From: "Christopher M. Riedl" <cmr@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org
Cc: tglx@linutronix.de, x86@kernel.org,
linux-hardening@vger.kernel.org, keescook@chromium.org,
npiggin@gmail.com, dja@axtens.net, peterz@infradead.org
Subject: [PATCH v5 6/8] powerpc: Rework and improve STRICT_KERNEL_RWX patching
Date: Tue, 13 Jul 2021 00:31:11 -0500 [thread overview]
Message-ID: <20210713053113.4632-7-cmr@linux.ibm.com> (raw)
In-Reply-To: <20210713053113.4632-1-cmr@linux.ibm.com>
Rework code-patching with STRICT_KERNEL_RWX to prepare for the next
patch which uses a temporary mm for patching under the Book3s64 Radix
MMU. Make improvements by adding a WARN_ON when the patchsite doesn't
match after patching and return the error from __patch_instruction()
properly.
Signed-off-by: Christopher M. Riedl <cmr@linux.ibm.com>
---
v5: * New to series.
---
arch/powerpc/lib/code-patching.c | 51 +++++++++++++++++---------------
1 file changed, 27 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c
index 3122d8e4cc013..9f2eba9b70ee4 100644
--- a/arch/powerpc/lib/code-patching.c
+++ b/arch/powerpc/lib/code-patching.c
@@ -102,11 +102,12 @@ static inline void unuse_temporary_mm(struct temp_mm *temp_mm)
}
static DEFINE_PER_CPU(struct vm_struct *, text_poke_area);
+static DEFINE_PER_CPU(unsigned long, cpu_patching_addr);
#if IS_BUILTIN(CONFIG_LKDTM)
unsigned long read_cpu_patching_addr(unsigned int cpu)
{
- return (unsigned long)(per_cpu(text_poke_area, cpu))->addr;
+ return per_cpu(cpu_patching_addr, cpu);
}
#endif
@@ -121,6 +122,7 @@ static int text_area_cpu_up(unsigned int cpu)
return -1;
}
this_cpu_write(text_poke_area, area);
+ this_cpu_write(cpu_patching_addr, (unsigned long)area->addr);
return 0;
}
@@ -146,7 +148,7 @@ void __init poking_init(void)
/*
* This can be called for kernel text or a module.
*/
-static int map_patch_area(void *addr, unsigned long text_poke_addr)
+static int map_patch_area(void *addr)
{
unsigned long pfn;
int err;
@@ -156,17 +158,20 @@ static int map_patch_area(void *addr, unsigned long text_poke_addr)
else
pfn = __pa_symbol(addr) >> PAGE_SHIFT;
- err = map_kernel_page(text_poke_addr, (pfn << PAGE_SHIFT), PAGE_KERNEL);
+ err = map_kernel_page(__this_cpu_read(cpu_patching_addr),
+ (pfn << PAGE_SHIFT), PAGE_KERNEL);
- pr_devel("Mapped addr %lx with pfn %lx:%d\n", text_poke_addr, pfn, err);
+ pr_devel("Mapped addr %lx with pfn %lx:%d\n",
+ __this_cpu_read(cpu_patching_addr), pfn, err);
if (err)
return -1;
return 0;
}
-static inline int unmap_patch_area(unsigned long addr)
+static inline int unmap_patch_area(void)
{
+ unsigned long addr = __this_cpu_read(cpu_patching_addr);
pte_t *ptep;
pmd_t *pmdp;
pud_t *pudp;
@@ -175,23 +180,23 @@ static inline int unmap_patch_area(unsigned long addr)
pgdp = pgd_offset_k(addr);
if (unlikely(!pgdp))
- return -EINVAL;
+ goto out_err;
p4dp = p4d_offset(pgdp, addr);
if (unlikely(!p4dp))
- return -EINVAL;
+ goto out_err;
pudp = pud_offset(p4dp, addr);
if (unlikely(!pudp))
- return -EINVAL;
+ goto out_err;
pmdp = pmd_offset(pudp, addr);
if (unlikely(!pmdp))
- return -EINVAL;
+ goto out_err;
ptep = pte_offset_kernel(pmdp, addr);
if (unlikely(!ptep))
- return -EINVAL;
+ goto out_err;
pr_devel("clearing mm %p, pte %p, addr %lx\n", &init_mm, ptep, addr);
@@ -202,15 +207,17 @@ static inline int unmap_patch_area(unsigned long addr)
flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
return 0;
+
+out_err:
+ pr_warn("failed to unmap %lx\n", addr);
+ return -EINVAL;
}
static int do_patch_instruction(u32 *addr, struct ppc_inst instr)
{
- int err;
+ int err, rc = 0;
u32 *patch_addr = NULL;
unsigned long flags;
- unsigned long text_poke_addr;
- unsigned long kaddr = (unsigned long)addr;
/*
* During early early boot patch_instruction is called
@@ -222,24 +229,20 @@ static int do_patch_instruction(u32 *addr, struct ppc_inst instr)
local_irq_save(flags);
- text_poke_addr = (unsigned long)__this_cpu_read(text_poke_area)->addr;
