From: Nadav Amit <namit@vmware.com> To: Peter Zijlstra <peterz@infradead.org>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com> Cc: <linux-kernel@vger.kernel.org>, <x86@kernel.org>, <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, Nadav Amit <nadav.amit@gmail.com>, Dave Hansen <dave.hansen@linux.intel.com>, <linux_dti@icloud.com>, <linux-integrity@vger.kernel.org>, <linux-security-module@vger.kernel.org>, <akpm@linux-foundation.org>, <kernel-hardening@lists.openwall.com>, <linux-mm@kvack.org>, <will.deacon@arm.com>, <ard.biesheuvel@linaro.org>, <kristen@linux.intel.com>, <deneen.t.dock@intel.com>, Rick Edgecombe <rick.p.edgecombe@intel.com>, Nadav Amit <namit@vmware.com>, Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@intel.com>, Masami Hiramatsu <mhiramat@kernel.org> Subject: [PATCH v5 12/23] x86/jump-label: Remove support for custom poker Date: Thu, 25 Apr 2019 17:11:32 -0700 [thread overview] Message-ID: <20190426001143.4983-13-namit@vmware.com> (raw) In-Reply-To: <20190426001143.4983-1-namit@vmware.com> There are only two types of poking: early and breakpoint based. The use of a function pointer to perform poking complicates the code and is probably inefficient due to the use of indirect branches. Cc: Andy Lutomirski <luto@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Nadav Amit <namit@vmware.com> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> --- arch/x86/kernel/jump_label.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/arch/x86/kernel/jump_label.c b/arch/x86/kernel/jump_label.c index e7d8c636b228..e631c358f7f4 100644 --- a/arch/x86/kernel/jump_label.c +++ b/arch/x86/kernel/jump_label.c @@ -37,7 +37,6 @@ static void bug_at(unsigned char *ip, int line) static void __ref __jump_label_transform(struct jump_entry *entry, enum jump_label_type type, - void *(*poker)(void *, const void *, size_t), int init) { union jump_code_union jmp; @@ -50,14 +49,6 @@ static void __ref __jump_label_transform(struct jump_entry *entry, jmp.offset = jump_entry_target(entry) - (jump_entry_code(entry) + JUMP_LABEL_NOP_SIZE); - /* - * As long as only a single processor is running and the code is still - * not marked as RO, text_poke_early() can be used; Checking that - * system_state is SYSTEM_BOOTING guarantees it. - */ - if (system_state == SYSTEM_BOOTING) - poker = text_poke_early; - if (type == JUMP_LABEL_JMP) { if (init) { expect = default_nop; line = __LINE__; @@ -80,16 +71,19 @@ static void __ref __jump_label_transform(struct jump_entry *entry, bug_at((void *)jump_entry_code(entry), line); /* - * Make text_poke_bp() a default fallback poker. + * As long as only a single processor is running and the code is still + * not marked as RO, text_poke_early() can be used; Checking that + * system_state is SYSTEM_BOOTING guarantees it. It will be set to + * SYSTEM_SCHEDULING before other cores are awaken and before the + * code is write-protected. * * At the time the change is being done, just ignore whether we * are doing nop -> jump or jump -> nop transition, and assume * always nop being the 'currently valid' instruction - * */ - if (poker) { - (*poker)((void *)jump_entry_code(entry), code, - JUMP_LABEL_NOP_SIZE); + if (init || system_state == SYSTEM_BOOTING) { + text_poke_early((void *)jump_entry_code(entry), code, + JUMP_LABEL_NOP_SIZE); return; } @@ -101,7 +95,7 @@ void arch_jump_label_transform(struct jump_entry *entry, enum jump_label_type type) { mutex_lock(&text_mutex); - __jump_label_transform(entry, type, NULL, 0); + __jump_label_transform(entry, type, 0); mutex_unlock(&text_mutex); } @@ -131,5 +125,5 @@ __init_or_module void arch_jump_label_transform_static(struct jump_entry *entry, jlstate = JL_STATE_NO_UPDATE; } if (jlstate == JL_STATE_UPDATE) - __jump_label_transform(entry, type, text_poke_early, 1); + __jump_label_transform(entry, type, 1); } -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Nadav Amit <namit@vmware.com> To: Peter Zijlstra <peterz@infradead.org>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com> Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hpa@zytor.com, Thomas Gleixner <tglx@linutronix.de>, Nadav Amit <nadav.amit@gmail.com>, Dave Hansen <dave.hansen@linux.intel.com>, linux_dti@icloud.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, akpm@linux-foundation.