From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 4/8] arm: use fixmap for text patching when text is RO
Date: Thu, 4 Sep 2014 10:27:21 +0100 [thread overview]
Message-ID: <20140904092720.GA7156@arm.com> (raw)
In-Reply-To: <CAGXu5jJ890ruLO8Nit2exMSWigSM71kfZOkLoF0DcY1viFiX_A@mail.gmail.com>
On Wed, Sep 03, 2014 at 10:43:58PM +0100, Kees Cook wrote:
> On Wed, Aug 20, 2014 at 5:28 AM, Kees Cook <keescook@chromium.org> wrote:
> > On Tue, Aug 19, 2014 at 7:29 AM, Will Deacon <will.deacon@arm.com> wrote:
> >> On Wed, Aug 13, 2014 at 06:06:29PM +0100, Kees Cook wrote:
> >>> +static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
> >>> + __acquires(&patch_lock)
> >>> +{
> >>> + unsigned int uintaddr = (uintptr_t) addr;
> >>> + bool module = !core_kernel_text(uintaddr);
> >>> + struct page *page;
> >>> +
> >>> + if (module && IS_ENABLED(CONFIG_DEBUG_SET_MODULE_RONX))
> >>> + page = vmalloc_to_page(addr);
> >>> + else if (!module && IS_ENABLED(CONFIG_DEBUG_RODATA))
> >>> + page = virt_to_page(addr);
> >>> + else
> >>> + return addr;
> >>> +
> >>> + if (flags)
> >>> + spin_lock_irqsave(&patch_lock, *flags);
> >>> + else
> >>> + __acquire(&patch_lock);
> >>
> >> I don't understand the locking here. Why is it conditional, why do we need
> >> to disable interrupts, and are you just racing against yourself?
> >
> > AIUI, the locking is here to avoid multiple users of the text poking
> > fixmaps. It's conditional because there are two fixmaps
> > (FIX_TEXT_POKE0 and FIX_TEXT_POKE1). Locking happens around 0 so
> > locking around 1 is not needed since it is only ever used when 0 is in
> > use. (__patch_text_real locks patch_lock before setting 0 when it uses
> > remapping, and if it also needs 1, it doesn't have to lock since the
> > lock is already held.)
> >
> >>> + set_fixmap(fixmap, page_to_phys(page));
> >>
> >> set_fixmap does TLB invalidation, right? I think that means it can block on
> >> 11MPCore and A15 w/ the TLBI erratum, so it's not safe to call this with
> >> interrupts disabled anyway.
> >
> > Oh right. Hrm.
> >
> > In an earlier version of this series set_fixmap did not perform TLB
> > invalidation. I wonder if this is not needed at all? (Wouldn't that be
> > nice...)
>
> As suspected, my tests fail spectacularly without the TLB flush.
> Adding WARN_ON(!irqs_disabled()) doesn't warn, so I think we're safe
> here. Should I leave the WARN_ON in place for clarity, or some other
> comments?
I thought there was a potential call to spin_lock_irqsave right before
this TLB flush?
Will
next prev parent reply other threads:[~2014-09-04 9:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-13 17:06 [PATCH v4 0/8] arm: support CONFIG_RODATA Kees Cook
2014-08-13 17:06 ` [PATCH v4 1/8] arm: use generic fixmap.h Kees Cook
2014-08-13 17:06 ` [PATCH v4 2/8] ARM: expand fixmap region to 3MB Kees Cook
2014-08-19 12:26 ` Will Deacon
2014-08-20 12:16 ` Kees Cook
2014-08-26 14:37 ` Will Deacon
2014-08-13 17:06 ` [PATCH v4 3/8] arm: fixmap: implement __set_fixmap() Kees Cook
2014-08-13 17:06 ` [PATCH v4 4/8] arm: use fixmap for text patching when text is RO Kees Cook
2014-08-19 12:29 ` Will Deacon
2014-08-20 12:28 ` Kees Cook
2014-09-03 21:43 ` Kees Cook
2014-09-04 9:27 ` Will Deacon [this message]
2014-09-04 14:00 ` Kees Cook
2014-09-04 14:06 ` Will Deacon
2014-08-13 17:06 ` [PATCH v4 5/8] ARM: kexec: Make .text R/W in machine_kexec Kees Cook
2014-08-13 17:06 ` [PATCH v4 6/8] arm: kgdb: Handle read-only text / modules Kees Cook
2014-08-13 17:06 ` [PATCH v4 7/8] ARM: mm: allow non-text sections to be non-executable Kees Cook
2014-08-19 12:33 ` Will Deacon
2014-08-20 12:37 ` Kees Cook
2014-08-26 14:43 ` Will Deacon
2014-08-29 16:04 ` Kees Cook
2014-08-31 14:59 ` Rabin Vincent
2014-08-13 17:06 ` [PATCH v4 8/8] ARM: mm: allow text and rodata sections to be read-only Kees Cook
2014-08-19 12:36 ` Will Deacon
2014-08-20 12:52 ` Kees Cook
2014-08-13 17:38 ` [PATCH v4 0/8] arm: support CONFIG_RODATA Nicolas Pitre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140904092720.GA7156@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).