Received: by 10.223.185.116 with SMTP id b49csp5081610wrg; Wed, 7 Mar 2018 06:09:51 -0800 (PST) X-Google-Smtp-Source: AG47ELsBxe26jnVoUcDT+I/9nE5ZGUpHhWxzTFs7HUI5m+VA+Yx7+hJgvQPU37kYuOXm39Z2ijNk X-Received: by 10.101.77.7 with SMTP id i7mr18286054pgt.330.1520431791430; Wed, 07 Mar 2018 06:09:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520431791; cv=none; d=google.com; s=arc-20160816; b=Nol1BCU8JBHXmUfIdnEdTj66XuEQfvqWDkE0PUAMTbsFlciXC9wwhs/GTKYQyn/g9p UfNJ5XLMT4c51P7iGL7OymHIWOPFm9QjEAAtXKJJokqYf2TnT4dkfgfQZp/nfBbTmadn tDw67gpecPosVoZc+JPocxlOcnPDbTfeZ6ej/7u272f0v496Ez7lWZwKQ5r7xjEAgsiB e47yUKVs2RgVkOQvR8CLQzq0ssrz5nU56Wa2+UvRaR7U/1CLT0v+AxPJEbwucr2YUCk0 n/QOULrvvfTAp1pZtYbDJmvJnZO5W6ApxonTBrkONroJ4c1exLEmnqLdRRQF8/Bbooot 1Wuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=8Q+vITd9CjNpjKsmMTHqVBpKiRLAnO/Wm7npZW1TGIM=; b=iVQTT81ggXuhd3k5OhEVgnNRpsoXOhv5sNEPKhpM518QPF2Af4S2pcSsrR4GnWu1rM UgixitdbE6UhkLG8f7N9X1idKKG7Q+I8oWuGT7wf+CWIUp/IMnhXfullhxIjgCA3It+d HNM1flXzexNv4McTuauj/zRY/9kZ23wBlrkjgUslKOR3YV3OJdP4iqgWFfiDV518sJuV x3UNRfMpByjfceDKA26nFGi/hR3wYxAJT/ksI61HKkuv/PIATSXRoXc03NcPdp46BHLt WjRJeg8om5OFvdh4Kfq8asju2mhEdh7FWgJ+yhwQ5lNmWaxFBLzaGKstYctZZp1llAZ7 vAMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y96-v6si12982373plh.796.2018.03.07.06.09.36; Wed, 07 Mar 2018 06:09:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754473AbeCGOI2 (ORCPT + 99 others); Wed, 7 Mar 2018 09:08:28 -0500 Received: from lhrrgout.huawei.com ([194.213.3.17]:28564 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754348AbeCGOIY (ORCPT ); Wed, 7 Mar 2018 09:08:24 -0500 Received: from LHREML711-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 8991ED0B6B40D; Wed, 7 Mar 2018 14:08:21 +0000 (GMT) Received: from [10.122.225.51] (10.122.225.51) by smtpsuk.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.382.0; Wed, 7 Mar 2018 14:08:19 +0000 Subject: Re: [PATCH 4/7] Protectable Memory To: J Freyensee , , , , CC: , , , , References: <20180228200620.30026-1-igor.stoppa@huawei.com> <20180228200620.30026-5-igor.stoppa@huawei.com> <1b0aff92-bc6c-c815-f129-95720ec80778@gmail.com> From: Igor Stoppa Message-ID: Date: Wed, 7 Mar 2018 16:07:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1b0aff92-bc6c-c815-f129-95720ec80778@gmail.com> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.122.225.51] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/03/18 05:59, J Freyensee wrote: [...] >> +config PROTECTABLE_MEMORY >> + bool >> + depends on MMU > > > Curious, would you also want to depend on "SECURITY" as well, as this is > being advertised as a compliment to __read_only_after_init, per the file > header comments, as I'm assuming ro_after_init would be disabled if the > SECURITY Kconfig selection is *NOT* selected? __ro_after_init is configured like this: #if defined(CONFIG_STRICT_KERNEL_RWX) || defined(CONFIG_STRICT_MODULE_RWX) bool rodata_enabled __ro_after_init = true; But even if __ro_after_init and pmalloc are conceptually similar, in practice they have - potentially - different constraints. 1) the __ro_after_init segment belongs to linear kernel memory 2) the pmalloc pools belong to vmalloc memory There is one extra layer of indirection in pmalloc. I am not an expert of MMUs but I suppose there might be types where it is possible to mark pages as RO but it's not possible to have virtual memory. If (and this is a big "if") such MMUs exist and are supported by linux, then __ro_after_init would be possible, while pmalloc would not be. So it seemed more correct to focus specifically on hte enablers required by pmalloc to perform correctly. Open Question: Is it ok that the API disappears in case the enablers are missing? Or should it fall back to something else? Dealing with lack of ReadOnly support would be pretty simple, it would be enough to make the write-Protection conditional. But what to do if virtual mapping is not supported? kmalloc might not have the ability to support large requests made toward pmalloc and this would possibly cause runtime failures. -- igor