Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp874588ybg; Tue, 28 Jul 2020 23:16:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzemfV8nFicCIkP2P/1bVbnD2zY7ewc/BQ/LXEmB+rHXJmr5EAzWfRfV6zpvnSPu5mXHGXG X-Received: by 2002:a17:906:c459:: with SMTP id ck25mr30233292ejb.177.1596003394454; Tue, 28 Jul 2020 23:16:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596003394; cv=none; d=google.com; s=arc-20160816; b=w05ttkbxXwokDtrW0HV2fVCXfP83Nj1c14WvpGn0TjSypFlQE1rESxg48ufC8k6jyL u78ss/n64AZCXw/3xsTk0GggFrZ5iKZMP3m1IUW7fBrhccXGvr/2mEsUXL1JpTjU0i27 talqRmMk/ps7B6iqR6jCsQ8MxpaAk1GYU1ZCKHCov+16mWn4WO6/SHDU66R6ZUVpug0f /If84gjKjx/lHfdATutdJ4woRiNbFyPNzSBMBxUkk99wQDR94GQgG2YTg6Fj6MRCbnBt /ULn/YEPsVCy+l46uyijO6VTceumJg75yphImJqQ1hDHEoRTTQXIvPqGTXvPFcQXphOk aLUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=cy4BkNVPQUywomLUm3w/vAKd618ofgFmssRheG9+1eg=; b=L62KTl79maV9FxtoGcdVYb+633dnoQnxKWyV5zVXqbB0tYKfd4HwPQT/qNhIPh50f5 Vg2yi0MwypH7jybRcsaNFsKJsNGl16B7/buYd7/4Exg8U6NwOhyX4ZJXyarOyl+u8KiS PdthFi4PFC5LGlrXh4Rx9ksgbM+pu+f1981fX3Xl0hCxfd9G5y+ArJ1/sxwt34FIBj5A r4LoUDe7wIL0bFlTAKMCKs88tVKYuUIR/8kafQTKRL9Gr09DqSq0B3o0xu8+U7rJGnHJ mmNDHSZAzj5j0y2oe8SDbJ1/Ik2PsOOKFnfFawpxLMBu4O+uT3WQ9Ew6EdERlC3lxiYy qLww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=V5ZJBNCg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id se26si541336ejb.167.2020.07.28.23.16.09; Tue, 28 Jul 2020 23:16:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=V5ZJBNCg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726709AbgG2GNf (ORCPT + 99 others); Wed, 29 Jul 2020 02:13:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:34626 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726286AbgG2GNe (ORCPT ); Wed, 29 Jul 2020 02:13:34 -0400 Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com [209.85.210.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9EC2C2070B for ; Wed, 29 Jul 2020 06:13:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596003213; bh=u7d5xK7YvZOBGWh1UlpubqMP0fRaHhDT8+EFryfPydc=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=V5ZJBNCgjljMU5XeW52AONwfUK28LmE1GLwePhYZwRh/TV4yB7tKR5/xOnSIW36Qk 7gksdnHlZwrQXWefT4b3DZBQFa6BVKeatDFVcQBXPpMdLYvumyucwXpJVNyRZ6raDR o4qdUAY/cSOrN18Y/Z1uYFHF/Z2Uxp0HMJyE5KSQ= Received: by mail-ot1-f49.google.com with SMTP id o72so11134804ota.11 for ; Tue, 28 Jul 2020 23:13:33 -0700 (PDT) X-Gm-Message-State: AOAM531ekFTLRfE04euQnB/I9azUBIa7ltmTRcP0QOH1Coc5o18ica2g wr6xxn5FdIXethmR4GdqWt91wZyBcgPQSI/0amQ= X-Received: by 2002:a9d:3b23:: with SMTP id z32mr9899829otb.77.1596003212957; Tue, 28 Jul 2020 23:13:32 -0700 (PDT) MIME-Version: 1.0 References: <20200724050553.1724168-1-jarkko.sakkinen@linux.intel.com> <20200724050553.1724168-6-jarkko.sakkinen@linux.intel.com> <20200724092746.GD517988@gmail.com> <20200725031648.GG17052@linux.intel.com> <20200726081408.GB2927915@kernel.org> <20200728171715.0800093e2226e3d72b04a3ae@kernel.org> <20200728223545.ce4ff78cac73b571a27bb357@kernel.org> <20200729105054.06f74749eb933c08342e6dd6@kernel.org> In-Reply-To: <20200729105054.06f74749eb933c08342e6dd6@kernel.org> From: Ard Biesheuvel Date: Wed, 29 Jul 2020 09:13:21 +0300 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v5 5/6] kprobes: Use text_alloc() and text_free() To: Masami Hiramatsu Cc: Mike Rapoport , Jarkko Sakkinen , Ingo Molnar , Linux Kernel Mailing List , linux-mm@kvack.org, Andi Kleen , Peter Zijlstra , "Naveen N. Rao" , Anil S Keshavamurthy , "David S. Miller" , Jessica Yu Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 29 Jul 2020 at 04:51, Masami Hiramatsu wrote: > > On Tue, 28 Jul 2020 20:51:08 +0300 > Ard Biesheuvel wrote: > > > On Tue, 28 Jul 2020 at 16:35, Masami Hiramatsu wrote: > > > > > > On Tue, 28 Jul 2020 13:56:43 +0300 > > > Ard Biesheuvel wrote: > > > > > > > On Tue, 28 Jul 2020 at 11:17, Masami Hiramatsu wrote: > > > > > > Masami or Peter should correct me if I am wrong, but it seems to me > > > > > > that the way