From: Will Deacon <will.deacon@arm.com>
To: Nadav Amit <nadav.amit@gmail.com>
Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, linux-mm <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
naveen.n.rao@linux.vnet.ibm.com, anil.s.keshavamurthy@intel.com,
David Miller <davem@davemloft.net>,
Masami Hiramatsu <mhiramat@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Ingo Molnar <mingo@redhat.com>,
ast@kernel.org, Daniel Borkmann <daniel@iogearbox.net>,
jeyu@kernel.org, netdev@vger.kernel.org,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jann Horn <jannh@google.com>,
kristen@linux.intel.com, Dave Hansen <dave.hansen@intel.com>,
deneen.t.dock@intel.com, Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH 1/2] vmalloc: New flag for flush before releasing pages
Date: Tue, 4 Dec 2018 16:03:04 +0000 [thread overview]
Message-ID: <20181204160304.GB7195@arm.com> (raw)
In-Reply-To: <4883FED1-D0EC-41B0-A90F-1A697756D41D@gmail.com>
On Mon, Dec 03, 2018 at 05:43:11PM -0800, Nadav Amit wrote:
> > On Nov 27, 2018, at 4:07 PM, Rick Edgecombe <rick.p.edgecombe@intel.com> wrote:
> >
> > Since vfree will lazily flush the TLB, but not lazily free the underlying pages,
> > it often leaves stale TLB entries to freed pages that could get re-used. This is
> > undesirable for cases where the memory being freed has special permissions such
> > as executable.
>
> So I am trying to finish my patch-set for preventing transient W+X mappings
> from taking space, by handling kprobes & ftrace that I missed (thanks again for
> pointing it out).
>
> But all of the sudden, I don’t understand why we have the problem that this
> (your) patch-set deals with at all. We already change the mappings to make
> the memory writable before freeing the memory, so why can’t we make it
> non-executable at the same time? Actually, why do we make the module memory,
> including its data executable before freeing it???
Yeah, this is really confusing, but I have a suspicion it's a combination
of the various different configurations and hysterical raisins. We can't
rely on module_alloc() allocating from the vmalloc area (see nios2) nor
can we rely on disable_ro_nx() being available at build time.
If we *could* rely on module allocations always using vmalloc(), then
we could pass in Rick's new flag and drop disable_ro_nx() altogether
afaict -- who cares about the memory attributes of a mapping that's about
to disappear anyway?
Is it just nios2 that does something different?
Will
next prev parent reply other threads:[~2018-12-04 16:03 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-28 0:07 [PATCH 0/2] Don’t leave executable TLB entries to freed pages Rick Edgecombe
2018-11-28 0:07 ` [PATCH 1/2] vmalloc: New flag for flush before releasing pages Rick Edgecombe
2018-12-04 0:04 ` Edgecombe, Rick P
2018-12-04 0:04 ` Edgecombe, Rick P
2018-12-04 0:04 ` Edgecombe, Rick P
2018-12-04 1:43 ` Nadav Amit
2018-12-04 16:03 ` Will Deacon [this message]
2018-12-04 20:02 ` Edgecombe, Rick P
2018-12-04 20:02 ` Edgecombe, Rick P
2018-12-04 20:09 ` Andy Lutomirski
2018-12-04 20:09 ` Andy Lutomirski
2018-12-04 23:52 ` Edgecombe, Rick P
2018-12-04 23:52 ` Edgecombe, Rick P
2018-12-05 1:57 ` Andy Lutomirski
2018-12-05 1:57 ` Andy Lutomirski
2018-12-05 11:41 ` Will Deacon
2018-12-05 11:41 ` Will Deacon
2018-12-05 23:16 ` Andy Lutomirski
