From: Nadav Amit <namit@vmware.com> To: Peter Zijlstra <peterz@infradead.org>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com> Cc: <linux-kernel@vger.kernel.org>, <x86@kernel.org>, <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, Nadav Amit <nadav.amit@gmail.com>, Dave Hansen <dave.hansen@linux.intel.com>, <linux_dti@icloud.com>, <linux-integrity@vger.kernel.org>, <linux-security-module@vger.kernel.org>, <akpm@linux-foundation.org>, <kernel-hardening@lists.openwall.com>, <linux-mm@kvack.org>, <will.deacon@arm.com>, <ard.biesheuvel@linaro.org>, <kristen@linux.intel.com>, <deneen.t.dock@intel.com>, Rick Edgecombe <rick.p.edgecombe@intel.com>, Nadav Amit <namit@vmware.com>, Masami Hiramatsu <mhiramat@kernel.org> Subject: [PATCH v5 21/23] x86/alternative: Comment about module removal races Date: Thu, 25 Apr 2019 17:11:41 -0700 [thread overview] Message-ID: <20190426001143.4983-22-namit@vmware.com> (raw) In-Reply-To: <20190426001143.4983-1-namit@vmware.com> Add a comment to clarify that users of text_poke() must ensure that no races with module removal take place. Cc: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Nadav Amit <namit@vmware.com> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> --- arch/x86/kernel/alternative.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 18f959975ea0..7b9b49dfc05a 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -810,6 +810,11 @@ static void *__text_poke(void *addr, const void *opcode, size_t len) * It means the size must be writable atomically and the address must be aligned * in a way that permits an atomic write. It also makes sure we fit on a single * page. + * + * Note that the caller must ensure that if the modified code is part of a + * module, the module would not be removed during poking. This can be achieved + * by registering a module notifier, and ordering module removal and patching + * trough a mutex. */ void *text_poke(void *addr, const void *opcode, size_t len) { -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Nadav Amit <namit@vmware.com> To: Peter Zijlstra <peterz@infradead.org>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com> Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hpa@zytor.com, Thomas Gleixner <tglx@linutronix.de>, Nadav Amit <nadav.amit@gmail.com>, Dave Hansen <dave.hansen@linux.intel.com>, linux_dti@icloud.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, akpm@linux-foundation.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, will.deacon@arm.com, ard.biesheuvel@linaro.org, kristen@linux.intel.com, deneen.t.dock@intel.com, Rick Edgecombe <rick.p.edgecombe@intel.com>, Nadav Amit <namit@vmware.com>, Masami Hiramatsu <mhiramat@kernel.org> Subject: [PATCH v5 21/23] x86/alternative: Comment about module removal races Date: Thu, 25 Apr 2019 17:11:41 -0700 [thread overview] Message-ID: <20190426001143.4983-22-namit@vmware.com> (raw) In-Reply-To: <20190426001143.4983-1-namit@vmware.com> Add a comment to clarify that users of text_poke() must ensure that no races with module removal take place. Cc: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Nadav Amit <namit@vmware.com> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> --- arch/x86/kernel/alternative.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 18f959975ea0..7b9b49dfc05a 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -810,6 +810,11 @@ static void *__text_poke(void *addr, const void *opcode, size_t len) * It means the size must be writable atomically and the address must be aligned * in a way that permits an atomic write. It also makes sure we fit on a single * page. + * + * Note that the caller must ensure that if the modified code is part of a + * module, the module would not be removed during poking. This can be achieved + * by registering a module notifier, and ordering module removal and patching + * trough a mutex. */ void *text_poke(void *addr, const void *opcode, size_t len) { -- 2.17.1
next prev parent reply other threads:[~2019-04-26 7:32 UTC|newest] Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-04-26 0:11 [PATCH v5 00/23] x86: text_poke() fixes and executable lockdowns Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-26 0:11 ` [PATCH v5 01/23] Fix "x86/alternatives: Lockdep-enforce text_mutex in text_poke*()" Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:13 ` [tip:x86/mm] x86/alternatives: Add text_poke_kgdb() to not assert the lock when debugging tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 02/23] x86/jump_label: Use text_poke_early() during early init Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:15 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 03/23] x86/mm: