Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp347327ybz; Fri, 17 Apr 2020 02:12:41 -0700 (PDT) X-Google-Smtp-Source: APiQypK0NVjU8Y5MJNuG8geXQRDZ39FkIXL+onV1DGGIwLVl/+hV/YA+Xh8ohZNC8+xyo8FH33Im X-Received: by 2002:a50:cc87:: with SMTP id q7mr1924432edi.96.1587114761796; Fri, 17 Apr 2020 02:12:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587114761; cv=none; d=google.com; s=arc-20160816; b=pCD7AfIBMxlb1ZfcFD3bWRc7lKSJGJ73MKou1Dx9uCM5Ul5Wc/02uuTIhXNaAC4yO4 5cZAW7NgOw/nzzfzNqAQN46U5d+JUDB34c2WPtumxV3gHKZDw9K3xe4gs85SKguaGhDz kQoj97ds6YVxWAppyc52Lznut121Zqfzcoz6Dd6XLposeWk+vJibow32zhOMM1xlZr0E qBknFU3mEgven775sd8/E6BXgiRQTpH4QeOudI2/EXzHvy03Hn/5vIz8R30M8+URNVYo buS1ABAb932adL2m3LTwLiao87/btefu1WRVP5jp9XBlKDoej1FJDLuY6U3jI38cDjrk awhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=BDtCmL4J9SPpq0QdPU956sCpr4lMxEWi1i1bHGli8dY=; b=bjGcq4H3E8DhtyBAg/RFdSnY5fqQA05UCNPG+fzMYtqBNHSMY/QP3HRlmNqcwCgO+n 9AmUuvG+wJ7OzyfGEoNFUGQ+1EERoSXzrEfPVJfsm2sVvKI+0AEjrKQM3xNE4Gkff7RR P8Dn3sKGdJ2lN0Uyhxl7SX+kVmvs2vussp5eqN335ztjzTP1Yvgrr0BnfSqIzvLlGn+Q y6/GCBMi2PT2fdpD1YeA6iSq2mn7j2qXzsNtQQ3is1TxUHXuIXpUcAb5cyPeArdk2L8a 2B4u44o8ttROh2Jftp4LILLe8B0OdZvV5uRL7nAPnBhXGIoydhbAmdDw0Vl4zFwHo0/u vtag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a25si13542165ejr.32.2020.04.17.02.12.18; Fri, 17 Apr 2020 02:12:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730159AbgDQJIq (ORCPT + 99 others); Fri, 17 Apr 2020 05:08:46 -0400 Received: from mx2.suse.de ([195.135.220.15]:46664 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729920AbgDQJIp (ORCPT ); Fri, 17 Apr 2020 05:08:45 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 69E84ABE2; Fri, 17 Apr 2020 09:08:43 +0000 (UTC) Date: Fri, 17 Apr 2020 11:08:42 +0200 (CEST) From: Miroslav Benes To: Josh Poimboeuf cc: Peter Zijlstra , live-patching@vger.kernel.org, linux-kernel@vger.kernel.org, Jessica Yu Subject: Re: [PATCH 0/7] livepatch,module: Remove .klp.arch and module_disable_ro() In-Reply-To: <20200416122051.p3dk5i7h6ty4cwuc@treble> Message-ID: References: <20200414182726.GF2483@worktop.programming.kicks-ass.net> <20200414190814.glra2gceqgy34iyx@treble> <20200416122051.p3dk5i7h6ty4cwuc@treble> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 16 Apr 2020, Josh Poimboeuf wrote: > On Thu, Apr 16, 2020 at 11:45:05AM +0200, Miroslav Benes wrote: > > On Tue, 14 Apr 2020, Josh Poimboeuf wrote: > > > > > On Tue, Apr 14, 2020 at 08:27:26PM +0200, Peter Zijlstra wrote: > > > > On Tue, Apr 14, 2020 at 11:28:36AM -0500, Josh Poimboeuf wrote: > > > > > Better late than never, these patches add simplifications and > > > > > improvements for some issues Peter found six months ago, as part of his > > > > > non-writable text code (W^X) cleanups. > > > > > > > > Excellent stuff, thanks!! > > > > > > > > I'll go brush up these two patches then: > > > > > > > > https://lkml.kernel.org/r/20191018074634.801435443@infradead.org > > > > https://lkml.kernel.org/r/20191018074634.858645375@infradead.org > > > > > > Ah right, I meant to bring that up. I actually played around with those > > > patches. While it would be nice to figure out a way to converge the > > > ftrace module init, I didn't really like the first patch. > > > > > > It bothers me that both the notifiers and the module init() both see the > > > same MODULE_STATE_COMING state, but only in the former case is the text > > > writable. > > > > > > I think it's cognitively simpler if MODULE_STATE_COMING always means the > > > same thing, like the comments imply, "fully formed" and thus > > > not-writable: > > > > > > enum module_state { > > > MODULE_STATE_LIVE, /* Normal state. */ > > > MODULE_STATE_COMING, /* Full formed, running module_init. */ > > > MODULE_STATE_GOING, /* Going away. */ > > > MODULE_STATE_UNFORMED, /* Still setting it up. */ > > > }; > > > > > > And, it keeps tighter constraints on what a notifier can do, which is a > > > good thing if we can get away with it. > > > > Agreed. > > > > On the other hand, the first patch would remove the tiny race window when > > a module state is still UNFORMED, but the protections are (being) set up. > > Patches 4/7 and 5/7 allow to use memcpy in that case, because it is early. > > But it is in fact not already. I haven't checked yet if it really matters > > somewhere (a race with livepatch running klp_module_coming while another > > module is being loaded or anything like that). > > Maybe I'm missing your point, but I don't see any races here. > > apply_relocate_add() only writes to the patch module's text, so there > can't be races with other modules. I meant... a patch module is being loaded and at the same time a to-be-patched module too. So apply_relocate_add() called from klp_module_coming() would see UNFORMED in the patch module state and the permissions would be set up already. So memcpy would not work. But we protect against that (and many other things) by taking klp_mutex, of course. I managed to confuse myself again, sorry about that. Miroslav