From: Igor Stoppa <igor.stoppa@gmail.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Kees Cook <keescook@chromium.org>,
Matthew Wilcox <willy@infradead.org>,
Dave Chinner <david@fromorbit.com>,
James Morris <jmorris@namei.org>,
Michal Hocko <mhocko@kernel.org>,
kernel-hardening@lists.openwall.com,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, igor.stoppa@huawei.com,
Dave Hansen <dave.hansen@linux.intel.com>,
Jonathan Corbet <corbet@lwn.net>,
Laura Abbott <labbott@redhat.com>,
Vlastimil Babka <vbabka@suse.cz>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Pavel Tatashin <pasha.tatashin@oracle.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 02/17] prmem: write rare for static allocation
Date: Mon, 29 Oct 2018 22:01:22 +0200 [thread overview]
Message-ID: <e3ef00ef-3d28-2336-7bae-2e4f738a6e44@gmail.com> (raw)
In-Reply-To: <20181026094105.GE3159@worktop.c.hoisthospitality.com>
On 26/10/2018 10:41, Peter Zijlstra wrote:
> On Wed, Oct 24, 2018 at 12:34:49AM +0300, Igor Stoppa wrote:
>> +static __always_inline
>
> That's far too large for inline.
The reason for it is that it's supposed to minimize the presence of
gadgets that might be used in JOP attacks.
I am ready to stand corrected, if I'm wrong, but this is the reason why
I did it.
Regarding the function being too large, yes, I would not normally choose
it for inlining.
Actually, I would not normally use "__always_inline" and instead I would
limit myself to plain "inline", at most.
>
>> +bool wr_memset(const void *dst, const int c, size_t n_bytes)
>> +{
>> + size_t size;
>> + unsigned long flags;
>> + uintptr_t d = (uintptr_t)dst;
>> +
>> + if (WARN(!__is_wr_after_init(dst, n_bytes), WR_ERR_RANGE_MSG))
>> + return false;
>> + while (n_bytes) {
>> + struct page *page;
>> + uintptr_t base;
>> + uintptr_t offset;
>> + uintptr_t offset_complement;
>> +
>> + local_irq_save(flags);
>> + page = virt_to_page(d);
>> + offset = d & ~PAGE_MASK;
>> + offset_complement = PAGE_SIZE - offset;
>> + size = min(n_bytes, offset_complement);
>> + base = (uintptr_t)vmap(&page, 1, VM_MAP, PAGE_KERNEL);
>> + if (WARN(!base, WR_ERR_PAGE_MSG)) {
>> + local_irq_restore(flags);
>> + return false;
>> + }
>> + memset((void *)(base + offset), c, size);
>> + vunmap((void *)base);
>
> BUG
yes, somehow I managed to drop this debug configuration from the debug
builds I made.
[...]
> Also, I see an amount of duplication here that shows you're not nearly
> lazy enough.
I did notice a certain amount of duplication, but I didn't know how to
exploit it.
--
igor
next prev parent reply other threads:[~2018-10-29 20:01 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20181023213504.28905-1-igor.stoppa@huawei.com>
2018-10-23 21:34 ` [PATCH 02/17] prmem: write rare for static allocation Igor Stoppa
2018-10-25 0:24 ` Dave Hansen
2018-10-29 18:03 ` Igor Stoppa
2018-10-26 9:41 ` Peter Zijlstra
2018-10-29 20:01 ` Igor Stoppa [this message]
2018-10-23 21:34 ` [PATCH 03/17] prmem: vmalloc support for dynamic allocation Igor Stoppa
2018-10-25 0:26 ` Dave Hansen
2018-10-29 18:07 ` Igor Stoppa
2018-10-23 21:34 ` [PATCH 04/17] prmem: " Igor Stoppa
2018-10-23 21:34 ` [PATCH 05/17] prmem: shorthands for write rare on common types Igor Stoppa
2018-10-25 0:28 ` Dave Hansen
2018-10-29 18:12 ` Igor Stoppa
2018-10-23 21:34 ` [PATCH 06/17] prmem: test cases for memory protection Igor Stoppa
2018-10-24 3:27 ` Randy Dunlap
2018-10-24 14:24 ` Igor Stoppa
2018-10-25 16:43 ` Dave Hansen
2018-10-29 18:16 ` Igor Stoppa
2018-10-23 21:34 ` [PATCH 07/17] prmem: lkdtm tests " Igor Stoppa
2018-10-23 21:34 ` [PATCH 08/17] prmem: struct page: track vmap_area Igor Stoppa
2018-10-24 3:12 ` Matthew Wilcox
2018-10-24 23:01 ` Igor Stoppa
2018-10-25 2:13 ` Matthew Wilcox
2018-10-29 18:21 ` Igor Stoppa
2018-10-23 21:34 ` [PATCH 09/17] prmem: hardened usercopy Igor Stoppa
2018-10-29 11:45 ` Chris von Recklinghausen
2018-10-29 18:24 ` Igor Stoppa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3ef00ef-3d28-2336-7bae-2e4f738a6e44@gmail.com \
--to=igor.stoppa@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=david@fromorbit.com \
--cc=igor.stoppa@huawei.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=labbott@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mhocko@kernel.org \
--cc=pasha.tatashin@oracle.com \
--cc=peterz@infradead.org \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).