Introduce temporary mm structs Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:16 ` [tip:x86/mm] " tip-bot for Andy Lutomirski 2019-04-26 0:11 ` [PATCH v5 04/23] x86/mm: Save debug registers when loading a temporary mm Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:17 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 05/23] fork: Provide a function for copying init_mm Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:18 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 06/23] x86/alternative: Initialize temporary mm for patching Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-26 0:11 ` [PATCH v5 07/23] x86/alternative: Use temporary mm for text poking Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:20 ` [tip:x86/mm] x86/alternatives: " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 08/23] x86/kgdb: Avoid redundant comparison of patched code Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:20 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 09/23] x86/ftrace: Set trampoline pages as executable Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:21 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 10/23] x86/kprobes: Set instruction page " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:22 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 11/23] x86/module: Avoid breaking W^X while loading modules Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:22 ` [tip:x86/mm] x86/modules: " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 12/23] x86/jump-label: Remove support for custom poker Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:23 ` [tip:x86/mm] x86/jump-label: Remove support for custom text poker tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 13/23] x86/alternative: Remove the return value of text_poke_*() Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:24 ` [tip:x86/mm] x86/alternatives: " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 14/23] x86/mm/cpa: Add set_direct_map_ functions Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-26 16:40 ` Linus Torvalds 2019-04-26 16:40 ` Linus Torvalds 2019-04-26 16:43 ` Nadav Amit 2019-04-30 11:24 ` [tip:x86/mm] x86/mm/cpa: Add set_direct_map_*() functions tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 15/23] mm: Make hibernate handle unmapped pages Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:25 ` [tip:x86/mm] mm/hibernation: Make hibernation " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 16/23] vmalloc: Add flag for free of special permsissions Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:26 ` [tip:x86/mm] mm/vmalloc: Add flag for freeing " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 17/23] modules: Use vmalloc special flag Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:26 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 18/23] bpf: " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:27 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 19/23] x86/ftrace: " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:28 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` [PATCH v5 20/23] x86/kprobes: " Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:28 ` [tip:x86/mm] " tip-bot for Rick Edgecombe 2019-04-26 0:11 ` Nadav Amit [this message] 2019-04-26 0:11 ` [PATCH v5 21/23] x86/alternative: Comment about module removal races Nadav Amit 2019-04-30 11:29 ` [tip:x86/mm] x86/alternatives: Add comment " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 22/23] mm/tlb: Provide default nmi_uaccess_okay() Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:14 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 0:11 ` [PATCH v5 23/23] bpf: Fail bpf_probe_write_user() while mm is switched Nadav Amit 2019-04-26 0:11 ` Nadav Amit 2019-04-30 11:15 ` [tip:x86/mm] " tip-bot for Nadav Amit 2019-04-26 12:36 ` [PATCH v5 00/23] x86: text_poke() fixes and executable lockdowns Peter Zijlstra
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190426001143.4983-22-namit@vmware.com \ --to=namit@vmware.com \ --cc=akpm@linux-foundation.org \ --cc=ard.biesheuvel@linaro.org \ --cc=bp@alien8.de \ --cc=dave.hansen@linux.intel.com \ --cc=deneen.t.dock@intel.com \ --cc=hpa@zytor.com \ --cc=kernel-hardening@lists.openwall.com \ --cc=kristen@linux.intel.com \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-security-module@vger.kernel.org \ --cc=linux_dti@icloud.com \ --cc=luto@kernel.org \ --cc=mhiramat@kernel.org \ --cc=mingo@redhat.com \ --cc=nadav.amit@gmail.com \ --cc=peterz@infradead.org \ --cc=rick.p.edgecombe@intel.com \ --cc=tglx@linutronix.de \ --cc=will.deacon@arm.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.