Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757957AbbKGAUa (ORCPT ); Fri, 6 Nov 2015 19:20:30 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44511 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753276AbbKGAU3 (ORCPT ); Fri, 6 Nov 2015 19:20:29 -0500 Subject: Re: [PATCH] arm: Use kernel mm when updating section permissions To: Kees Cook References: <1446685239-28522-1-git-send-email-labbott@fedoraproject.org> <20151105094615.GP8644@n2100.arm.linux.org.uk> <563B81DA.2080409@redhat.com> <20151105162719.GQ8644@n2100.arm.linux.org.uk> <563BFCC4.8050705@redhat.com> <563CF510.9080506@redhat.com> <20151106204641.GT8644@n2100.arm.linux.org.uk> <563D3AC5.4020203@redhat.com> Cc: Russell King - ARM Linux , Laura Abbott , Catalin Marinas , Will Deacon , "linux-arm-kernel@lists.infradead.org" , LKML , Linux-MM From: Laura Abbott Message-ID: <563D43CA.9030405@redhat.com> Date: Fri, 6 Nov 2015 16:20:26 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1949 Lines: 47 On 11/06/2015 03:49 PM, Kees Cook wrote: > On Fri, Nov 6, 2015 at 3:41 PM, Laura Abbott wrote: >> On 11/06/2015 12:46 PM, Russell King - ARM Linux wrote: >>> >>> On Fri, Nov 06, 2015 at 10:44:32AM -0800, Laura Abbott wrote: >>>> >>>> with my test patch. I think setting both current->active_mm and &init_mm >>>> is sufficient. Maybe explicitly setting swapper_pg_dir would be cleaner? >>> >>> >>> Please, stop thinking like this. If you're trying to change the kernel >>> section mappings after threads have been spawned, you need to change >>> them for _all_ threads, which means you need to change them for every >>> page table that's in existence at that time - you can't do just one >>> table and hope everyone updates, it doesn't work like that. >>> >> >> That's a bad assumption assumption on my part based on what I was >> observing. At the time of mark_rodata_ro, the only threads present >> are kernel threads which aren't going to have task->mm. Only the >> running thread is going to have active_mm. None of those are init_mm. >> To be complete we need: >> >> - Update every task->mm for every thread in every process >> - Update current->active_mm >> - Update &init_mm explicitly >> >> All this would need to be done under stop_machine as well. Does that cover >> everything or am I still off? > > I still think we need to find an earlier place to do this. :( > > -Kees > The problem is still the initmem. That needs to be writable and executable during inittime and then have the page tables adjusted afterwards if it is going to be freed back. I'll give this some more thought to see if I can come up with something or if anyone else has another idea. Thanks, Laura -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/