Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp225797imm; Thu, 30 Aug 2018 21:48:28 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaxPzKk2Mo6KucaaZT4YaSyOPfqUrQVi5iLjuqfuBUz2X83M6fnBhfIqbBnnm6JT4w0WoJx X-Received: by 2002:a63:f54c:: with SMTP id e12-v6mr12786198pgk.286.1535690908016; Thu, 30 Aug 2018 21:48:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535690907; cv=none; d=google.com; s=arc-20160816; b=YNF3Dpa7tJEoRcRQZ1ViDz1p0RrwXU4ooj0ytZoMEogwCTckqzCREwcDsf08bQGAck mfcVdA9rzuFXl38jZ8dFJ+UXqLrvV2XyIPg6PjkwXxtS6goLHK0zDnSCmJF+LF3ksafZ 2fu2sz5tbsbpkInDyKzcuPm5/xmm4m5tIdilD8inLxAWXs7aCdWkj8y2bSj2mco7T5fL oCyM3nfpz+GeyOaTzIeQGqdbf8hlbbjvc6WxUkZ8c/nNUCHSmMOxgAGiW0TGnYScDp+k hcs9mCpQR/j3BcBBGBLjkLsWYxuf7g5/87+KKSqjK/rAP40OVjdoDbJK4UDQiAdivEu+ qaJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature:arc-authentication-results; bh=BDQyzNaOu+T9bfE98BKzCf6JzB+tspL3SpG2YDxwdeI=; b=TDEFGBCX1/qpTbKNZujmVzfJAYTDpmywC9v+wkGVOQyaoWL1bh7h2bUGjybI8TBfcQ N/JexJkRr7s7EIpz9XdUIg8RDLy1PuvEJMe7dKN5ZdnHFxbtfjb3oETxSRKfrN2tKS0o TQhk7kNovc6nLA7ArduxIBUc9x4u6esDwS1dn04nA9zQDob1qBt8u71DkRj8dBz4TL9r YohydD9thiD5d3qz8lPByEfsAgLOGWiuWk+oIhu2cxAySQtia6Pqkd0QiDge2XVce4sV nvg2zA4Z20X0hPIVK/PxhAj0aal4VB1YhRsUQ+9YAjtfoBaGgkd//yqB8XmFmaJbXZG/ f/tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=etVVFC2Q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id gn24si8177541plb.147.2018.08.30.21.48.12; Thu, 30 Aug 2018 21:48:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=etVVFC2Q; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727247AbeHaIwR (ORCPT + 99 others); Fri, 31 Aug 2018 04:52:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:36098 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727106AbeHaIwQ (ORCPT ); Fri, 31 Aug 2018 04:52:16 -0400 Received: from devnote (sp183-74-193-25.msb.spmode.ne.jp [183.74.193.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5774320661; Fri, 31 Aug 2018 04:46:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1535690799; bh=ZfeKrBr9HK+Hl7fDyU2Nt92tdI3Bm9PqCwoNs6O1/+w=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=etVVFC2Qs+qu/7hE7Uc1yVwKwQUtLnXmy1Gd6jftJYpxIw9rIqRjNZIpA4Ed0TqKa rYXWXKGXdAU4Q2ZvKiIoITmJ/3fiQGzlW6vMhB7rrrHEugWrcppHqL5HPnj4VubjVO Lei1rizDtdTDWod8NQ962YitH+6fFGaIkk+qdkdA= Date: Fri, 31 Aug 2018 13:46:35 +0900 From: Masami Hiramatsu To: Nadav Amit Cc: Thomas Gleixner , , Ingo Molnar , , Arnd Bergmann , , Dave Hansen , Andy Lutomirski , Masami Hiramatsu , Kees Cook , Peter Zijlstra Subject: Re: [PATCH 0/6] x86/alternatives: text_poke() fixes Message-Id: <20180831134635.35b6c2a919449adf4b63a133@kernel.org> In-Reply-To: <20180830173218.238900-1-namit@vmware.com> References: <20180830173218.238900-1-namit@vmware.com> X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 30 Aug 2018 10:32:12 -0700 Nadav Amit wrote: > This patch-set addresses some issues that were raised in a recent > correspondence and might affect the security and the correctness of code > patching. (Note that patching performance is not addressed by this > patch-set). > > The main issue that the patches deal with is the fact that the fixmap > PTEs that are used for patching are available for access from other > cores and might be exploited. They are not even flushed from the TLB in > remote cores, so the risk is even higher. Address this issue by > introducing a temporary mm that is only used during patching. > Unfortunately, due to init ordering, fixmap is still used during > boot-time patching. Future patches can eliminate the need for it. > > The second issue is the missing lockdep assertion to ensure text_mutex > is taken. It is actually not always taken, so fix the instances that > were found not to take the lock (although they should be safe even > without taking the lock). > > Finally, try to be more conservative and to map a single page, instead > of two, when possible. This helps both security and performance. > > In addition, there is some cleanup of the patching code to make it more > readable. OK, this series looks good to me, and tested with ftracetest, kprobe testsets. Reviewed-by: Masami Hiramatsu Tested-by: Masami Hiramatsu Thank you! > > RFC->v1: > - Added handling of error in get_locked_pte() > - Remove lockdep assertion, clarify text_mutex use instead [masami] > - Comment fix [peterz] > - Removed remainders of text_poke return value [masami] > - Use __weak for poking_init instead of macros [masami] > - Simplify error handling in poking_init [masami] > > Cc: Andy Lutomirski > Cc: Masami Hiramatsu > Cc: Kees Cook > Cc: Peter Zijlstra > Link: https://lkml.org/lkml/2018/8/24/586 > > Andy Lutomirski (1): > x86/mm: temporary mm struct > > Nadav Amit (5): > x86/alternatives: clarify text_mutex use in text_poke > fork: provide a function for copying init_mm > x86/alternatives: initializing temporary mm for patching > x86/alternatives: use temporary mm for text poking > x86/alternatives: remove text_poke() return value > > arch/x86/include/asm/mmu_context.h | 20 ++++ > arch/x86/include/asm/pgtable.h | 3 + > arch/x86/include/asm/text-patching.h | 4 +- > arch/x86/kernel/alternative.c | 173 +++++++++++++++++++++++---- > arch/x86/mm/init_64.c | 29 +++++ > include/linux/sched/task.h | 1 + > init/main.c | 3 + > kernel/fork.c | 24 +++- > 8 files changed, 226 insertions(+), 31 deletions(-) > > -- > 2.17.1 > -- Masami Hiramatsu