Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2335650ybt; Tue, 16 Jun 2020 03:26:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzCPU58vTI3Ct6WOdDPilEr5/De/U0jUn/umpDdpS/Q733dxU+X/uhbqTz2ac9APFVGwqQH X-Received: by 2002:a05:6402:b13:: with SMTP id bm19mr1964635edb.82.1592303203649; Tue, 16 Jun 2020 03:26:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592303203; cv=none; d=google.com; s=arc-20160816; b=gjf+GIJ41CfVFE1tbOuQW4dQKFzibM8+rWyZhctf1j9sB5MB9Xve4v83E0pyzhBTHZ 7T+bHpqgNudtNYWSPXwbip0s79kpYUkVND6m9Gd5MmYYn+mhxCjYdmoR9fIx7Ln2xVWx dmi/Hhgr2YCBvv5OCEVTwYc+o/8VbImvxDW9GiLZjUDsxePIfEaJD4RqdIInjgkhIXSz ip9C11+rhK6LhPS8wrvNyhKaOuLWTmMpRhYvthGqwJRUZ8eOBqddImjj7ztAiWBwNUn+ qdv6s3TGDFwd41WOYDSAjfv3HloaJeezU23WNjA55vEHI02GpfijZpALHVPjS9HjMIb6 iXog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=z6zT9ach0XUfYDiSxWUcB5GCzcFYa4PC796fY2MZt8o=; b=G2NM2o2IJOjEhp9Fs9wxvvG/VxxFzMhyN3CVIKQ14g62anGXeARr1dPJ1oF4BvqEUZ E/u+QD1Ecy/IVKT3CCx1i5xigGM/o393jGks9mZLeyunDixiSbxneFW1XqWjswCv3em1 H8ALVQIWSmb6SCsWyg9AIFBpqbE+2JiE3Zte62WJ4BvshOZv8O/7wLDsZKBoRwin3KJ0 940wYoLXXEffPNVVx9ytKRwtBBXpqI0KySMGXmHVLbkffpWxH60M19JWN+UEXmaK539C Y+yaTIU6gWfNamHeJ7+vtXV/F/gXL4ZlIXp3JKypsGY9IolDbkxiMXFwiaJKAQIDV8Ty jPxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i10si10800390eja.402.2020.06.16.03.26.21; Tue, 16 Jun 2020 03:26:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728131AbgFPKYQ (ORCPT + 99 others); Tue, 16 Jun 2020 06:24:16 -0400 Received: from verein.lst.de ([213.95.11.211]:37438 "EHLO verein.lst.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727966AbgFPKYP (ORCPT ); Tue, 16 Jun 2020 06:24:15 -0400 Received: by verein.lst.de (Postfix, from userid 2407) id 5465968AEF; Tue, 16 Jun 2020 12:24:12 +0200 (CEST) Date: Tue, 16 Jun 2020 12:24:12 +0200 From: Christoph Hellwig To: Peter Zijlstra Cc: Christoph Hellwig , Dexuan Cui , vkuznets , Stephen Hemminger , Andy Lutomirski , Andy Lutomirski , Michael Kelley , Ju-Hyoung Lee , "x86@kernel.org" , "linux-hyperv@vger.kernel.org" , "linux-kernel@vger.kernel.org" , KY Srinivasan , Tom Lendacky Subject: Re: hv_hypercall_pg page permissios Message-ID: <20200616102412.GB29684@lst.de> References: <20200407073830.GA29279@lst.de> <87y2ooiv5k.fsf@vitty.brq.redhat.com> <20200616072318.GA17600@lst.de> <20200616101807.GO2531@hirez.programming.kicks-ass.net> <20200616102350.GA29684@lst.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200616102350.GA29684@lst.de> User-Agent: Mutt/1.5.17 (2007-11-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 16, 2020 at 12:23:50PM +0200, Christoph Hellwig wrote: > On Tue, Jun 16, 2020 at 12:18:07PM +0200, Peter Zijlstra wrote: > > > It does. But it also means every other user of PAGE_KERNEL_EXEC > > > should trigger this, of which there are a few (kexec, tboot, hibernate, > > > early xen pv mapping, early SEV identity mapping) > > > > There are only 3 users in the entire tree afaict: > > > > arch/arm64/kernel/probes/kprobes.c: page = vmalloc_exec(PAGE_SIZE); > > arch/x86/hyperv/hv_init.c: hv_hypercall_pg = vmalloc_exec(PAGE_SIZE); > > kernel/module.c: return vmalloc_exec(size); > > > > And that last one is a weak function that any arch that has STRICT_RWX > > ought to override. > > > > > We really shouldn't create mappings like this by default. Either we > > > need to flip PAGE_KERNEL_EXEC itself based on the needs of the above > > > users, or add another define to overload vmalloc_exec as there is no > > > other user of that for x86. > > > > We really should get rid of the two !module users of this though; both > > x86 and arm64 have STRICT_RWX and sufficient primitives to DTRT. > > > > What is HV even trying to do with that page? AFAICT it never actually > > writes to it, it seens to give the physica address to an MSR (which I > > suspect then writes crud into the page for us from host context). > > > > Suggesting the page really only needs to be RX. > > > > On top of that, vmalloc_exec() gets us a page from the entire vmalloc > > range, which can be outside of the 2G executable range, which seems to > > suggest vmalloc_exec() is wrong too and all this works by accident. > > > > How about something like this: > > > > > > diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c > > index a54c6a401581..82a3a4a9481f 100644 > > --- a/arch/x86/hyperv/hv_init.c > > +++ b/arch/x86/hyperv/hv_init.c > > @@ -375,12 +375,15 @@ void __init hyperv_init(void) > > guest_id = generate_guest_id(0, LINUX_VERSION_CODE, 0); > > wrmsrl(HV_X64_MSR_GUEST_OS_ID, guest_id); > > > > - hv_hypercall_pg = vmalloc_exec(PAGE_SIZE); > > + hv_hypercall_pg = module_alloc(PAGE_SIZE); > > if (hv_hypercall_pg == NULL) { > > wrmsrl(HV_X64_MSR_GUEST_OS_ID, 0); > > goto remove_cpuhp_state; > > } > > > > + set_memory_ro((unsigned long)hv_hypercall_pg, 1); > > + set_memory_x((unsigned long)hv_hypercall_pg, 1); > > The changing of the permissions sucks. I thought about adding > a module_alloc_prot with an explicit pgprot_t argument. On x86 > alone at least ftrace would also benefit from that. The above is also missing a set_vm_flush_reset_perms.