to do anything (see patch 7).
> >
> > Yes, I know it was there before, and I did see kgdb do it too. But aside
> > from that out-label case, which we also should never hit, how can we
> > realistically ever fail that memcmp()?
> >
> > If we fail here, something is _seriously_ buggered.
>
> I agree. But as it may be useful at least to warn in such a case, as
> debugging of SMC/CMC is hard. For example, if there is some sort of a race
> between module (un)loading and static-keys - such a check might be
> beneficial to indicate so. Having said that, changing it into VM_BUG_ON() or
> something similar may make more sense.
>
> Personally, I don’t care much - I’m just worried that I made some intrusive
> changes *and* you want me to remove the assertion that checks that I didn’t
> screw up.
Ah, so I'm perfectly fine with something like:
VM_BUG_ON(memcmp());
I just don't see value in the whole return code here. If this comes
unstuck, we're buggered beyond repair.
next prev parent reply other threads:[~2018-11-12 0:41 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-10 23:17 [PATCH v4 00/10] x86/alternative: text_poke() fixes Nadav Amit
2018-11-10 23:17 ` [PATCH v4 01/10] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()" Nadav Amit
2018-11-12 2:54 ` Masami Hiramatsu
2018-11-12 10:59 ` Jiri Kosina
2018-11-10 23:17 ` [PATCH v4 02/10] x86/jump_label: Use text_poke_early() during early init Nadav Amit
2018-11-12 20:12 ` Nadav Amit
2018-11-10 23:17 ` [PATCH v4 03/10] x86/mm: temporary mm struct Nadav Amit
2018-11-10 23:17 ` [PATCH v4 04/10] fork: provide a function for copying init_mm Nadav Amit
2018-11-10 23:17 ` [PATCH v4 05/10] x86/alternative: initializing temporary mm for patching Nadav Amit
2018-11-11 14:43 ` Peter Zijlstra
2018-11-11 20:38 ` Nadav Amit
2018-11-12 0:34 ` Peter Zijlstra
2018-11-10 23:17 ` [PATCH v4 06/10] x86/alternative: use temporary mm for text poking Nadav Amit
2018-11-11 14:59 ` Peter Zijlstra
2018-11-11 20:53 ` Nadav Amit
2018-11-11 23:52 ` Peter Zijlstra
2018-11-12 0:09 ` Nadav Amit
2018-11-12 0:41 ` Peter Zijlstra [this message]
2018-11-12 0:36 ` Peter Zijlstra
2018-11-12 3:46 ` Ingo Molnar
2018-11-12 8:50 ` Peter Zijlstra
2018-11-11 19:11 ` Damian Tometzki
2018-11-11 20:41 ` Nadav Amit
2018-11-10 23:17 ` [PATCH v4 07/10] x86/kgdb: avoid redundant comparison of code Nadav Amit
2018-11-10 23:17 ` [PATCH v4 08/10] x86: avoid W^X being broken during modules loading Nadav Amit
2018-11-10 23:17 ` [PATCH v4 09/10] x86/jump-label: remove support for custom poker Nadav Amit
2018-11-11 15:05 ` Peter Zijlstra
2018-11-11 20:31 ` Nadav Amit
2018-11-10 23:17 ` [PATCH v4 10/10] x86/alternative: remove the return value of text_poke_*() Nadav Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181112004140.GF3056@worktop \
--to=peterz@infradead.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=namit@vmware.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.