From: lauraa@codeaurora.org (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/3] arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support
Date: Tue, 06 May 2014 10:53:28 -0700 [thread overview]
Message-ID: <53692198.3010802@codeaurora.org> (raw)
In-Reply-To: <20140502153023.GH17370@arm.com>
On 5/2/2014 8:30 AM, Will Deacon wrote:
> On Fri, May 02, 2014 at 03:07:11PM +0100, Steve Capper wrote:
>> On Thu, Apr 17, 2014 at 05:47:01PM -0700, Laura Abbott wrote:
>>> In a similar fashion to other architecture, add the infrastructure
>>> and Kconfig to enable DEBUG_SET_MODULE_RONX support. When
>>> enabled, module ranges will be marked read-only/no-execute as
>>> appropriate.
>>>
>>> Change-Id: I4251a0929b1fe6f43f84b14f0a64fed30769700e
>>> Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
>>> ---
>>
>> [ ... ]
>>
>>> diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
>>> new file mode 100644
>>> index 0000000..e48f980
>>> --- /dev/null
>>> +++ b/arch/arm64/mm/pageattr.c
>>
>> [ ... ]
>>
>>> +static int change_memory_common(unsigned long addr, int numpages,
>>> + pgprot_t prot, bool set)
>>> +{
>>> + unsigned long start = addr;
>>> + unsigned long size = PAGE_SIZE*numpages;
>>> + unsigned long end = start + size;
>>> + int ret;
>>> +
>>> + if (start < MODULES_VADDR || start >= MODULES_END)
>>> + return -EINVAL;
>>> +
>>> + if (end < MODULES_VADDR || end >= MODULES_END)
>>> + return -EINVAL;
>>> +
>>> + if (set)
>>> + ret = apply_to_page_range(&init_mm, start, size,
>>> + set_page_range, (void *)prot);
>>> + else
>>> + ret = apply_to_page_range(&init_mm, start, size,
>>> + clear_page_range, (void *)prot);
>>> +
>>> + flush_tlb_kernel_range(start, end);
>>
>> Could you please add an isb() here? (We're about to nuke the one in
>> flush_tlb_kernel_range).
>
> Thinking about this even more (too much?), how does this work with SMP
> anyway? You need each CPU to execute an isb(), so this just a race that
> is dealt with already (probably treated as benign)?
>
Yes unless we want to IPI an isb I think this should be a mostly benign
race. I say 'mostly' only because this is a security/debug feature so
there could be a hole to take advantage of. Then again, because we map
and then set permissions later there is always a chance of a race.
I'll add the isb for v2 based on Will's patch set.
Laura
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
next prev parent reply other threads:[~2014-05-06 17:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-18 0:47 [PATCH 0/3] Page protections for arm64 Laura Abbott
2014-04-18 0:47 ` [PATCH 1/3] arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support Laura Abbott
2014-05-02 14:07 ` Steve Capper
2014-05-02 15:30 ` Will Deacon
2014-05-06 17:53 ` Laura Abbott [this message]
2014-04-18 0:47 ` [PATCH 2/3] arm64: Treat handle_arch_irq as a function pointer Laura Abbott
2014-04-22 10:48 ` Will Deacon
2014-04-18 0:47 ` [PATCH 3/3] arm64: WIP: add better page protections to arm64 Laura Abbott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53692198.3010802@codeaurora.org \
--to=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).