Currently code that wants to use set_memory_ro() etc, needs to include
asm/set_memory.h, which doesn't exist on all arches. Some code knows
it only builds on arches which have the header, other code guards the
inclusion with an #ifdef, neither is ideal.
So create linux/set_memory.h. This always exists, so users don't need
an #ifdef just to include the header.
When CONFIG_ARCH_HAS_SET_MEMORY=y it includes asm/set_memory.h,
otherwise it provides empty non-failing implementations.
Signed-off-by: Michael Ellerman <[email protected]>
---
include/linux/set_memory.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 include/linux/set_memory.h
Does this look OK to people? If so it would be great if someone, Kees?,
Andrew?, could pick up patch 1 (it's a nop by itself) and then we can send the
conversions separately later in the merge window?
cheers
diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h
new file mode 100644
index 000000000000..e5140648f638
--- /dev/null
+++ b/include/linux/set_memory.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2017, Michael Ellerman, IBM Corporation.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation;
+ */
+#ifndef _LINUX_SET_MEMORY_H_
+#define _LINUX_SET_MEMORY_H_
+
+#ifdef CONFIG_ARCH_HAS_SET_MEMORY
+#include <asm/set_memory.h>
+#else
+static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; }
+static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; }
+static inline int set_memory_x(unsigned long addr, int numpages) { return 0; }
+static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; }
+#endif
+
+#endif /* _LINUX_SET_MEMORY_H_ */
--
2.7.4
This header always exists, so doesn't require an ifdef around its
inclusion. When CONFIG_ARCH_HAS_SET_MEMORY=y it includes the asm header,
otherwise it provides empty versions of the set_memory_xx() routines.
Signed-off-by: Michael Ellerman <[email protected]>
---
include/linux/filter.h | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 1fa26dc562ce..54f26e9c6472 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -16,13 +16,10 @@
#include <linux/sched.h>
#include <linux/capability.h>
#include <linux/cryptohash.h>
+#include <linux/set_memory.h>
#include <net/sch_generic.h>
-#ifdef CONFIG_ARCH_HAS_SET_MEMORY
-#include <asm/set_memory.h>
-#endif
-
#include <uapi/linux/filter.h>
#include <uapi/linux/bpf.h>
--
2.7.4
This header always exists, so doesn't require an ifdef around its
inclusion. When CONFIG_ARCH_HAS_SET_MEMORY=y it includes the asm header,
otherwise it provides empty versions of the set_memory_xx() routines.
The usages of set_memory_xx() are still guarded by CONFIG_STRICT_MODULE_RWX.
Signed-off-by: Michael Ellerman <[email protected]>
---
kernel/module.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/kernel/module.c b/kernel/module.c
index d0a723ebe75c..e7696b25db30 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -49,9 +49,7 @@
#include <linux/rculist.h>
#include <linux/uaccess.h>
#include <asm/cacheflush.h>
-#ifdef CONFIG_STRICT_MODULE_RWX
-#include <asm/set_memory.h>
-#endif
+#include <linux/set_memory.h>
#include <asm/mmu_context.h>
#include <linux/license.h>
#include <asm/sections.h>
--
2.7.4
This header always exists, so doesn't require an ifdef around its
inclusion. When CONFIG_ARCH_HAS_SET_MEMORY=y it includes the asm header,
otherwise it provides empty versions of the set_memory_xx() routines.
Signed-off-by: Michael Ellerman <[email protected]>
---
kernel/power/snapshot.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
index b7708e319941..222317721c5a 100644
--- a/kernel/power/snapshot.c
+++ b/kernel/power/snapshot.c
@@ -30,15 +30,13 @@
#include <linux/slab.h>
#include <linux/compiler.h>
#include <linux/ktime.h>
+#include <linux/set_memory.h>
#include <linux/uaccess.h>
#include <asm/mmu_context.h>
#include <asm/pgtable.h>
#include <asm/tlbflush.h>
#include <asm/io.h>
-#ifdef CONFIG_ARCH_HAS_SET_MEMORY
-#include <asm/set_memory.h>
-#endif
#include "power.h"
--
2.7.4
On 06/29/2017 08:29 AM, Michael Ellerman wrote:
> This header always exists, so doesn't require an ifdef around its
> inclusion. When CONFIG_ARCH_HAS_SET_MEMORY=y it includes the asm header,
> otherwise it provides empty versions of the set_memory_xx() routines.
>
> Signed-off-by: Michael Ellerman <[email protected]>
Acked-by: Daniel Borkmann <[email protected]>
On 06/29/2017 08:29 AM, Michael Ellerman wrote:
> Currently code that wants to use set_memory_ro() etc, needs to include
> asm/set_memory.h, which doesn't exist on all arches. Some code knows
> it only builds on arches which have the header, other code guards the
> inclusion with an #ifdef, neither is ideal.
>
> So create linux/set_memory.h. This always exists, so users don't need
> an #ifdef just to include the header.
>
> When CONFIG_ARCH_HAS_SET_MEMORY=y it includes asm/set_memory.h,
> otherwise it provides empty non-failing implementations.