kprobes uses these pages does not require them to be in > > > > > > relative branching range of the core kernel on any architecture, given > > > > > > that they are populated with individual instruction opcodes that are > > > > > > executed in single step mode, and relative branches are emulated (when > > > > > > needed) > > > > > > > > > > Actually, x86 and arm has the "relative branching range" requirements > > > > > for the jump optimized kprobes. For the other architectures, I think > > > > > we don't need it. Only executable text buffer is needed. > > > > > > > > > > > > > Thanks for the explanation. Today, arm64 uses the definition below. > > > > > > > > void *alloc_insn_page(void) > > > > { > > > > return __vmalloc_node_range(PAGE_SIZE, 1, VMALLOC_START, VMALLOC_END, > > > > GFP_KERNEL, PAGE_KERNEL_ROX, VM_FLUSH_RESET_PERMS, > > > > NUMA_NO_NODE, __builtin_return_address(0)); > > > > } > > > > > > > > Do you think we could use that as the generic implementation if we use > > > > MODULES_START/_END as the allocation window? > > > > > > Yes, but for the generic implementation, we don't need to consider the > > > relative branching range since we can override it for x86 and arm. > > > (and that will be almost same as module_alloc() default code) > > > > Indeed. So having kprobes specific macros that default to > > VMALLOC_START/END but can be overridden would be sufficient. > > > > > BTW, is PAGE_KERNEL_ROX flag available generically? > > > > > > > Turns out that it is not :-( > > Hmm, in that case, we need to use PAGE_KERNEL_EXEC. > > In the result, may it be similar to this? :) > > void * __weak module_alloc(unsigned long size) > { > return __vmalloc_node_range(size, 1, VMALLOC_START, VMALLOC_END, > GFP_KERNEL, PAGE_KERNEL_EXEC, VM_FLUSH_RESET_PERMS, > NUMA_NO_NODE, __builtin_return_address(0)); > } > > The major difference between module_alloc() and kprobe's alloc_page_insn() > is the alloc_page_insn() makes the page ROX after allocating the pages *ONLY* > on x86 and arm64. > Right. > $ git grep -w alloc_insn_page -- arch > arch/arm64/kernel/probes/kprobes.c:void *alloc_insn_page(void) > arch/x86/kernel/kprobes/core.c:void *alloc_insn_page(void) > > However since the module_alloc() owns its arch-dependent implementations > most of major architectures, if we implement independent text_alloc_kprobe(), > we need to make deadcopies of module_alloc() for each architecture. > No, that is what we are trying to avoid. > $ git grep 'module_alloc(unsigned' arch/ > arch/arm/kernel/module.c:void *module_alloc(unsigned long size) > arch/arm64/kernel/module.c:void *module_alloc(unsigned long size) > arch/mips/kernel/module.c:void *module_alloc(unsigned long size) > arch/nds32/kernel/module.c:void *module_alloc(unsigned long size) > arch/nios2/kernel/module.c:void *module_alloc(unsigned long size) > arch/parisc/kernel/module.c:void *module_alloc(unsigned long size) > arch/riscv/kernel/module.c:void *module_alloc(unsigned long size) > arch/s390/kernel/module.c:void *module_alloc(unsigned long size) > arch/sparc/kernel/module.c:void *module_alloc(unsigned long size) > arch/unicore32/kernel/module.c:void *module_alloc(unsigned long size) > arch/x86/kernel/module.c:void *module_alloc(unsigned long size) > > It seems that some constrains for module_alloc() exists for above > architectures. > > Anyway, for kprobe's text_alloc() requirements are > - It must be executable for the arch which uses a single-step out-of-line. > (and need to be registered to KASAN?) No, kasan shadow is not needed here. > - It must be ROX if implemented (currently only for x86 and arm64) x86 does not actually define thr macro, but the result is the same. > - It must be in the range of relative branching only for x86 and arm. > So in summary, the generic module_alloc() above can be reused for kprobes on all arches except x86 and arm64, right? Then we can remove the call to it, and drop the modules dependency.