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, will.deacon@arm.com, ard.biesheuvel@linaro.org, kristen@linux.intel.com, deneen.t.dock@intel.com, Rick Edgecombe <rick.p.edgecombe@intel.com>, Nadav Amit <namit@vmware.com>, Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@intel.com>, Masami Hiramatsu <mhiramat@kernel.org> Subject: [PATCH v5 12/23] x86/jump-label: Remove support for custom poker Date: Thu, 25 Apr 2019 17:11:32 -0700 [thread overview] Message-ID: <20190426001143.4983-13-namit@vmware.com> (raw) In-Reply-To: <20190426001143.4983-1-namit@vmware.com> There are only two types of poking: early and breakpoint based. The use of a function pointer to perform poking complicates the code and is probably inefficient due to the use of indirect branches. Cc: Andy Lutomirski <luto@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Nadav Amit <namit@vmware.com> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> --- arch/x86/kernel/jump_label.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/arch/x86/kernel/jump_label.c b/arch/x86/kernel/jump_label.c index e7d8c636b228..e631c358f7f4 100644 --- a/arch/x86/kernel/jump_label.c +++ b/arch/x86/kernel/jump_label.c @@ -37,7 +37,6 @@ static void bug_at(unsigned char *ip, int line) static void __ref __jump_label_transform(struct jump_entry *entry, enum jump_label_type type, - void *(*poker)(void *, const void *, size_t), int init) { union jump_code_union jmp; @@ -50,14 +49,6 @@ static void __ref __jump_label_transform(struct jump_entry *entry, jmp.offset = jump_entry_target(entry) - (jump_entry_code(entry) + JUMP_LABEL_NOP_SIZE); - /* - * As long as only a single processor is running and the code is still - * not marked as RO, text_poke_early() can be used; Checking that - * system_state is SYSTEM_BOOTING guarantees it. - */ - if (system_state == SYSTEM_BOOTING) - poker = text_poke_early; - if (type == JUMP_LABEL_JMP) { if (init) { expect = default_nop; line = __LINE__; @@ -80,16 +71,19 @@ static void __ref __jump_label_transform(struct jump_entry *entry, bug_at((void *)jump_entry_code(entry), line); /* - * Make text_poke_bp() a default fallback poker. + * As long as only a single processor is running and the code is still + * not marked as RO, text_poke_early() can be used; Checking that + * system_state is SYSTEM_BOOTING guarantees it. It will be set to + * SYSTEM_SCHEDULING before other cores are awaken and before the + * code is write-protected. * * At the time the change is being done, just ignore whether we * are doing nop -> jump or jump -> nop transition, and assume * always nop being the 'currently valid' instruction - * */ - if (poker) { - (*poker)((void *)jump_entry_code(entry), code, - JUMP_LABEL_NOP_SIZE); + if (init || system_state == SYSTEM_BOOTING) { + text_poke_early((void *)jump_entry_code(entry), code, + JUMP_LABEL_NOP_SIZE); return; } @@ -101,7 +95,7 @@ void arch_jump_label_transform(struct jump_entry *entry, enum jump_label_type type) { mutex_lock(&text_mutex); - __jump_label_transform(entry, type, NULL, 0); + __jump_label_transform(entry, type, 0); mutex_unlock(&text_mutex); } @@ -131,5 +125,5 @@ __init_or_module void arch_jump_label_transform_static(struct jump_entry *entry, jlstate = JL_STATE_NO_UPDATE; } if (jlstate == JL_STATE_UPDATE) - __jump_label_transform(entry, type, text_poke_early, 1); + __jump_label_transform(entry, type, 1); } -- 2.17.1
next prev parent reply other threads:[~2019-04-26 7:32 UTC|newest] Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-04-26 0:11 [PATCH v5 00/23] x86: text_poke() fixes and executable lockdowns Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-26 0:11 ` [PATCH v5 01/23] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()" Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:13 ` [tip:x86/mm] x86/alternatives: Add text_poke_kgdb() to not assert the lock when debugging tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 02/23] x86/jump_label: Use text_poke_early() during early init Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:15 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 03/23] x86/mm: Introduce temporary mm structs Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:16 ` [tip:x86/mm] " tip-bot for Andy Lutomirski 2019-04-26 0:11 ` [PATCH v5 04/23] x86/mm: Save debug registers when loading a temporary mm Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:17 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 