>
> Signed-off-by: Michael Ellerman <[email protected]>
Looks good to me, thanks!
Acked-by: Daniel Borkmann <[email protected]>
I'm fine if Andrew or Kees picks up the bpf patch as well, I think
there shouldn't be any conflict with net-next on this one (and even
if so, then looks trivial to resolve).
On Thu, Jun 29, 2017 at 2:03 AM, Daniel Borkmann <[email protected]> wrote:
> On 06/29/2017 08:29 AM, Michael Ellerman wrote:
>>
>> Currently code that wants to use set_memory_ro() etc, needs to include
>> asm/set_memory.h, which doesn't exist on all arches. Some code knows
>> it only builds on arches which have the header, other code guards the
>> inclusion with an #ifdef, neither is ideal.
>>
>> So create linux/set_memory.h. This always exists, so users don't need
>> an #ifdef just to include the header.
>>
>> When CONFIG_ARCH_HAS_SET_MEMORY=y it includes asm/set_memory.h,
>> otherwise it provides empty non-failing implementations.
>>
>> Signed-off-by: Michael Ellerman <[email protected]>
>
>
> Looks good to me, thanks!
>
> Acked-by: Daniel Borkmann <[email protected]>
>
> I'm fine if Andrew or Kees picks up the bpf patch as well, I think
> there shouldn't be any conflict with net-next on this one (and even
> if so, then looks trivial to resolve).
I nominate Andrew. ;) This should go in early in the merge window and
the users can go late in the window. If Andrew has enough to do, I can
carry it too; just say the word.
This is a sane addition and allows for lines-of-code reduction in a
few places. Thanks!
Acked-by: Kees Cook <[email protected]>
-Kees
--
Kees Cook
Pixel Security
On 06/28/2017 11:29 PM, Michael Ellerman wrote:
> Currently code that wants to use set_memory_ro() etc, needs to include
> asm/set_memory.h, which doesn't exist on all arches. Some code knows
> it only builds on arches which have the header, other code guards the
> inclusion with an #ifdef, neither is ideal.
>
> So create linux/set_memory.h. This always exists, so users don't need
> an #ifdef just to include the header.
>
> When CONFIG_ARCH_HAS_SET_MEMORY=y it includes asm/set_memory.h,
> otherwise it provides empty non-failing implementations.
>
> Signed-off-by: Michael Ellerman <[email protected]>
> ---
> include/linux/set_memory.h | 20 ++++++++++++++++++++
> 1 file changed, 20 insertions(+)
> create mode 100644 include/linux/set_memory.h
>
>
> Does this look OK to people? If so it would be great if someone, Kees?,
> Andrew?, could pick up patch 1 (it's a nop by itself) and then we can send the
> conversions separately later in the merge window?
>
Acked-by: Laura Abbott <[email protected]>
> cheers
>
> diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h
> new file mode 100644
> index 000000000000..e5140648f638
> --- /dev/null
> +++ b/include/linux/set_memory.h
> @@ -0,0 +1,20 @@
> +/*
> + * Copyright 2017, Michael Ellerman, IBM Corporation.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License version
> + * 2 as published by the Free Software Foundation;
> + */
> +#ifndef _LINUX_SET_MEMORY_H_
> +#define _LINUX_SET_MEMORY_H_
> +
> +#ifdef CONFIG_ARCH_HAS_SET_MEMORY
> +#include <asm/set_memory.h>
> +#else
> +static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; }
> +static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; }
> +static inline int set_memory_x(unsigned long addr, int numpages) { return 0; }
> +static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; }
> +#endif
> +
> +#endif /* _LINUX_SET_MEMORY_H_ */
>
Kees Cook <[email protected]> writes:
> On Thu, Jun 29, 2017 at 2:03 AM, Daniel Borkmann <[email protected]> wrote:
>> On 06/29/2017 08:29 AM, Michael Ellerman wrote:
>>>
>>> Currently code that wants to use set_memory_ro() etc, needs to include
>>> asm/set_memory.h, which doesn't exist on all arches. Some code knows
>>> it only builds on arches which have the header, other code guards the
>>> inclusion with an #ifdef, neither is ideal.
>>>
>>> So create linux/set_memory.h. This always exists, so users don't need
>>> an #ifdef just to include the header.
>>>
>>> When CONFIG_ARCH_HAS_SET_MEMORY=y it includes asm/set_memory.h,
>>> otherwise it provides empty non-failing implementations.
>>>
>>> Signed-off-by: Michael Ellerman <[email protected]>
>>
>>
>> Looks good to me, thanks!
>>
>> Acked-by: Daniel Borkmann <[email protected]>
>>
>> I'm fine if Andrew or Kees picks up the bpf patch as well, I think
>> there shouldn't be any conflict with net-next on this one (and even
>> if so, then looks trivial to resolve).
>
> I nominate Andrew. ;) This should go in early in the merge window and
> the users can go late in the window. If Andrew has enough to do, I can
> carry it too; just say the word.
>
> This is a sane addition and allows for lines-of-code reduction in a
> few places. Thanks!
Andrew's picked them up in mmotm, thanks everyone.
cheers