Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1713415imu; Thu, 10 Jan 2019 01:33:51 -0800 (PST) X-Google-Smtp-Source: ALg8bN7n+9DdzJg8wn122tHEN/UiOxacpc3xviMGK1QwbVWWshEVN5z/dNY9/3SRXrDL91SeRute X-Received: by 2002:a63:5107:: with SMTP id f7mr5345022pgb.218.1547112831097; Thu, 10 Jan 2019 01:33:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547112831; cv=none; d=google.com; s=arc-20160816; b=lQxiG/mrdIEH2gzjo86Gk6r7r33WbI17YhJRWPzXtGQ9iHxemvbHxSSiWC3oRfZlYi sQbNY5yuk6qih+pTIr2VmdLxrAxb2OYK6X735pjOZUtMzITxuqRcIDIBzcN3wAV0+qxi Q1g47ygnoe+kZgrcTdEKs9pdw835v40L5Dwwx2jdhiRHGCwYvIemO8mGgKhC4KPW9Ptq CxoBdSB65Ju+g+YCzkMYTxZqWHTON6rTTs2ncZXXeT/yskkX8tQUTspb93ghwKo9CqWV k1V9W5X/xB+Dwtsc+5cpHNKp8+AodxiyBOApXfWboaKqi+AKfGYLDOtCgga17JI3E3ya qi7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-id:spamdiagnosticmetadata:spamdiagnosticoutput :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=A7Mdr0sK+fz+xGotzIIeKi/7DkkgYtW3SC+5a6/cPIQ=; b=ytqnKSEWaBpjDiBBkxNog3XotDbrLiVCGGBUdofYgik0ocwhkydUA2NBSweRDIaMLJ dOp0ZjQLN5CT7ZtAEDPXCt4y244/8JCLDVnB7XkfzgOGaHpAh3Z3okjMLU8ZsEgOj/qE uofdyUYHwHw0AEOfX4XCX6/iHtI8U3KdogoUXDlzjdq5T/9kmLJS/u9Fwi0gVqMOHzXY +YvTzOPnHh1lALMdj1QiMSvMQ5EkoCn64EbP45vfO8tTZjzX3QXlSrXNwRHeHNPvvHXG lBhRAEFqzZXyLjJL7615MBG8uTzjIuMH6YiZruD1uG8Mi/6fnUauPCArq93GsSgIfAwJ RufQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@vmware.com header.s=selector1 header.b=KLhXUETA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=vmware.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l24si34273417pgj.171.2019.01.10.01.33.35; Thu, 10 Jan 2019 01:33:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@vmware.com header.s=selector1 header.b=KLhXUETA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=vmware.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727923AbfAJJc3 (ORCPT + 99 others); Thu, 10 Jan 2019 04:32:29 -0500 Received: from mail-eopbgr770055.outbound.protection.outlook.com ([40.107.77.55]:18880 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727826AbfAJJc3 (ORCPT ); Thu, 10 Jan 2019 04:32:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A7Mdr0sK+fz+xGotzIIeKi/7DkkgYtW3SC+5a6/cPIQ=; b=KLhXUETANXV8IHgcha3s3/EpTOw2fktSdAoW7XBBdbr6YsSmqoR2uIty15qme+sGw3IDPxrgKOYPpADfvSotZqAsg99k8qV1kDdDJ5WwVF6D8tGKiSvcJIdifIhatdC3jiwnLLsmZT6CFnc0VfraYyQ+32GF+doJDhphTKK5zlc= Received: from BYAPR05MB4776.namprd05.prod.outlook.com (52.135.233.146) by BYAPR05MB3957.namprd05.prod.outlook.com (52.135.195.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.9; Thu, 10 Jan 2019 09:32:23 +0000 Received: from BYAPR05MB4776.namprd05.prod.outlook.com ([fe80::35a9:ab4b:cc18:b732]) by BYAPR05MB4776.namprd05.prod.outlook.com ([fe80::35a9:ab4b:cc18:b732%2]) with mapi id 15.20.1516.010; Thu, 10 Jan 2019 09:32:23 +0000 From: Nadav Amit To: Josh Poimboeuf CC: X86 ML , LKML , Ard Biesheuvel , Andy Lutomirski , Steven Rostedt , Peter Zijlstra , Ingo Molnar , Thomas Gleixner , Linus Torvalds , Masami Hiramatsu , Jason Baron , Jiri Kosina , David Laight , Borislav Petkov , Julia Cartwright , Jessica Yu , "H. Peter Anvin" , Rasmus Villemoes , Edward Cree , Daniel Bristot de Oliveira Subject: Re: [PATCH v3 5/6] x86/alternative: Use a single access in text_poke() where possible Thread-Topic: [PATCH v3 5/6] x86/alternative: Use a single access in text_poke() where possible Thread-Index: AQHUqG8Wf4/RNokb7ki08kHGReVe6KWoPeeA Date: Thu, 10 Jan 2019 09:32:23 +0000 Message-ID: <8138A1EE-359D-4CD2-8E96-5BF00313AB3B@vmware.com> References: <279b8003f7f0a6831d090ab822d37bc958f974de.1547073843.git.jpoimboe@redhat.com> In-Reply-To: <279b8003f7f0a6831d090ab822d37bc958f974de.1547073843.git.jpoimboe@redhat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=namit@vmware.com; x-originating-ip: [2601:647:4580:b719:9dd3:1f44:cc9c:6866] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BYAPR05MB3957;20:qaNDOXOjF3QzNVdKRFXjEG7PK4Vc1mLZMrP8HohrQ8knjMLe8yy1Z94kuhlFb1Ede4NOVLli6WhNwtGJyXo/Tdt+8t1sI6fQKXoPtsFsl1KmpH0yL/29Se4j5u3/rBWJuwC7REnysveQW98NPczzRsjrPFEW80XHhsHfzc9+EQI= x-ms-office365-filtering-correlation-id: 