Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755370AbdC3HoK (ORCPT ); Thu, 30 Mar 2017 03:44:10 -0400 Received: from mail-pg0-f65.google.com ([74.125.83.65]:33811 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752733AbdC3HoJ (ORCPT ); Thu, 30 Mar 2017 03:44:09 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Subject: Re: [RFC v2][PATCH 01/11] Introduce rare_write() infrastructure From: Ho-Eun Ryu In-Reply-To: Date: Thu, 30 Mar 2017 16:44:02 +0900 Cc: "kernel-hardening@lists.openwall.com" , Mark Rutland , Andy Lutomirski , PaX Team , Emese Revfy , Russell King , "x86@kernel.org" , LKML , "linux-arm-kernel@lists.infradead.org" Message-Id: <466B31B4-0535-44EE-B0F0-F758A79A7B4F@gmail.com> References: <1490811363-93944-1-git-send-email-keescook@chromium.org> <1490811363-93944-2-git-send-email-keescook@chromium.org> To: Kees Cook X-Mailer: Apple Mail (2.3259) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id v2U7imqv032278 Content-Length: 3940 Lines: 82 > On 30 Mar 2017, at 3:23 AM, Kees Cook wrote: > > On Wed, Mar 29, 2017 at 11:15 AM, Kees Cook wrote: >> +/* >> + * Build "write rarely" infrastructure for flipping memory r/w >> + * on a per-CPU basis. >> + */ >> +#ifndef CONFIG_HAVE_ARCH_RARE_WRITE >> +# define __wr_rare >> +# define __wr_rare_type >> +# define __rare_write(__var, __val) (__var = (__val)) >> +# define rare_write_begin() do { } while (0) >> +# define rare_write_end() do { } while (0) >> +#else >> +# define __wr_rare __ro_after_init >> +# define __wr_rare_type const >> +# ifdef CONFIG_HAVE_ARCH_RARE_WRITE_MEMCPY >> +# define __rare_write_n(dst, src, len) ({ \ >> + BUILD_BUG(!builtin_const(len)); \ >> + __arch_rare_write_memcpy((dst), (src), (len)); \ >> + }) >> +# define __rare_write(var, val) __rare_write_n(&(var), &(val), sizeof(var)) >> +# else >> +# define __rare_write(var, val) ((*(typeof((typeof(var))0) *)&(var)) = (val)) >> +# endif >> +# define rare_write_begin() __arch_rare_write_begin() >> +# define rare_write_end() __arch_rare_write_end() >> +#endif >> +#define rare_write(__var, __val) ({ \ >> + rare_write_begin(); \ >> + __rare_write(__var, __val); \ >> + rare_write_end(); \ >> + __var; \ >> +}) >> + > > Of course, only after sending this do I realize that the MEMCPY case > will need to be further adjusted, since it currently can't take > literals. I guess something like this needs to be done: > > #define __rare_write(var, val) ({ \ > typeof(var) __src = (val); \ > __rare_write_n(&(var), &(__src), sizeof(var)); \ > }) > Right, and it has a problem with BUILD_BUG, which causes compilation error when CONFIG_HABE_ARCH_RARE_WRITE_MEMCPY is true BUILD_BUG is defined in but includes Please see the following. diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 3334fa9..3fa50e1 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -350,11 +350,11 @@ static __always_inline void __write_once_size(volatile vo\ id *p, void *res, int s # define __wr_rare __ro_after_init # define __wr_rare_type const # ifdef CONFIG_HAVE_ARCH_RARE_WRITE_MEMCPY -# define __rare_write_n(dst, src, len) ({ \ - BUILD_BUG(!builtin_const(len)); \ - __arch_rare_write_memcpy((dst), (src), (len)); \ +# define __rare_write_n(var, val, len) ({ \ + typeof(val) __val = val; \ + __arch_rare_write_memcpy(&(var), &(__val), (len)); \ }) -# define __rare_write(var, val) __rare_write_n(&(var), &(val), sizeof(var)) +# define __rare_write(var, val) __rare_write_n((var), (val), sizeof(var)) # else # define __rare_write(var, val) ((*(typeof((typeof(var))0) *)&(var)) = (val)\ ) # endif > -Kees > > -- > Kees Cook > Pixel Security