From: Balbir Singh <bsingharora@gmail.com>
To: "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>,
Anshuman Khandual <khandual@linux.vnet.ibm.com>
Cc: linuxppc-dev@lists.ozlabs.org, mpe@ellerman.id.au
Subject: Re: [RFC 0/2] Consolidate patch_instruction
Date: Wed, 17 May 2017 11:23:48 +1000 [thread overview]
Message-ID: <1494984228.30802.2.camel@gmail.com> (raw)
In-Reply-To: <20170516134141.GB19390@naverao1-tp.localdomain>
On Tue, 2017-05-16 at 19:11 +0530, Naveen N. Rao wrote:
> On 2017/05/16 10:56AM, Anshuman Khandual wrote:
> > On 05/16/2017 09:19 AM, Balbir Singh wrote:
> > > patch_instruction is enhanced in this RFC to support
> > > patching via a different virtual address (text_poke_area).
> >
> > Why writing instruction directly into the address is not
> > sufficient and need to go through this virtual address ?
>
> To enable KERNEL_STRICT_RWX and map all of kernel text to be read-only?
>
Precisely, the rest of the bits are still being developed.
> >
> > > The mapping of text_poke_area->addr is RW and not RWX.
> > > This way the mapping allows write for patching and then we tear
> > > down the mapping. The downside is that we introduce a spinlock
> > > which serializes our patching to one patch at a time.
> >
> > So whats the benifits we get otherwise in this approach when
> > we are adding a new lock into the equation.
>
> Instruction patching isn't performance critical, so the slow down is
> likely not noticeable. Marking kernel text read-only helps harden the
> kernel by catching unintended code modifications whether through
> exploits or through bugs.
>
Precisely!
Balbir Singh.
next prev parent reply other threads:[~2017-05-17 1:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-16 3:49 [RFC 0/2] Consolidate patch_instruction Balbir Singh
2017-05-16 3:49 ` [RFC 1/2] powerpc/lib/code-patching: Enhance code patching Balbir Singh
2017-05-16 3:49 ` [RFC 2/2] powerpc/kprobes: Move kprobes over to patch_instruction Balbir Singh
2017-05-16 13:35 ` Naveen N. Rao
2017-05-17 1:40 ` Balbir Singh
2017-05-30 14:28 ` Naveen N. Rao
2017-05-16 5:26 ` [RFC 0/2] Consolidate patch_instruction Anshuman Khandual
2017-05-16 13:41 ` Naveen N. Rao
2017-05-17 1:23 ` Balbir Singh [this message]
2017-05-16 20:20 ` LEROY Christophe
2017-05-17 2:10 ` Balbir Singh
2017-05-17 7:04 ` LEROY Christophe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1494984228.30802.2.camel@gmail.com \
--to=bsingharora@gmail.com \
--cc=khandual@linux.vnet.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=naveen.n.rao@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.