961acfe6-b8cd-4235-dbe7-08d676de86e3 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(7193020);SRVR:BYAPR05MB3957; x-ms-traffictypediagnostic: BYAPR05MB3957: x-microsoft-antispam-prvs: x-forefront-prvs: 0913EA1D60 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(366004)(136003)(346002)(396003)(39860400002)(376002)(199004)(189003)(7416002)(14444005)(53546011)(68736007)(6436002)(102836004)(6506007)(86362001)(7736002)(106356001)(105586002)(6512007)(6116002)(82746002)(5660300001)(6916009)(186003)(486006)(256004)(305945005)(478600001)(76176011)(14454004)(83716004)(99286004)(71190400001)(53936002)(229853002)(81156014)(36756003)(81166006)(8676002)(25786009)(4326008)(54906003)(33656002)(8936002)(46003)(97736004)(316002)(6486002)(476003)(6246003)(11346002)(2906002)(2616005)(71200400001)(446003);DIR:OUT;SFP:1101;SCL:1;SRVR:BYAPR05MB3957;H:BYAPR05MB4776.namprd05.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: vmware.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: MdKIdFFlsZpy2V43FYCeXR024hX11sGyuxw8vTYSFhPBBu/dqsdCn6WLrFLU7SkopWafXZU1rpsJnQPD8nkgcZrYxc0dzDkCX9XsEcXNitxU9Rem3MPU/GPfkC+0OvLH/WOefs2v12FxwitkNGTyg57G7aHya9gNtB61FpS3uXE5w0zrJEJ5AjLVJg06X7vwFId0rn5MXZKijOlAKeAzK1g7/sT1DhRPtd4F9fRSKse0CP6I4qmeOmjXFCr7jwi5FP6p+okPYNaqbzh/PMqfpk6nj9EA1jnN9sDcEE0giO46UOUDrP0n1cU4atStnoYp spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <5EBBFC6CD77BA049953E53732A87FF28@namprd05.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: vmware.com X-MS-Exchange-CrossTenant-Network-Message-Id: 961acfe6-b8cd-4235-dbe7-08d676de86e3 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jan 2019 09:32:23.4119 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB3957 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Jan 9, 2019, at 2:59 PM, Josh Poimboeuf wrote: >=20 > Static call inline patching will need to use single 32-bit writes. > Change text_poke() to do so where possible. >=20 > Signed-off-by: Josh Poimboeuf > --- > arch/x86/kernel/alternative.c | 31 ++++++++++++++++++++++++++++--- > 1 file changed, 28 insertions(+), 3 deletions(-) >=20 > diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.= c > index ebeac487a20c..607f48a90097 100644 > --- a/arch/x86/kernel/alternative.c > +++ b/arch/x86/kernel/alternative.c > @@ -692,7 +692,7 @@ void *__init_or_module text_poke_early(void *addr, co= nst void *opcode, > void *text_poke(void *addr, const void *opcode, size_t len) > { > unsigned long flags; > - char *vaddr; > + unsigned long vaddr; > struct page *pages[2]; > int i; >=20 > @@ -714,14 +714,39 @@ void *text_poke(void *addr, const void *opcode, siz= e_t len) > } > BUG_ON(!pages[0]); > local_irq_save(flags); > + > set_fixmap(FIX_TEXT_POKE0, page_to_phys(pages[0])); > if (pages[1]) > set_fixmap(FIX_TEXT_POKE1, page_to_phys(pages[1])); > - vaddr =3D (char *)fix_to_virt(FIX_TEXT_POKE0); > - memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len); > + > + vaddr =3D fix_to_virt(FIX_TEXT_POKE0) + ((unsigned long)addr & ~PAGE_MA= SK); > + > + /* > + * Use a single access where possible. Note that a single unaligned > + * multi-byte write will not necessarily be atomic on x86-32, or if the > + * address crosses a cache line boundary. > + */ > + switch (len) { > + case 1: > + WRITE_ONCE(*(u8 *)vaddr, *(u8 *)opcode); > + break; > + case 2: > + WRITE_ONCE(*(u16 *)vaddr, *(u16 *)opcode); > + break; > + case 4: > + WRITE_ONCE(*(u32 *)vaddr, *(u32 *)opcode); > + break; > + case 8: > + WRITE_ONCE(*(u64 *)vaddr, *(u64 *)opcode); > + break; > + default: > + memcpy((void *)vaddr, opcode, len); > + } > + Even if Intel and AMD CPUs are guaranteed to run instructions from L1 atomically, this may break instruction emulators, such as those that hypervisors use. They might not read instructions atomically if on SMP VMs when the VM's text_poke() races with the emulated instruction fetch. While I can't find a reason for hypervisors to emulate this instruction, smarter people might find ways to turn it into a security exploit.