From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: [PATCH v2 10/20] x86: avoid W^X being broken during modules loading From: Nadav Amit In-Reply-To: <20190211182956.GN19618@zn.tnic> Date: Mon, 11 Feb 2019 10:45:26 -0800 Content-Transfer-Encoding: 7bit Message-Id: <1533F2BB-2284-499B-9912-6D74D0B87BC1@gmail.com> References: <20190129003422.9328-1-rick.p.edgecombe@intel.com> <20190129003422.9328-11-rick.p.edgecombe@intel.com> <20190211182956.GN19618@zn.tnic> To: Borislav Petkov Cc: Rick Edgecombe , Andy Lutomirski , Ingo Molnar , LKML , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Dave Hansen , Peter Zijlstra , Damian Tometzki , linux-integrity , LSM List , Andrew Morton , Kernel Hardening , Linux-MM , Will Deacon , Ard Biesheuvel , Kristen Carlson Accardi , "Dock, Deneen T" , Kees Cook , Dave Hansen , Masami Hiramatsu List-ID: > On Feb 11, 2019, at 10:29 AM, Borislav Petkov wrote: > >> diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c >> index 76d482a2b716..69f3e650ada8 100644 >> --- a/arch/x86/kernel/alternative.c >> +++ b/arch/x86/kernel/alternative.c >> @@ -667,15 +667,29 @@ void __init alternative_instructions(void) >> * handlers seeing an inconsistent instruction while you patch. >> */ >> void *__init_or_module text_poke_early(void *addr, const void *opcode, >> - size_t len) >> + size_t len) >> { >> unsigned long flags; >> - local_irq_save(flags); >> - memcpy(addr, opcode, len); >> - local_irq_restore(flags); >> - sync_core(); >> - /* Could also do a CLFLUSH here to speed up CPU recovery; but >> - that causes hangs on some VIA CPUs. */ >> + >> + if (static_cpu_has(X86_FEATURE_NX) && > > Not a fast path - boot_cpu_has() is fine here. Are you sure about that? This path is still used when modules are loaded.