From: Christophe LEROY <christophe.leroy@c-s.fr>
To: Michael Ellerman <mpe@ellerman.id.au>,
"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Scott Wood <oss@buserror.net>, Paul Mackerras <paulus@samba.org>
Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v2 3/3] powerpc/mm: Implement CONFIG_DEBUG_RODATA on PPC32
Date: Mon, 24 Apr 2017 16:31:01 +0200 [thread overview]
Message-ID: <f66cbe74-b3ce-e471-ad14-ecb729fe7601@c-s.fr> (raw)
In-Reply-To: <87bmrna08j.fsf@concordia.ellerman.id.au>
Le 23/04/2017 à 12:26, Michael Ellerman a écrit :
> christophe leroy <christophe.leroy@c-s.fr> writes:
>
>> Le 22/04/2017 à 08:08, Michael Ellerman a écrit :
>>> "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> writes:
>>>> Excerpts from Christophe Leroy's message of April 21, 2017 18:32:
>>>>> diff --git a/arch/powerpc/kernel/ftrace.c
>>>>> b/arch/powerpc/kernel/ftrace.c
>>>>> index 32509de6ce4c..06d2ac53f471 100644
>>>>> --- a/arch/powerpc/kernel/ftrace.c
>>>>> +++ b/arch/powerpc/kernel/ftrace.c
>>>>> @@ -46,6 +46,7 @@ static int
>>>>> @@ -67,10 +68,11 @@ ftrace_modify_code(unsigned long ip, unsigned int old, unsigned int new)
>>>>> }
>>>>>
>>>>> /* replace the text with the new text */
>>>>> - if (patch_instruction((unsigned int *)ip, new))
>>>>> - return -EPERM;
>>>>> + set_kernel_text_rw(ip);
>>>>> + err = patch_instruction((unsigned int *)ip, new);
>>>>> + set_kernel_text_ro(ip);
>>>>
>>>> Is there a reason to not put those inside patch_instruction()?
>>>
>>> Yes and no.
>>>
>>> patch_instruction() is called quite early from apply_feature_fixups(), I
>>> haven't looked closely but I suspect the set_kernel_text_rx() routines
>>> won't work that early.
>>>
>>> But on the other hand patch_instruction() is used by things other than
>>> ftrace, like jump labels, so we probably want the rw/ro setting in there
>>> so that we don't have to go and fixup jump labels etc.
>>>
>>> So probably we need a raw_patch_instruction() which does just the
>>> patching (what patch_instruction() does now), and can be used early in
>>> boot. And then patch_instruction() would have the rw/ro change in it, so
>>> that all users of it are OK.
>>>
>>> eg ~=:
>>>
>>> int raw_patch_instruction(unsigned int *addr, unsigned int instr)
>>> {
>>> ...
>>> }
>>>
>>> int patch_instruction(unsigned int *addr, unsigned int instr)
>>> {
>>> int err;
>>>
>>> set_kernel_text_rw(ip);
>>> err = raw_patch_instruction((unsigned int *)ip, new);
>>> set_kernel_text_ro(ip);
>>>
>>> return err;
>>> }
>>
>> Shouldn't we then also have some kind of protection against parallel use
>> of patch_instruction() like a spin_lock_irqsave(), or is it garantied
>> not to happen for other reasons ?
>>
>> Otherwise, we might end up with one instance setting back the kernel
>> text to RO while the other one has just put it RW and is about to patch
>> the instruction.
>
> Yes it'd need some locking for sure.
>
> "Locking left as an exercise for the reader." ;)
>
> cheers
>
Not so easy indeed as patch_instruction() is called from many higher
level functions like patch_branch() which are themselves called from
other functions like do_features_fixup() which are called during init
but also when loading a module for instance.
It is therefore not easy to implement it via a raw_patch_instruction()
as proposed.
So I took another approach, taken from x86: a static bool tells whether
kernel text has been put in RO yet or not. Until this,
set_kernel_text_ro/rw() return without doing anything.
As for the locking, I put a spin_lock_irqsave() as I was not sure
whether patch_instruction() can be called during interrupts or not.
Christophe
prev parent reply other threads:[~2017-04-24 14:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-21 13:02 [PATCH v2 0/3] powerpc/mm: Fix kernel protection and implement CONFIG_DEBUG_RODATA on PPC32 Christophe Leroy
2017-04-21 13:02 ` [PATCH v2 1/3] powerpc/mm: Ensure change_page_attr() doesn't invalidate pinned TLBs Christophe Leroy
2017-04-21 13:02 ` [PATCH v2 2/3] powerpc/mm: Fix kernel RAM protection after freeing unused memory on PPC32 Christophe Leroy
2017-04-21 13:02 ` [PATCH v2 3/3] powerpc/mm: Implement CONFIG_DEBUG_RODATA " Christophe Leroy
[not found] ` <97d45054364142af48b8767f9f9e115504d7568b.1492778567.git.christophe.leroy@c-s .fr>
2017-04-21 13:32 ` Naveen N. Rao
2017-04-22 6:08 ` Michael Ellerman
2017-04-22 6:58 ` christophe leroy
2017-04-23 10:26 ` Michael Ellerman
2017-04-24 14:31 ` Christophe LEROY [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f66cbe74-b3ce-e471-ad14-ecb729fe7601@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=benh@kernel.crashing.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=naveen.n.rao@linux.vnet.ibm.com \
--cc=oss@buserror.net \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).