From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E7BE3947AB; Thu, 4 Jun 2026 07:43:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780559008; cv=none; b=M33ylAHJzNEyuBjgcIGCtVHyBVg4gdHUvvduQxppNAPC7M3w9cRw0WiI7uETGrPN5KOrpXP9rWkCyI9p8J8Aew1xRKPS8T4+hxaAOiWDzev8brwZCkFzx6oYVSRF3hKHnabJR2PAaOEnoPMBovi2dBa1Azr2Hkm/uvHjWnJ4cGs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780559008; c=relaxed/simple; bh=fAEkZfvTx0bV/fhxeNMZOpVnOoYX52wbeVc64QTELDk=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=BgFdOCZKu0j3dH0mqgC4hCE15dAXmjeQS3wkEXFrsp3mmkyt4lidb5dw2sSol4Dwtm2dDERhtohoeH6lwTexQpe0Uyfeg3PfACl9r7Yyld4yhbK9igtD0C6KGD0dfd/XfJI/z0+MvPsDq20AD3xA+Vn28DJeT159ghfSO8leM/8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FP8b2xGD; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FP8b2xGD" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 93BE01F00893; Thu, 4 Jun 2026 07:43:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780559006; bh=FcphQ0Rw2o1L4ixWXv1z/UyHZdPxmHTlt/k525r269U=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=FP8b2xGDkzxHJ7n2qYYxpH1CybRl8kL3CD+0OVxwkPI/nHpC05YEnca4gvdN7gNb/ lNynqq4CtTAoVYy5gcVYxgxcyR+ySL7wGXlUJl7SXYUt+iBE7iVmXvpBBM+2ZqjF6g S6HCf1RdhXjHRVgAnWsNT2IkrrMof03Tzon8NrSOG7oG6Q7iIrM9GW/GzpfWV+Z0QD x0c9tYofo+wlJFnOT8RyGrdU6BkUBheELnytF2mQlTwMYTlA7KUDyyB2PVRQFlSBgg rBdpIxXTBVVqbhtHf77+iowcjPoA1Dv5MyERvxzSPC/DKi6Z0ThqJoDesIlgePnZYK 2LCn5WB81zLvw== Message-ID: <11d2f0bd-baca-42aa-89ce-328a9d555f7e@kernel.org> Date: Thu, 4 Jun 2026 09:43:19 +0200 Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v7 11/15] powerpc/code-patching: Avoid r/w mapping of the zero page To: Ard Biesheuvel , linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Anshuman Khandual , Kevin Brodsky , Liz Prucka , Seth Jenkins , Kees Cook , Mike Rapoport , David Hildenbrand , Andrew Morton , Jann Horn , linux-mm@kvack.org, linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-sh@vger.kernel.org, Madhavan Srinivasan , Michael Ellerman , Nicholas Piggin References: <20260529150150.1670604-17-ardb+git@google.com> <20260529150150.1670604-28-ardb+git@google.com> Content-Language: fr-FR From: "Christophe Leroy (CS GROUP)" In-Reply-To: <20260529150150.1670604-28-ardb+git@google.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Le 29/05/2026 à 17:02, Ard Biesheuvel a écrit : > From: Ard Biesheuvel > > The only remaining use of map_patch_area() is mapping the zero page, and > immediately unmapping it again so that the intermediate page table > levels are all guaranteed to be populated. > > The use of the zero page here is completely arbitrary, and not harmful > per se, but currently, it creates a writable mapping, and does so in a > manner that requires that the empty_zero_page[] symbol is not > const-qualified. > > Given that this is about to change, and that map_patch_area() now never > maps anything other than the zero page, let's simplify the code and > - remove the helpers and call [un]map_kernel_page() directly > - take the PA of empty_zero_page directly > - create a read-only temporary mapping. > > This allows empty_zero_page[] to be repainted as const u8[] in a > subsequent patch, without making substantial changes to this code > patching logic. > > Cc: Madhavan Srinivasan > Cc: Michael Ellerman > Cc: Nicholas Piggin > Cc: "Christophe Leroy (CS GROUP)" > Link: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Fall%2F20260520085423.485402-1-ardb%40kernel.org%2F&data=05%7C02%7Cchristophe.leroy%40csgroup.eu%7Ca75a9b5e25f14d0d9b2208debd935266%7C8b87af7d86474dc78df45f69a2011bb5%7C0%7C0%7C639156637598013085%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Q82ykchJOsuWlbmq%2BKFb2cTWIU4wGXbR53VQjNvgOCk%3D&reserved=0 > Signed-off-by: Ard Biesheuvel Reviewed-by: "Christophe Leroy (CS GROUP)" > --- > arch/powerpc/lib/code-patching.c | 52 +------------------- > 1 file changed, 2 insertions(+), 50 deletions(-) > > diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c > index f84e0337cc02..44ff9f684bef 100644 > --- a/arch/powerpc/lib/code-patching.c > +++ b/arch/powerpc/lib/code-patching.c > @@ -60,9 +60,6 @@ struct patch_context { > > static DEFINE_PER_CPU(struct patch_context, cpu_patching_context); > > -static int map_patch_area(void *addr, unsigned long text_poke_addr); > -static void unmap_patch_area(unsigned long addr); > - > static bool mm_patch_enabled(void) > { > return IS_ENABLED(CONFIG_SMP) && radix_enabled(); > @@ -117,11 +114,11 @@ static int text_area_cpu_up(unsigned int cpu) > > // Map/unmap the area to ensure all page tables are pre-allocated > addr = (unsigned long)area->addr; > - err = map_patch_area(empty_zero_page, addr); > + err = map_kernel_page(addr, __pa_symbol(empty_zero_page), PAGE_KERNEL_RO); > if (err) > return err; > > - unmap_patch_area(addr); > + unmap_kernel_page(addr); > > this_cpu_write(cpu_patching_context.area, area); > this_cpu_write(cpu_patching_context.addr, addr); > @@ -233,51 +230,6 @@ static unsigned long get_patch_pfn(void *addr) > return __pa_symbol(addr) >> PAGE_SHIFT; > } > > -/* > - * This can be called for kernel text or a module. > - */ > -static int map_patch_area(void *addr, unsigned long text_poke_addr) > -{ > - unsigned long pfn = get_patch_pfn(addr); > - > - return map_kernel_page(text_poke_addr, (pfn << PAGE_SHIFT), PAGE_KERNEL); > -} > - > -static void unmap_patch_area(unsigned long addr) > -{ > - pte_t *ptep; > - pmd_t *pmdp; > - pud_t *pudp; > - p4d_t *p4dp; > - pgd_t *pgdp; > - > - pgdp = pgd_offset_k(addr); > - if (WARN_ON(pgd_none(*pgdp))) > - return; > - > - p4dp = p4d_offset(pgdp, addr); > - if (WARN_ON(p4d_none(*p4dp))) > - return; > - > - pudp = pud_offset(p4dp, addr); > - if (WARN_ON(pud_none(*pudp))) > - return; > - > - pmdp = pmd_offset(pudp, addr); > - if (WARN_ON(pmd_none(*pmdp))) > - return; > - > - ptep = pte_offset_kernel(pmdp, addr); > - if (WARN_ON(pte_none(*ptep))) > - return; > - > - /* > - * In hash, pte_clear flushes the tlb, in radix, we have to > - */ > - pte_clear(&init_mm, addr, ptep); > - flush_tlb_kernel_range(addr, addr + PAGE_SIZE); > -} > - > static int __do_patch_mem_mm(void *addr, unsigned long val, bool is_dword) > { > int err;