Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp10282692imu; Wed, 5 Dec 2018 20:45:11 -0800 (PST) X-Google-Smtp-Source: AFSGD/WCgQNBTzf5ZfuuzKd3jB95zFTRlhyn+7aIJ+yBdTVI94FFmLZoRXk1MJ6bEaNhxP9wqPtS X-Received: by 2002:a17:902:e18c:: with SMTP id cd12mr25332258plb.279.1544071511234; Wed, 05 Dec 2018 20:45:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544071511; cv=none; d=google.com; s=arc-20160816; b=E7co4k8SQZ1jklgAsBCPKwzs4bi4/T5Me6DZiw4st7rMfYDzwbaRKJjUCdMs/3qg2E UNDUG5gJrZhuEu7K3X63XWTKReyS4bekAYC7J5Tr5DMMo52JgLlV+QH3C29IaqaWlVr7 7MUu0/BLQbOpYuLSTYPPNS1UHTVWw9h2bti+dW7tyzz4TGBXRTpB2KN2sab510ndGGCT OUFJ3TvZsGv8VjoazIPFTH6tIBvgywgMsc65OEhMYdbJpko0HKw8FiNdEV43WlKylPtw OxL7IPMrx+qBnov6orri0IcCO7Zjtgb8TKPYPU0TR9MC/1i5R386Hq9zJ8HCz97aLS59 MNaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=QFeJN8oo/xfavEPpzpXmebRZOEyeWvGNNlMViIRBBYw=; b=bYt2cmDz15Vh+F5vfaCsuOJs8BIaYxyfAM06fUXBGzsrzktwG80RaCtpne/F9b5oHd msmgOwk23GIofqZ+7t/qWjdDNrsDxPeccx/ESchD+wV/4toUQptwSxZj0n9WCA/iqHpn soVgYVWLC4jj4NlbMe+In5GcyYeWvqWm6dFBrAQbSB7L6UdBRKZRnv2byO8ByKoCxth/ VFkCPsoLVjqgPDe9kWcWfFRzybJri3n+gDo5JuL4Q5Uy2GBX3cSvzHMeKzJ5eN7wTRM8 3FwSXkZFAnMSmCx0ArTYudTsPTykMQGqvxf8KSuoP2I3s61yccrI5t75NXKhjwhDpajt CTaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=EFszL+cz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r2si19298722pgo.483.2018.12.05.20.44.55; Wed, 05 Dec 2018 20:45:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=EFszL+cz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728904AbeLFEoR (ORCPT + 99 others); Wed, 5 Dec 2018 23:44:17 -0500 Received: from bombadil.infradead.org ([198.137.202.133]:56714 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727940AbeLFEoQ (ORCPT ); Wed, 5 Dec 2018 23:44:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=QFeJN8oo/xfavEPpzpXmebRZOEyeWvGNNlMViIRBBYw=; b=EFszL+czeM4Qmk6dWX7BeKZ8n lyim7VqIA6oIVfeXEfk/yigPDzQ61Cm3UyecR3ngMJSw371+C5m2kuQ4UIm0ftvU24ANNeRKwBrio 3jea32605A/tsdSe7QfO3OJY5GPSis9vbROa5Cf4wJa9BfBvuoA3x2Sose55VG/igJ0cBcy5Flwlk hEUM+TEBvFAhW4TpynGhK19fExY07LgE2C+BYGk5gsI5ul6hWErUn5hkkdRM8gSsSNJJ8xeiKtqL5 hob/svQt6UZWrLX0bkms21qOmRoB5TUqHhx44J4xvisCV3NUPi5AffFZJlNP3ztmnlKx+gvhJM/N7 3YJR26yYA==; Received: from willy by bombadil.infradead.org with local (Exim 4.90_1 #2 (Red Hat Linux)) id 1gUlWH-0000zX-Cn; Thu, 06 Dec 2018 04:44:13 +0000 Date: Wed, 5 Dec 2018 20:44:13 -0800 From: Matthew Wilcox To: Igor Stoppa Cc: Andy Lutomirski , Kees Cook , igor.stoppa@huawei.com, Nadav Amit , Peter Zijlstra , Dave Hansen , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/6] __wr_after_init: write rare for static allocation Message-ID: <20181206044413.GB24603@bombadil.infradead.org> References: <20181204121805.4621-1-igor.stoppa@huawei.com> <20181204121805.4621-3-igor.stoppa@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181204121805.4621-3-igor.stoppa@huawei.com> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 04, 2018 at 02:18:01PM +0200, Igor Stoppa wrote: > +void *__wr_op(unsigned long dst, unsigned long src, __kernel_size_t len, > + enum wr_op_type op) > +{ > + temporary_mm_state_t prev; > + unsigned long flags; > + unsigned long offset; > + unsigned long wr_poking_addr; > + > + /* Confirm that the writable mapping exists. */ > + BUG_ON(!wr_ready); > + > + if (WARN_ONCE(op >= WR_OPS_NUMBER, "Invalid WR operation.") || > + WARN_ONCE(!is_wr_after_init(dst, len), "Invalid WR range.")) > + return (void *)dst; > + > + offset = dst - (unsigned long)&__start_wr_after_init; > + wr_poking_addr = wr_poking_base + offset; > + local_irq_save(flags); Why not local_irq_disable()? Do we have a use-case for wanting to access this from interrupt context? > + /* XXX make the verification optional? */ Well, yes. It seems like debug code to me. > + /* Randomize the poking address base*/ > + wr_poking_base = TASK_UNMAPPED_BASE + > + (kaslr_get_random_long("Write Rare Poking") & PAGE_MASK) % > + (TASK_SIZE - (TASK_UNMAPPED_BASE + wr_range)); I don't think this is a great idea. We want to use the same mm for both static and dynamic wr memory, yes? So we should have enough space for all of ram, not splatter the static section all over the address space. On x86-64 (4 level page tables), we have a 64TB space for all of physmem and 128TB of user space, so we can place the base anywhere in a 64TB range.