- if (map_patch_area(addr, text_poke_addr)) {
- err = -1;
+ err = map_patch_area(addr);
+ if (err)
goto out;
- }
-
- patch_addr = (u32 *)(text_poke_addr + (kaddr & ~PAGE_MASK));
- __patch_instruction(addr, instr, patch_addr);
+ patch_addr = (u32 *)(__this_cpu_read(cpu_patching_addr) | offset_in_page(addr));
+ rc = __patch_instruction(addr, instr, patch_addr);
- err = unmap_patch_area(text_poke_addr);
- if (err)
- pr_warn("failed to unmap %lx\n", text_poke_addr);
+ err = unmap_patch_area();
out:
local_irq_restore(flags);
+ WARN_ON(!ppc_inst_equal(ppc_inst_read(addr), instr));
- return err;
+ return rc ? rc : err;
}
#else /* !CONFIG_STRICT_KERNEL_RWX */
--
2.26.1
WARNING: multiple messages have this Message-ID (diff)
From: "Christopher M. Riedl" <cmr@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org
Cc: keescook@chromium.org, peterz@infradead.org, x86@kernel.org,
npiggin@gmail.com, linux-hardening@vger.kernel.org,
tglx@linutronix.de, dja@axtens.net
Subject: [PATCH v5 6/8] powerpc: Rework and improve STRICT_KERNEL_RWX patching
Date: Tue, 13 Jul 2021 00:31:11 -0500 [thread overview]
Message-ID: <20210713053113.4632-7-cmr@linux.ibm.com> (raw)
In-Reply-To: <20210713053113.4632-1-cmr@linux.ibm.com>
Rework code-patching with STRICT_KERNEL_RWX to prepare for the next
patch which uses a temporary mm for patching under the Book3s64 Radix
MMU. Make improvements by adding a WARN_ON when the patchsite doesn't
match after patching and return the error from __patch_instruction()
properly.
Signed-off-by: Christopher M. Riedl <cmr@linux.ibm.com>
---
v5: * New to series.
---
arch/powerpc/lib/code-patching.c | 51 +++++++++++++++++---------------
1 file changed, 27 insertions(+), 24 deletions(-)
diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c
index 3122d8e4cc013..9f2eba9b70ee4 100644
--- a/arch/powerpc/lib/code-patching.c
+++ b/arch/powerpc/lib/code-patching.c
@@ -102,11 +102,12 @@ static inline void unuse_temporary_mm(struct temp_mm *temp_mm)
}
static DEFINE_PER_CPU(struct vm_struct *, text_poke_area);
+static DEFINE_PER_CPU(unsigned long, cpu_patching_addr);
#if IS_BUILTIN(CONFIG_LKDTM)
unsigned long read_cpu_patching_addr(unsigned int cpu)
{
- return (unsigned long)(per_cpu(text_poke_area, cpu))->addr;
+ return per_cpu(cpu_patching_addr, cpu);
}
#endif
@@ -121,6 +122,7 @@ static int text_area_cpu_up(unsigned int cpu)
return -1;
}
this_cpu_write(text_poke_area, area);
+ this_cpu_write(cpu_patching_addr, (unsigned long)area->addr);
return 0;
}
@@ -146,7 +148,7 @@ void __init poking_init(void)
/*
* This can be called for kernel text or a module.
*/
-static int map_patch_area(void *addr, unsigned long text_poke_addr)
+static int map_patch_area(void *addr)
{
unsigned long pfn;
int err;
@@ -156,17 +158,20 @@ static int map_patch_area(void *addr, unsigned long text_poke_addr)
else
pfn = __pa_symbol(addr) >> PAGE_SHIFT;
- err = map_kernel_page(text_poke_addr, (pfn << PAGE_SHIFT), PAGE_KERNEL);
+ err = map_kernel_page(__this_cpu_read(cpu_patching_addr),
+ (pfn << PAGE_SHIFT), PAGE_KERNEL);
- pr_devel("Mapped addr %lx with pfn %lx:%d\n", text_poke_addr, pfn, err);
+ pr_devel("Mapped addr %lx with pfn %lx:%d\n",
+ __this_cpu_read(cpu_patching_addr), pfn, err);
if (err)
return -1;
return 0;
}
-static inline int unmap_patch_area(unsigned long addr)
+static inline int unmap_patch_area(void)
{
+ unsigned long addr = __this_cpu_read(cpu_patching_addr);
pte_t *ptep;
pmd_t *pmdp;
pud_t *pudp;
@@ -175,23 +180,23 @@ static inline int unmap_patch_area(unsigned long addr)
pgdp = pgd_offset_k(addr);
if (unlikely(!pgdp))
- return -EINVAL;
+ goto out_err;
p4dp = p4d_offset(pgdp, addr);
if (unlikely(!p4dp))
- return -EINVAL;
+ goto out_err;
pudp = pud_offset(p4dp, addr);
if (unlikely(!pudp))
- return -EINVAL;
+ goto out_err;
pmdp = pmd_offset(pudp, addr);
if (unlikely(!pmdp))
- return -EINVAL;
+ goto out_err;
ptep = pte_offset_kernel(pmdp, addr);
if (unlikely(!ptep))
- return -EINVAL;
+ goto out_err;
