From: oleg@redhat.com (Oleg Nesterov)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH v4] ARM: uprobes xol write directly to userspace
Date: Wed, 16 Apr 2014 16:51:07 +0200 [thread overview]
Message-ID: <20140416145107.GA11039@redhat.com> (raw)
In-Reply-To: <1397626297-23873-2-git-send-email-victor.kamensky@linaro.org>
On 04/15, Victor Kamensky wrote:
>
> --- a/kernel/events/uprobes.c
> +++ b/kernel/events/uprobes.c
> @@ -1149,7 +1149,7 @@ static int xol_add_vma(struct mm_struct *mm, struct xol_area *area)
> }
>
> ret = install_special_mapping(mm, area->vaddr, PAGE_SIZE,
> - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, &area->page);
> + VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO|VM_WRITE, &area->page);
Yes, this is nasty.
I would like to have a reason to nack this change ;) Unfortunately the current
code is buggy too and we need to protect the kernel from malicious applications
which can rewrite the insn we are going to step over in UTASK_SSTEP state anyway.
> +void __weak arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr,
> + void *src, unsigned long len)
> +{
> + /*
> + * Note if CPU does not support instructions write snooping
> + * from dcache it needs to define its own version of this
> + * function that would take care of proper cache flushes.
> + *
> + * Nothing we can do if it fails, added if to make unused
> + * result warning happy. If xol write failed because process
> + * unmapped xol area by mistake, process will crash in some
> + * other place.
> + */
> + if (__copy_to_user((void *) vaddr, src, len));
> +}
Plus, again, this can write to another mapping, say to file-backed memory.
Finally, with this change it won't be possible to share this xol memory with
other tasks.
But it seems that it is pointless to argue.
Oleg.
next prev parent reply other threads:[~2014-04-16 14:51 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-16 5:31 [RFC PATCH v4] ARM: uprobes xol write directly to userspace Victor Kamensky
2014-04-16 5:31 ` Victor Kamensky
2014-04-16 14:51 ` Oleg Nesterov [this message]
2014-04-16 15:00 ` David Miller
2014-04-16 16:43 ` Oleg Nesterov
2014-04-16 17:38 ` David Miller
2014-04-16 19:18 ` Oleg Nesterov
2014-04-16 19:37 ` David Miller
2014-04-16 20:24 ` David Long
2014-04-16 21:21 ` David Miller
2014-04-16 22:01 ` Victor Kamensky
2014-04-16 22:25 ` Russell King - ARM Linux
2014-04-16 23:19 ` David Long
2014-04-21 16:16 ` David Long
2014-04-21 16:41 ` Linus Torvalds
2014-04-21 17:56 ` Victor Kamensky
2014-04-16 19:53 ` Russell King - ARM Linux
2014-04-16 20:23 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140416145107.GA11039@redhat.com \
--to=oleg@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).