Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp225797imm;
        Thu, 30 Aug 2018 21:48:28 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdaxPzKk2Mo6KucaaZT4YaSyOPfqUrQVi5iLjuqfuBUz2X83M6fnBhfIqbBnnm6JT4w0WoJx
X-Received: by 2002:a63:f54c:: with SMTP id e12-v6mr12786198pgk.286.1535690908016;
        Thu, 30 Aug 2018 21:48:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535690907; cv=none;
        d=google.com; s=arc-20160816;
        b=YNF3Dpa7tJEoRcRQZ1ViDz1p0RrwXU4ooj0ytZoMEogwCTckqzCREwcDsf08bQGAck
         mfcVdA9rzuFXl38jZ8dFJ+UXqLrvV2XyIPg6PjkwXxtS6goLHK0zDnSCmJF+LF3ksafZ
         2fu2sz5tbsbpkInDyKzcuPm5/xmm4m5tIdilD8inLxAWXs7aCdWkj8y2bSj2mco7T5fL
         oCyM3nfpz+GeyOaTzIeQGqdbf8hlbbjvc6WxUkZ8c/nNUCHSmMOxgAGiW0TGnYScDp+k
         hcs9mCpQR/j3BcBBGBLjkLsWYxuf7g5/87+KKSqjK/rAP40OVjdoDbJK4UDQiAdivEu+
         qaJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature:arc-authentication-results;
        bh=BDQyzNaOu+T9bfE98BKzCf6JzB+tspL3SpG2YDxwdeI=;
        b=TDEFGBCX1/qpTbKNZujmVzfJAYTDpmywC9v+wkGVOQyaoWL1bh7h2bUGjybI8TBfcQ
         N/JexJkRr7s7EIpz9XdUIg8RDLy1PuvEJMe7dKN5ZdnHFxbtfjb3oETxSRKfrN2tKS0o
         TQhk7kNovc6nLA7ArduxIBUc9x4u6esDwS1dn04nA9zQDob1qBt8u71DkRj8dBz4TL9r
         YohydD9thiD5d3qz8lPByEfsAgLOGWiuWk+oIhu2cxAySQtia6Pqkd0QiDge2XVce4sV
         nvg2zA4Z20X0hPIVK/PxhAj0aal4VB1YhRsUQ+9YAjtfoBaGgkd//yqB8XmFmaJbXZG/
         f/tg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=etVVFC2Q;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id gn24si8177541plb.147.2018.08.30.21.48.12;
        Thu, 30 Aug 2018 21:48:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=etVVFC2Q;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727247AbeHaIwR (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Fri, 31 Aug 2018 04:52:17 -0400
Received: from mail.kernel.org ([198.145.29.99]:36098 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727106AbeHaIwQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 31 Aug 2018 04:52:16 -0400
Received: from devnote (sp183-74-193-25.msb.spmode.ne.jp [183.74.193.25])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 5774320661;
        Fri, 31 Aug 2018 04:46:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1535690799;
        bh=ZfeKrBr9HK+Hl7fDyU2Nt92tdI3Bm9PqCwoNs6O1/+w=;
        h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
        b=etVVFC2Qs+qu/7hE7Uc1yVwKwQUtLnXmy1Gd6jftJYpxIw9rIqRjNZIpA4Ed0TqKa
         rYXWXKGXdAU4Q2ZvKiIoITmJ/3fiQGzlW6vMhB7rrrHEugWrcppHqL5HPnj4VubjVO
         Lei1rizDtdTDWod8NQ962YitH+6fFGaIkk+qdkdA=
Date:   Fri, 31 Aug 2018 13:46:35 +0900
From:   Masami Hiramatsu <mhiramat@kernel.org>
To:     Nadav Amit <namit@vmware.com>
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@redhat.com>,
        <x86@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
        <linux-arch@vger.kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH 0/6] x86/alternatives: text_poke() fixes
Message-Id: <20180831134635.35b6c2a919449adf4b63a133@kernel.org>
In-Reply-To: <20180830173218.238900-1-namit@vmware.com>
References: <20180830173218.238900-1-namit@vmware.com>
X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 30 Aug 2018 10:32:12 -0700
Nadav Amit <namit@vmware.com> wrote:

> This patch-set addresses some issues that were raised in a recent
> correspondence and might affect the security and the correctness of code
> patching. (Note that patching performance is not addressed by this
> patch-set).
> 
> The main issue that the patches deal with is the fact that the fixmap
> PTEs that are used for patching are available for access from other
> cores and might be exploited. They are not even flushed from the TLB in
> remote cores, so the risk is even higher. Address this issue by
> introducing a temporary mm that is only used during patching.
> Unfortunately, due to init ordering, fixmap is still used during
> boot-time patching. Future patches can eliminate the need for it.
> 
> The second issue is the missing lockdep assertion to ensure text_mutex
> is taken. It is actually not always taken, so fix the instances that
> were found not to take the lock (although they should be safe even
> without taking the lock).
> 
> Finally, try to be more conservative and to map a single page, instead
> of two, when possible. This helps both security and performance.
> 
> In addition, there is some cleanup of the patching code to make it more
> readable.

OK, this series looks good to me, and tested with ftracetest, kprobe testsets.

Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Masami Hiramatsu <mhiramat@kernel.org>

Thank you!


> 
> RFC->v1:
> - Added handling of error in get_locked_pte()
> - Remove lockdep assertion, clarify text_mutex use instead [masami]
> - Comment fix [peterz]
> - Removed remainders of text_poke return value [masami]
> - Use __weak for poking_init instead of macros [masami]
> - Simplify error handling in poking_init [masami]  
> 
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Masami Hiramatsu <mhiramat@kernel.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Link: https://lkml.org/lkml/2018/8/24/586
> 
> Andy Lutomirski (1):
>   x86/mm: temporary mm struct
> 
> Nadav Amit (5):
>   x86/alternatives: clarify text_mutex use in text_poke
>   fork: provide a function for copying init_mm
>   x86/alternatives: initializing temporary mm for patching
>   x86/alternatives: use temporary mm for text poking
>   x86/alternatives: remove text_poke() return value
> 
>  arch/x86/include/asm/mmu_context.h   |  20 ++++
>  arch/x86/include/asm/pgtable.h       |   3 +
>  arch/x86/include/asm/text-patching.h |   4 +-
>  arch/x86/kernel/alternative.c        | 173 +++++++++++++++++++++++----
>  arch/x86/mm/init_64.c                |  29 +++++
>  include/linux/sched/task.h           |   1 +
>  init/main.c                          |   3 +
>  kernel/fork.c                        |  24 +++-
>  8 files changed, 226 insertions(+), 31 deletions(-)
> 
> -- 
> 2.17.1
> 


-- 
Masami Hiramatsu <mhiramat@kernel.org>