pr_devel("clearing mm %p, pte %p, addr %lx\n", &init_mm, ptep, addr);
@@ -202,15 +207,17 @@ static inline int unmap_patch_area(unsigned long addr)
flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
return 0;
+
+out_err:
+ pr_warn("failed to unmap %lx\n", addr);
+ return -EINVAL;
}
static int do_patch_instruction(u32 *addr, struct ppc_inst instr)
{
- int err;
+ int err, rc = 0;
u32 *patch_addr = NULL;
unsigned long flags;
- unsigned long text_poke_addr;
- unsigned long kaddr = (unsigned long)addr;
/*
* During early early boot patch_instruction is called
@@ -222,24 +229,20 @@ static int do_patch_instruction(u32 *addr, struct ppc_inst instr)
local_irq_save(flags);
- text_poke_addr = (unsigned long)__this_cpu_read(text_poke_area)->addr;
- if (map_patch_area(addr, text_poke_addr)) {
- err = -1;
+ err = map_patch_area(addr);
+ if (err)
goto out;
- }
-
- patch_addr = (u32 *)(text_poke_addr + (kaddr & ~PAGE_MASK));
- __patch_instruction(addr, instr, patch_addr);
+ patch_addr = (u32 *)(__this_cpu_read(cpu_patching_addr) | offset_in_page(addr));
+ rc = __patch_instruction(addr, instr, patch_addr);
- err = unmap_patch_area(text_poke_addr);
- if (err)
- pr_warn("failed to unmap %lx\n", text_poke_addr);
+ err = unmap_patch_area();
out:
local_irq_restore(flags);
+ WARN_ON(!ppc_inst_equal(ppc_inst_read(addr), instr));
- return err;
+ return rc ? rc : err;
}
#else /* !CONFIG_STRICT_KERNEL_RWX */
--
2.26.1
next prev parent reply other threads:[~2021-07-13 5:31 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-13 5:31 [PATCH v5 0/8] Use per-CPU temporary mappings for patching on Radix MMU Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-07-13 5:31 ` [PATCH v5 1/8] powerpc: Add LKDTM accessor for patching addr Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-07-13 5:31 ` [PATCH v5 2/8] lkdtm/powerpc: Add test to hijack a patch mapping Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-08-05 9:13 ` Christophe Leroy
2021-08-11 17:57 ` Christopher M. Riedl
2021-08-11 17:57 ` Christopher M. Riedl
2021-08-11 18:07 ` Kees Cook
2021-08-11 18:07 ` Kees Cook
2021-07-13 5:31 ` [PATCH v5 3/8] x86_64: Add LKDTM accessor for patching addr Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-07-13 5:31 ` [PATCH v5 4/8] lkdtm/x86_64: Add test to hijack a patch mapping Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-08-05 9:09 ` Christophe Leroy
2021-08-11 17:53 ` Christopher M. Riedl
2021-08-11 17:53 ` Christopher M. Riedl
2021-07-13 5:31 ` [PATCH v5 5/8] powerpc/64s: Introduce temporary mm for Radix MMU Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-08-05 9:27 ` Christophe Leroy
2021-08-11 18:02 ` Christopher M. Riedl
2021-08-11 18:02 ` Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl [this message]
2021-07-13 5:31 ` [PATCH v5 6/8] powerpc: Rework and improve STRICT_KERNEL_RWX patching Christopher M. Riedl
2021-08-05 9:34 ` Christophe Leroy
2021-08-11 18:10 ` Christopher M. Riedl
2021-08-11 18:10 ` Christopher M. Riedl
2021-07-13 5:31 ` [PATCH v5 7/8] powerpc/64s: Initialize and use a temporary mm for patching on Radix Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-08-05 9:48 ` Christophe Leroy
2021-08-11 18:28 ` Christopher M. Riedl
2021-08-11 18:28 ` Christopher M. Riedl
2021-07-13 5:31 ` [PATCH v5 8/8] lkdtm/powerpc: Fix code patching hijack test Christopher M. Riedl
2021-07-13 5:31 ` Christopher M. Riedl
2021-08-05 9:18 ` Christophe Leroy
2021-08-11 17:57 ` Christopher M. Riedl
2021-08-11 17:57 ` Christopher M. Riedl
2021-08-05 9:03 ` [PATCH v5 0/8] Use per-CPU temporary mappings for patching on Radix MMU Christophe Leroy
2021-08-11 17:49 ` Christopher M. Riedl
2021-08-11 17:49 ` Christopher M. Riedl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210713053113.4632-7-cmr@linux.ibm.com \
--to=cmr@linux.ibm.com \
--cc=dja@axtens.net \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=npiggin@gmail.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.