Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757885AbbKFXtS (ORCPT <rfc822;w@1wt.eu>);
	Fri, 6 Nov 2015 18:49:18 -0500
Received: from mail-io0-f182.google.com ([209.85.223.182]:35724 "EHLO
	mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1757753AbbKFXtR (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 6 Nov 2015 18:49:17 -0500
MIME-Version: 1.0
In-Reply-To: <563D3AC5.4020203@redhat.com>
References: <1446685239-28522-1-git-send-email-labbott@fedoraproject.org>
	<20151105094615.GP8644@n2100.arm.linux.org.uk>
	<563B81DA.2080409@redhat.com>
	<20151105162719.GQ8644@n2100.arm.linux.org.uk>
	<563BFCC4.8050705@redhat.com>
	<CAGXu5jLS8GPxmMQwd9qw+w+fkMqU-GYyME5WUuKZZ4qTesVzCQ@mail.gmail.com>
	<563CF510.9080506@redhat.com>
	<20151106204641.GT8644@n2100.arm.linux.org.uk>
	<563D3AC5.4020203@redhat.com>
Date: Fri, 6 Nov 2015 15:49:16 -0800
X-Google-Sender-Auth: QGJrAIiyvO-8R5KZIWCMW3WgDdo
Message-ID: <CAGXu5jLf+BAhPvQihZ02jUpSE4woP-aMhfUQ6vobZBShrZXT4g@mail.gmail.com>
Subject: Re: [PATCH] arm: Use kernel mm when updating section permissions
From: Kees Cook <keescook@chromium.org>
To: Laura Abbott <labbott@redhat.com>
Cc: Russell King - ARM Linux <linux@arm.linux.org.uk>,
        Laura Abbott <labbott@fedoraproject.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        "linux-arm-kernel@lists.infradead.org" 
	<linux-arm-kernel@lists.infradead.org>,
        LKML <linux-kernel@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1607
Lines: 41

On Fri, Nov 6, 2015 at 3:41 PM, Laura Abbott <labbott@redhat.com> wrote:
> On 11/06/2015 12:46 PM, Russell King - ARM Linux wrote:
>>
>> On Fri, Nov 06, 2015 at 10:44:32AM -0800, Laura Abbott wrote:
>>>
>>> with my test patch. I think setting both current->active_mm and &init_mm
>>> is sufficient. Maybe explicitly setting swapper_pg_dir would be cleaner?
>>
>>
>> Please, stop thinking like this.  If you're trying to change the kernel
>> section mappings after threads have been spawned, you need to change
>> them for _all_ threads, which means you need to change them for every
>> page table that's in existence at that time - you can't do just one
>> table and hope everyone updates, it doesn't work like that.
>>
>
> That's a bad assumption assumption on my part based on what I was
> observing. At the time of mark_rodata_ro, the only threads present
> are kernel threads which aren't going to have task->mm. Only the
> running thread is going to have active_mm. None of those are init_mm.
> To be complete we need:
>
> - Update every task->mm for every thread in every process
> - Update current->active_mm
> - Update &init_mm explicitly
>
> All this would need to be done under stop_machine as well. Does that cover
> everything or am I still off?

I still think we need to find an earlier place to do this. :(

-Kees

-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/