05/23] fork: Provide a function for copying init_mm Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:18 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 06/23] x86/alternative: Initialize temporary mm for patching Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-26 0:11 ` [PATCH v5 07/23] x86/alternative: Use temporary mm for text poking Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:20 ` [tip:x86/mm] x86/alternatives: " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 08/23] x86/kgdb: Avoid redundant comparison of patched code Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:20 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 09/23] x86/ftrace: Set trampoline pages as executable Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:21 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 10/23] x86/kprobes: Set instruction page " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:22 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 11/23] x86/module: Avoid breaking W^X while loading modules Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:22 ` [tip:x86/mm] x86/modules: " tip-bot for Nadav Amit 2019-04-26 0:11 ` Nadav Amit [this message] 2019-04-26 0:11 ` [PATCH v5 12/23] x86/jump-label: Remove support for custom poker Nadav Amit 2019-04-30 11:23 ` [tip:x86/mm] x86/jump-label: Remove support for custom text poker tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 13/23] x86/alternative: Remove the return value of text_poke_*() Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:24 ` [tip:x86/mm] x86/alternatives: " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 14/23] x86/mm/cpa: Add set_direct_map_ functions Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-26 16:40 ` Linus Torvalds 2019-04-26 16:40 ` Linus Torvalds 2019-04-26 16:43 ` Nadav Amit 2019-04-30 11:24 ` [tip:x86/mm] x86/mm/cpa: Add set_direct_map_*() functions tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 15/23] mm: Make hibernate handle unmapped pages Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:25 ` [tip:x86/mm] mm/hibernation: Make hibernation " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 16/23] vmalloc: Add flag for free of special permsissions Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:26 ` [tip:x86/mm] mm/vmalloc: Add flag for freeing " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 17/23] modules: Use vmalloc special flag Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:26 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 18/23] bpf: " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:27 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 19/23] x86/ftrace: " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:28 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 20/23] x86/kprobes: " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:28 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 21/23] x86/alternative: Comment about module removal races Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:29 ` [tip:x86/mm] x86/alternatives: Add comment " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 22/23] mm/tlb: Provide default nmi_uaccess_okay() Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:14 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 23/23] bpf: Fail bpf_probe_write_user() while mm is switched Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:15 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 12:36 ` [PATCH v5 00/23] x86: text_poke() fixes and executable lockdowns Peter Zijlstra
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190426001143.4983-13-namit@vmware.com \ --to=namit@vmware.com \ --cc=akpm@linux-foundation.org \ --cc=ard.biesheuvel@linaro.org \ --cc=bp@alien8.de \ --cc=dave.hansen@intel.com \ --cc=dave.hansen@linux.intel.com \ --cc=deneen.t.dock@intel.com \ --cc=hpa@zytor.com \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=kristen@linux.intel.com \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-security-module@vger.kernel.org \ --cc=linux_dti@icloud.com \ --cc=luto@kernel.org \ --cc=mhiramat@kernel.org \ --cc=mingo@redhat.com \ --cc=nadav.amit@gmail.com \ --cc=peterz@infradead.org \ --cc=rick.p.edgecombe@intel.com \ --cc=tglx@linutronix.de \ --cc=will.deacon@arm.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.