2018-12-05 23:16 ` Andy Lutomirski
2018-12-06 7:29 ` Ard Biesheuvel
2018-12-06 7:29 ` Ard Biesheuvel
2018-12-06 11:10 ` Will Deacon
2018-12-06 11:10 ` Will Deacon
2018-12-06 18:53 ` Andy Lutomirski
2018-12-06 18:53 ` Andy Lutomirski
2018-12-06 19:01 ` Tycho Andersen
2018-12-06 19:01 ` Tycho Andersen
2018-12-06 19:19 ` Andy Lutomirski
2018-12-06 19:19 ` Andy Lutomirski
2018-12-06 19:39 ` Nadav Amit
2018-12-06 19:39 ` Nadav Amit
2018-12-06 20:17 ` Andy Lutomirski
2018-12-06 20:17 ` Andy Lutomirski
2018-12-06 23:08 ` Nadav Amit
2018-12-06 23:08 ` Nadav Amit
2018-12-07 3:06 ` Edgecombe, Rick P
2018-12-07 3:06 ` Edgecombe, Rick P
2018-12-06 20:19 ` Edgecombe, Rick P
2018-12-06 20:19 ` Edgecombe, Rick P
2018-12-06 20:26 ` Andy Lutomirski
2018-12-06 20:26 ` Andy Lutomirski
2018-12-06 19:04 ` Ard Biesheuvel
2018-12-06 19:04 ` Ard Biesheuvel
2018-12-06 19:20 ` Andy Lutomirski
2018-12-06 19:20 ` Andy Lutomirski
2018-12-06 19:23 ` Ard Biesheuvel
2018-12-06 19:23 ` Ard Biesheuvel
2018-12-06 19:31 ` Will Deacon
2018-12-06 19:31 ` Will Deacon
2018-12-06 19:36 ` Ard Biesheuvel
2018-12-06 19:36 ` Ard Biesheuvel
2018-12-04 20:36 ` Nadav Amit
2018-12-04 20:36 ` Nadav Amit
2018-12-04 23:51 ` Edgecombe, Rick P
2018-12-04 23:51 ` Edgecombe, Rick P
2018-12-05 0:01 ` Nadav Amit
2018-12-05 0:01 ` Nadav Amit
2018-12-05 0:29 ` Edgecombe, Rick P
2018-12-05 0:29 ` Edgecombe, Rick P
2018-12-05 0:53 ` Nadav Amit
2018-12-05 0:53 ` Nadav Amit
2018-12-05 1:45 ` Edgecombe, Rick P
2018-12-05 1:45 ` Edgecombe, Rick P
2018-12-05 2:09 ` Nadav Amit
2018-12-05 2:09 ` Nadav Amit
2018-12-04 18:56 ` Andy Lutomirski
2018-12-04 18:56 ` Andy Lutomirski
2018-12-04 19:44 ` Nadav Amit
2018-12-04 19:44 ` Nadav Amit
2018-12-04 19:48 ` Andy Lutomirski
2018-12-04 19:48 ` Andy Lutomirski
2018-12-04 22:48 ` Nadav Amit
2018-12-04 22:48 ` Nadav Amit
2018-12-04 23:27 ` Andy Lutomirski
2018-12-04 23:27 ` Andy Lutomirski
2018-12-04 23:34 ` Nadav Amit
2018-12-04 23:34 ` Nadav Amit
2018-12-05 1:09 ` Edgecombe, Rick P
2018-12-05 1:09 ` Edgecombe, Rick P
2018-12-05 1:45 ` Nadav Amit
2018-12-05 1:45 ` Nadav Amit
2018-11-28 0:07 ` [PATCH 2/2] x86/modules: Make x86 allocs to flush when free Rick Edgecombe
2018-11-28 23:11 ` Andrew Morton
2018-11-29 0:02 ` Edgecombe, Rick P
2018-11-29 0:02 ` Edgecombe, Rick P
2018-11-29 1:40 ` Andy Lutomirski
2018-11-29 1:40 ` Andy Lutomirski
2018-11-29 6:14 ` Edgecombe, Rick P
2018-11-29 6:14 ` Edgecombe, Rick P
2018-11-28 1:06 ` [PATCH 0/2] Don’t leave executable TLB entries to freed pages Nadav Amit
2018-11-28 1:21 ` Nadav Amit
2018-11-28 9:57 ` Will Deacon
2018-11-28 18:29 ` Nadav Amit
2018-11-29 14:06 ` Masami Hiramatsu
2018-11-29 18:49 ` Edgecombe, Rick P
2018-11-29 18:49 ` Edgecombe, Rick P
2018-11-29 23:19 ` Masami Hiramatsu
2018-11-29 23:19 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181204160304.GB7195@arm.com \
--to=will.deacon@arm.com \
--cc=akpm@linux-foundation.org \
--cc=anil.s.keshavamurthy@intel.com \
--cc=ard.biesheuvel@linaro.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@intel.com \
--cc=davem@davemloft.net \
--cc=deneen.t.dock@intel.com \
--cc=jannh@google.com \
--cc=jeyu@kernel.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kristen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=naveen.n.rao@linux.vnet.ibm.com \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.