[v3,1/7] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()"
diff mbox series

Message ID 20181102232946.98461-2-namit@vmware.com
State New
Headers show
Series
  • x86/alternatives: text_poke() fixes
Related show

Commit Message

Nadav Amit Nov. 2, 2018, 11:29 p.m. UTC
text_mutex is expected to be held before text_poke() is called, but we
cannot add a lockdep assertion since kgdb does not take it, and instead
*supposedly* ensures the lock is not taken and will not be acquired by
any other core while text_poke() is running.

The reason for the "supposedly" comment is that it is not entirely clear
that this would be the case if gdb_do_roundup is zero.

Add a comment to clarify this behavior, and restore the assertions as
they were before the recent commit.

This partially reverts commit 9222f606506c ("x86/alternatives:
Lockdep-enforce text_mutex in text_poke*()")

Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Fixes: 9222f606506c ("x86/alternatives: Lockdep-enforce text_mutex in text_poke*()")
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Masami Hiramatsu <mhiramat@kernel.org>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Nadav Amit <namit@vmware.com>
---
 arch/x86/kernel/alternative.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Comments

Jiri Kosina Nov. 3, 2018, 10:11 a.m. UTC | #1
On Fri, 2 Nov 2018, Nadav Amit wrote:

> text_mutex is expected to be held before text_poke() is called, but we
> cannot add a lockdep assertion since kgdb does not take it, and instead
> *supposedly* ensures the lock is not taken and will not be acquired by
> any other core while text_poke() is running.
> 
> The reason for the "supposedly" comment is that it is not entirely clear
> that this would be the case if gdb_do_roundup is zero.
> 
> Add a comment to clarify this behavior, and restore the assertions as
> they were before the recent commit.
> 
> This partially reverts commit 9222f606506c ("x86/alternatives:
> Lockdep-enforce text_mutex in text_poke*()")

Alright, what can we do. It's probably better to have this, rather than to 
trying to work this around in kgdb to accomodate the rest of the world.

> Cc: Jiri Kosina <jkosina@suse.cz>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Dave Hansen <dave.hansen@intel.com>
> Fixes: 9222f606506c ("x86/alternatives: Lockdep-enforce text_mutex in text_poke*()")
> Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
> Tested-by: Masami Hiramatsu <mhiramat@kernel.org>
> Suggested-by: Peter Zijlstra <peterz@infradead.org>
> Signed-off-by: Nadav Amit <namit@vmware.com>

Acked-by: Jiri Kosina <jkosina@suse.cz>

Thanks,
Thomas Gleixner Nov. 4, 2018, 8:58 p.m. UTC | #2
On Fri, 2 Nov 2018, Nadav Amit wrote:

> text_mutex is expected to be held before text_poke() is called, but we
> cannot add a lockdep assertion since kgdb does not take it, and instead
> *supposedly* ensures the lock is not taken and will not be acquired by
> any other core while text_poke() is running.
> 
> The reason for the "supposedly" comment is that it is not entirely clear
> that this would be the case if gdb_do_roundup is zero.
> 
> Add a comment to clarify this behavior, and restore the assertions as
> they were before the recent commit.

It restores nothing. It just removes the assertion.

> This partially reverts commit 9222f606506c ("x86/alternatives:
> Lockdep-enforce text_mutex in text_poke*()")

That opens up the same can of worms again, which took us a while to close.

Can we please instead split out the text_poke() code into a helper function
and have two callers:

    text_poke() which contains the assert

    text_poke_kgdb() which does not

Thanks,

	tglx
Nadav Amit Nov. 5, 2018, 6:14 p.m. UTC | #3
From: Thomas Gleixner
Sent: November 4, 2018 at 8:58:20 PM GMT
> To: Nadav Amit <namit@vmware.com>
> Cc: Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org>, x86@kernel.org>, H. Peter Anvin <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, Jiri Kosina <jkosina@suse.cz>, Andy Lutomirski <luto@kernel.org>, Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@intel.com>
> Subject: Re: [PATCH v3 1/7] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()"
> 
> 
> On Fri, 2 Nov 2018, Nadav Amit wrote:
> 
>> text_mutex is expected to be held before text_poke() is called, but we
>> cannot add a lockdep assertion since kgdb does not take it, and instead
>> *supposedly* ensures the lock is not taken and will not be acquired by
>> any other core while text_poke() is running.
>> 
>> The reason for the "supposedly" comment is that it is not entirely clear
>> that this would be the case if gdb_do_roundup is zero.
>> 
>> Add a comment to clarify this behavior, and restore the assertions as
>> they were before the recent commit.
> 
> It restores nothing. It just removes the assertion.

Sorry - wrong commit log. There were no other assertions before. 

> 
>> This partially reverts commit 9222f606506c ("x86/alternatives:
>> Lockdep-enforce text_mutex in text_poke*()")
> 
> That opens up the same can of worms again, which took us a while to close.

I’m surprised. This patch only removes one assertion that was added two
months ago.

> Can we please instead split out the text_poke() code into a helper function
> and have two callers:
> 
>    text_poke() which contains the assert
> 
>    text_poke_kgdb() which does not

Sure. I will send another version once I realize how to deal with the other
concerns that Peter and Andy raised.

Regards,
Nadav

Patch
diff mbox series

diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index ebeac487a20c..1511d96d2e69 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -688,6 +688,11 @@  void *__init_or_module text_poke_early(void *addr, const void *opcode,
  * It means the size must be writable atomically and the address must be aligned
  * in a way that permits an atomic write. It also makes sure we fit on a single
  * page.
+ *
+ * Context: Must be called under text_mutex. kgdb is an exception: it does not
+ *	    hold the mutex, as it *supposedly* ensures that no other core is
+ *	    holding the mutex and ensures that none of them will acquire the
+ *	    mutex while the code runs.
  */
 void *text_poke(void *addr, const void *opcode, size_t len)
 {
@@ -702,8 +707,6 @@  void *text_poke(void *addr, const void *opcode, size_t len)
 	 */
 	BUG_ON(!after_bootmem);
 
-	lockdep_assert_held(&text_mutex);
-
 	if (!core_kernel_text((unsigned long)addr)) {
 		pages[0] = vmalloc_to_page(addr);
 		pages[1] = vmalloc_to_page(addr + PAGE_SIZE);