From: "Jürgen Groß" <jgross@suse.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org, xin@zytor.com,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
stable@vger.kernel.org
Subject: Re: [PATCH 3/3] x86/alternative: make kernel ITS thunks read-only
Date: Wed, 28 May 2025 15:19:24 +0200 [thread overview]
Message-ID: <044f0048-95bb-4822-978e-a23528f3891f@suse.com> (raw)
In-Reply-To: <20250528131052.GZ39944@noisy.programming.kicks-ass.net>
[-- Attachment #1.1.1: Type: text/plain, Size: 2237 bytes --]
On 28.05.25 15:10, Peter Zijlstra wrote:
> On Wed, May 28, 2025 at 02:35:57PM +0200, Juergen Gross wrote:
>> When allocating memory pages for kernel ITS thunks, make them read-only
>> after having written the last thunk.
>>
>> This will be needed when X86_FEATURE_PSE isn't available, as the thunk
>> memory will have PAGE_KERNEL_EXEC protection, which is including the
>> write permission.
>>
>> Cc: <stable@vger.kernel.org>
>> Fixes: 5185e7f9f3bd ("x86/module: enable ROX caches for module text on 64 bit")
>> Signed-off-by: Juergen Gross <jgross@suse.com>
>> ---
>> arch/x86/kernel/alternative.c | 16 ++++++++++++++++
>> 1 file changed, 16 insertions(+)
>>
>> diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
>> index ecfe7b497cad..bd974a0ac88a 100644
>> --- a/arch/x86/kernel/alternative.c
>> +++ b/arch/x86/kernel/alternative.c
>> @@ -217,6 +217,15 @@ static void *its_alloc(void)
>> return no_free_ptr(page);
>> }
>>
>> +static void its_set_kernel_ro(void *addr)
>> +{
>> +#ifdef CONFIG_MODULES
>> + if (its_mod)
>> + return;
>> +#endif
>> + execmem_restore_rox(addr, PAGE_SIZE);
>> +}
>> +
>> static void *its_allocate_thunk(int reg)
>> {
>> int size = 3 + (reg / 8);
>> @@ -234,6 +243,8 @@ static void *its_allocate_thunk(int reg)
>> #endif
>>
>> if (!its_page || (its_offset + size - 1) >= PAGE_SIZE) {
>> + if (its_page)
>> + its_set_kernel_ro(its_page);
>> its_page = its_alloc();
>> if (!its_page) {
>> pr_err("ITS page allocation failed\n");
>> @@ -2338,6 +2349,11 @@ void __init alternative_instructions(void)
>> apply_retpolines(__retpoline_sites, __retpoline_sites_end);
>> apply_returns(__return_sites, __return_sites_end);
>>
>> + /* Make potential last thunk page read-only. */
>> + if (its_page)
>> + its_set_kernel_ro(its_page);
>> + its_page = NULL;
>> +
>> /*
>> * Adjust all CALL instructions to point to func()-10, including
>> * those in .altinstr_replacement.
>
> No, this is all sorts of wrong. Execmem API should ensure this.
You are aware that this patch is basically mirroring the work which is
already done for modules in alternative.c?
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3743 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
next prev parent reply other threads:[~2025-05-28 13:19 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-28 12:35 [PATCH 0/3] x86: Fix some bugs related to ITS mitigation Juergen Gross
2025-05-28 12:35 ` [PATCH 1/3] x86/execmem: don't use PAGE_KERNEL protection for code pages Juergen Gross
2025-05-28 17:27 ` Mike Rapoport
2025-05-28 18:22 ` Jürgen Groß
2025-05-30 7:44 ` Peter Zijlstra
2025-05-28 12:35 ` [PATCH 2/3] x86/mm/pat: don't collapse pages without PSE set Juergen Gross
2025-06-11 9:30 ` [tip: x86/urgent] " tip-bot2 for Juergen Gross
2025-05-28 12:35 ` [PATCH 3/3] x86/alternative: make kernel ITS thunks read-only Juergen Gross
2025-05-28 13:10 ` Peter Zijlstra
2025-05-28 13:19 ` Jürgen Groß [this message]
2025-05-28 13:22 ` Peter Zijlstra
2025-05-28 13:30 ` Jürgen Groß
2025-05-28 15:58 ` Peter Zijlstra
2025-05-28 16:17 ` Peter Zijlstra
2025-05-28 17:24 ` Mike Rapoport
2025-05-28 17:31 ` Mike Rapoport
2025-06-03 11:17 ` Mike Rapoport
2025-05-29 4:09 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=044f0048-95bb-4822-978e-a23528f3891f@suse.com \
--to=jgross@suse.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox