[v3,06/13] mm/execmem: introduce execmem_data_alloc()
Commit Message
From: "Mike Rapoport (IBM)" <rppt@kernel.org>
Data related to code allocations, such as module data section, need to
comply with architecture constraints for its placement and its
allocation right now was done using execmem_text_alloc().
Create a dedicated API for allocating data related to code allocations
and allow architectures to define address ranges for data allocations.
Since currently this is only relevant for powerpc variants that use the
VMALLOC address space for module data allocations, automatically reuse
address ranges defined for text unless address range for data is
explicitly defined by an architecture.
With separation of code and data allocations, data sections of the
modules are now mapped as PAGE_KERNEL rather than PAGE_KERNEL_EXEC which
was a default on many architectures.
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
---
arch/powerpc/kernel/module.c | 12 ++++++++++++
include/linux/execmem.h | 19 +++++++++++++++++++
kernel/module/main.c | 15 +++------------
mm/execmem.c | 17 ++++++++++++++++-
4 files changed, 50 insertions(+), 13 deletions(-)
Comments
On Mon, Sep 18, 2023 at 12:31 AM Mike Rapoport <rppt@kernel.org> wrote:
>
[...]
> diff --git a/include/linux/execmem.h b/include/linux/execmem.h
> index 519bdfdca595..09d45ac786e9 100644
> --- a/include/linux/execmem.h
> +++ b/include/linux/execmem.h
> @@ -29,6 +29,7 @@
> * @EXECMEM_KPROBES: parameters for kprobes
> * @EXECMEM_FTRACE: parameters for ftrace
> * @EXECMEM_BPF: parameters for BPF
> + * @EXECMEM_MODULE_DATA: parameters for module data sections
> * @EXECMEM_TYPE_MAX:
> */
> enum execmem_type {
> @@ -37,6 +38,7 @@ enum execmem_type {
> EXECMEM_KPROBES,
> EXECMEM_FTRACE,
In longer term, I think we can improve the JITed code and merge
kprobe/ftrace/bpf. to use the same ranges. Also, do we need special
setting for FTRACE? If not, let's just remove it.
> EXECMEM_BPF,
> + EXECMEM_MODULE_DATA,
> EXECMEM_TYPE_MAX,
> };
Overall, it is great that kprobe/ftrace/bpf no longer depend on modules.
OTOH, I think we should merge execmem_type and existing mod_mem_type.
Otherwise, we still need to handle page permissions in multiple places.
What is our plan for that?
Thanks,
Song
>
> @@ -107,6 +109,23 @@ struct execmem_params *execmem_arch_params(void);
> */
> void *execmem_text_alloc(enum execmem_type type, size_t size);
>
> +/**
> + * execmem_data_alloc - allocate memory for data coupled to code
> + * @type: type of the allocation
> + * @size: how many bytes of memory are required
> + *
> + * Allocates memory that will contain data coupled with executable code,
> + * like data sections in kernel modules.
> + *
> + * The memory will have protections defined by architecture.
> + *
> + * The allocated memory will reside in an area that does not impose
> + * restrictions on the addressing modes.
> + *
> + * Return: a pointer to the allocated memory or %NULL
> + */
> +void *execmem_data_alloc(enum execmem_type type, size_t size);
> +
> /**
> * execmem_free - free executable memory
> * @ptr: pointer to the memory that should be freed
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index c4146bfcd0a7..2ae83a6abf66 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -1188,25 +1188,16 @@ void __weak module_arch_freeing_init(struct module *mod)
> {
> }
>
> -static bool mod_mem_use_vmalloc(enum mod_mem_type type)
> -{
> - return IS_ENABLED(CONFIG_ARCH_WANTS_MODULES_DATA_IN_VMALLOC) &&
> - mod_mem_type_is_core_data(type);
> -}
> -
> static void *module_memory_alloc(unsigned int size, enum mod_mem_type type)
> {
> - if (mod_mem_use_vmalloc(type))
> - return vzalloc(size);
> + if (mod_mem_type_is_data(type))
> + return execmem_data_alloc(EXECMEM_MODULE_DATA, size);
> return execmem_text_alloc(EXECMEM_MODULE_TEXT, size);
> }
>
> static void module_memory_free(void *ptr, enum mod_mem_type type)
> {
> - if (mod_mem_use_vmalloc(type))
> - vfree(ptr);
> - else
> - execmem_free(ptr);
> + execmem_free(ptr);
> }
>
> static void free_mod_mem(struct module *mod)
> diff --git a/mm/execmem.c b/mm/execmem.c
> index abcbd07e05ac..aeff85261360 100644
> --- a/mm/execmem.c
> +++ b/mm/execmem.c
> @@ -53,11 +53,23 @@ static void *execmem_alloc(size_t size, struct execmem_range *range)
> return kasan_reset_tag(p);
> }
>
> +static inline bool execmem_range_is_data(enum execmem_type type)
> +{
> + return type == EXECMEM_MODULE_DATA;
> +}
> +
> void *execmem_text_alloc(enum execmem_type type, size_t size)
> {
> return execmem_alloc(size, &execmem_params.ranges[type]);
> }
>
> +void *execmem_data_alloc(enum execmem_type type, size_t size)
> +{
> + WARN_ON_ONCE(!execmem_range_is_data(type));
> +
> + return execmem_alloc(size, &execmem_params.ranges[type]);
> +}
> +
> void execmem_free(void *ptr)
> {
> /*
> @@ -93,7 +105,10 @@ static void execmem_init_missing(struct execmem_params *p)
> struct execmem_range *r = &p->ranges[i];
>
> if (!r->start) {
> - r->pgprot = default_range->pgprot;
> + if (execmem_range_is_data(i))
> + r->pgprot = PAGE_KERNEL;
> + else
> + r->pgprot = default_range->pgprot;
> r->alignment = default_range->alignment;
> r->start = default_range->start;
> r->end = default_range->end;
> --
> 2.39.2
>
Le 22/09/2023 à 00:52, Song Liu a écrit :
> On Mon, Sep 18, 2023 at 12:31 AM Mike Rapoport <rppt@kernel.org> wrote:
>>
> [...]
>> diff --git a/include/linux/execmem.h b/include/linux/execmem.h
>> index 519bdfdca595..09d45ac786e9 100644
>> --- a/include/linux/execmem.h
>> +++ b/include/linux/execmem.h
>> @@ -29,6 +29,7 @@
>> * @EXECMEM_KPROBES: parameters for kprobes
>> * @EXECMEM_FTRACE: parameters for ftrace
>> * @EXECMEM_BPF: parameters for BPF
>> + * @EXECMEM_MODULE_DATA: parameters for module data sections
>> * @EXECMEM_TYPE_MAX:
>> */
>> enum execmem_type {
>> @@ -37,6 +38,7 @@ enum execmem_type {
>> EXECMEM_KPROBES,
>> EXECMEM_FTRACE,
>
> In longer term, I think we can improve the JITed code and merge
> kprobe/ftrace/bpf. to use the same ranges. Also, do we need special
> setting for FTRACE? If not, let's just remove it.
How can we do that ? Some platforms like powerpc require executable
memory for BPF and non-exec mem for KPROBE so it can't be in the same
area/ranges.
>
>> EXECMEM_BPF,
>> + EXECMEM_MODULE_DATA,
>> EXECMEM_TYPE_MAX,
>> };
>
> Overall, it is great that kprobe/ftrace/bpf no longer depend on modules.
>
> OTOH, I think we should merge execmem_type and existing mod_mem_type.
> Otherwise, we still need to handle page permissions in multiple places.
> What is our plan for that?
>
Christophe
On Fri, Sep 22, 2023 at 12:17 AM Christophe Leroy
<christophe.leroy@csgroup.eu> wrote:
>
>
>
> Le 22/09/2023 à 00:52, Song Liu a écrit :
> > On Mon, Sep 18, 2023 at 12:31 AM Mike Rapoport <rppt@kernel.org> wrote:
> >>
> > [...]
> >> diff --git a/include/linux/execmem.h b/include/linux/execmem.h
> >> index 519bdfdca595..09d45ac786e9 100644
> >> --- a/include/linux/execmem.h
> >> +++ b/include/linux/execmem.h
> >> @@ -29,6 +29,7 @@
> >> * @EXECMEM_KPROBES: parameters for kprobes
> >> * @EXECMEM_FTRACE: parameters for ftrace
> >> * @EXECMEM_BPF: parameters for BPF
> >> + * @EXECMEM_MODULE_DATA: parameters for module data sections
> >> * @EXECMEM_TYPE_MAX:
> >> */
> >> enum execmem_type {
> >> @@ -37,6 +38,7 @@ enum execmem_type {
> >> EXECMEM_KPROBES,
> >> EXECMEM_FTRACE,
> >
> > In longer term, I think we can improve the JITed code and merge
> > kprobe/ftrace/bpf. to use the same ranges. Also, do we need special
> > setting for FTRACE? If not, let's just remove it.
>
> How can we do that ? Some platforms like powerpc require executable
> memory for BPF and non-exec mem for KPROBE so it can't be in the same
> area/ranges.
Hmm... non-exec mem for kprobes?
if (strict_module_rwx_enabled())
execmem_params.ranges[EXECMEM_KPROBES].pgprot = PAGE_KERNEL_ROX;
else
execmem_params.ranges[EXECMEM_KPROBES].pgprot = PAGE_KERNEL_EXEC;
Do you mean the latter case?
Thanks,
Song
Le 22/09/2023 à 10:55, Song Liu a écrit :
> On Fri, Sep 22, 2023 at 12:17 AM Christophe Leroy
> <christophe.leroy@csgroup.eu> wrote:
>>
>>
>>
>> Le 22/09/2023 à 00:52, Song Liu a écrit :
>>> On Mon, Sep 18, 2023 at 12:31 AM Mike Rapoport <rppt@kernel.org> wrote:
>>>>
>>> [...]
>>>> diff --git a/include/linux/execmem.h b/include/linux/execmem.h
>>>> index 519bdfdca595..09d45ac786e9 100644
>>>> --- a/include/linux/execmem.h
>>>> +++ b/include/linux/execmem.h
>>>> @@ -29,6 +29,7 @@
>>>> * @EXECMEM_KPROBES: parameters for kprobes
>>>> * @EXECMEM_FTRACE: parameters for ftrace
>>>> * @EXECMEM_BPF: parameters for BPF
>>>> + * @EXECMEM_MODULE_DATA: parameters for module data sections
>>>> * @EXECMEM_TYPE_MAX:
>>>> */
>>>> enum execmem_type {
>>>> @@ -37,6 +38,7 @@ enum execmem_type {
>>>> EXECMEM_KPROBES,
>>>> EXECMEM_FTRACE,
>>>
>>> In longer term, I think we can improve the JITed code and merge
>>> kprobe/ftrace/bpf. to use the same ranges. Also, do we need special
>>> setting for FTRACE? If not, let's just remove it.
>>
>> How can we do that ? Some platforms like powerpc require executable
>> memory for BPF and non-exec mem for KPROBE so it can't be in the same
>> area/ranges.
>
> Hmm... non-exec mem for kprobes?
>
> if (strict_module_rwx_enabled())
> execmem_params.ranges[EXECMEM_KPROBES].pgprot = PAGE_KERNEL_ROX;
> else
> execmem_params.ranges[EXECMEM_KPROBES].pgprot = PAGE_KERNEL_EXEC;
>
> Do you mean the latter case?
>
In fact I may have misunderstood patch 9. I'll provide a response there.
Christophe
On Thu, Sep 21, 2023 at 03:52:21PM -0700, Song Liu wrote:
> On Mon, Sep 18, 2023 at 12:31 AM Mike Rapoport <rppt@kernel.org> wrote:
> >
> [...]
> > diff --git a/include/linux/execmem.h b/include/linux/execmem.h
> > index 519bdfdca595..09d45ac786e9 100644
> > --- a/include/linux/execmem.h
> > +++ b/include/linux/execmem.h
> > @@ -29,6 +29,7 @@
> > * @EXECMEM_KPROBES: parameters for kprobes
> > * @EXECMEM_FTRACE: parameters for ftrace
> > * @EXECMEM_BPF: parameters for BPF
> > + * @EXECMEM_MODULE_DATA: parameters for module data sections
> > * @EXECMEM_TYPE_MAX:
> > */
> > enum execmem_type {
> > @@ -37,6 +38,7 @@ enum execmem_type {
> > EXECMEM_KPROBES,
> > EXECMEM_FTRACE,
>
> In longer term, I think we can improve the JITed code and merge
> kprobe/ftrace/bpf. to use the same ranges. Also, do we need special
> setting for FTRACE? If not, let's just remove it.
I don't think we need to limit how the JITed code is generated because we
want to support fewer address space ranges for it.
As for FTRACE, now it's only needed on x86 and s390 and there it happens
to use the same ranges as MODULES and the rest, but it still gives some
notion of potential semantic differences and the overhead of keeping it is
really negligible.
> > EXECMEM_BPF,
> > + EXECMEM_MODULE_DATA,
> > EXECMEM_TYPE_MAX,
> > };
>
> Overall, it is great that kprobe/ftrace/bpf no longer depend on modules.
>
> OTOH, I think we should merge execmem_type and existing mod_mem_type.
> Otherwise, we still need to handle page permissions in multiple places.
> What is our plan for that?
Maybe, but I think this is too early. There are several things missing
before we could remove set_memory usage from modules. E.g. to use ROX
allocations on x86 we at least should update alternatives handling and
reach a consensus about synchronization Andy mentioned in his comments to
v2.
> Thanks,
> Song
>
>
> >
> > @@ -107,6 +109,23 @@ struct execmem_params *execmem_arch_params(void);
> > */
> > void *execmem_text_alloc(enum execmem_type type, size_t size);
> >
> > +/**
> > + * execmem_data_alloc - allocate memory for data coupled to code
> > + * @type: type of the allocation
> > + * @size: how many bytes of memory are required
> > + *
> > + * Allocates memory that will contain data coupled with executable code,
> > + * like data sections in kernel modules.
> > + *
> > + * The memory will have protections defined by architecture.
> > + *
> > + * The allocated memory will reside in an area that does not impose
> > + * restrictions on the addressing modes.
> > + *
> > + * Return: a pointer to the allocated memory or %NULL
> > + */
> > +void *execmem_data_alloc(enum execmem_type type, size_t size);
> > +
> > /**
> > * execmem_free - free executable memory
> > * @ptr: pointer to the memory that should be freed
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index c4146bfcd0a7..2ae83a6abf66 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -1188,25 +1188,16 @@ void __weak module_arch_freeing_init(struct module *mod)
> > {
> > }
> >
> > -static bool mod_mem_use_vmalloc(enum mod_mem_type type)
> > -{
> > - return IS_ENABLED(CONFIG_ARCH_WANTS_MODULES_DATA_IN_VMALLOC) &&
> > - mod_mem_type_is_core_data(type);
> > -}
> > -
> > static void *module_memory_alloc(unsigned int size, enum mod_mem_type type)
> > {
> > - if (mod_mem_use_vmalloc(type))
> > - return vzalloc(size);
> > + if (mod_mem_type_is_data(type))
> > + return execmem_data_alloc(EXECMEM_MODULE_DATA, size);
> > return execmem_text_alloc(EXECMEM_MODULE_TEXT, size);
> > }
> >
> > static void module_memory_free(void *ptr, enum mod_mem_type type)
> > {
> > - if (mod_mem_use_vmalloc(type))
> > - vfree(ptr);
> > - else
> > - execmem_free(ptr);
> > + execmem_free(ptr);
> > }
> >
> > static void free_mod_mem(struct module *mod)
> > diff --git a/mm/execmem.c b/mm/execmem.c
> > index abcbd07e05ac..aeff85261360 100644
> > --- a/mm/execmem.c
> > +++ b/mm/execmem.c
> > @@ -53,11 +53,23 @@ static void *execmem_alloc(size_t size, struct execmem_range *range)
> > return kasan_reset_tag(p);
> > }
> >
> > +static inline bool execmem_range_is_data(enum execmem_type type)
> > +{
> > + return type == EXECMEM_MODULE_DATA;
> > +}
> > +
> > void *execmem_text_alloc(enum execmem_type type, size_t size)
> > {
> > return execmem_alloc(size, &execmem_params.ranges[type]);
> > }
> >
> > +void *execmem_data_alloc(enum execmem_type type, size_t size)
> > +{
> > + WARN_ON_ONCE(!execmem_range_is_data(type));
> > +
> > + return execmem_alloc(size, &execmem_params.ranges[type]);
> > +}
> > +
> > void execmem_free(void *ptr)
> > {
> > /*
> > @@ -93,7 +105,10 @@ static void execmem_init_missing(struct execmem_params *p)
> > struct execmem_range *r = &p->ranges[i];
> >
> > if (!r->start) {
> > - r->pgprot = default_range->pgprot;
> > + if (execmem_range_is_data(i))
> > + r->pgprot = PAGE_KERNEL;
> > + else
> > + r->pgprot = default_range->pgprot;
> > r->alignment = default_range->alignment;
> > r->start = default_range->start;
> > r->end = default_range->end;
> > --
> > 2.39.2
> >
@@ -95,6 +95,9 @@ static struct execmem_params execmem_params __ro_after_init = {
[EXECMEM_DEFAULT] = {
.alignment = 1,
},
+ [EXECMEM_MODULE_DATA] = {
+ .alignment = 1,
+ },
},
};
@@ -103,7 +106,12 @@ struct execmem_params __init *execmem_arch_params(void)
pgprot_t prot = strict_module_rwx_enabled() ? PAGE_KERNEL : PAGE_KERNEL_EXEC;
struct execmem_range *range = &execmem_params.ranges[EXECMEM_DEFAULT];
+ /*
+ * BOOK3S_32 and 8xx define MODULES_VADDR for text allocations and
+ * allow allocating data in the entire vmalloc space
+ */
#ifdef MODULES_VADDR
+ struct execmem_range *data = &execmem_params.ranges[EXECMEM_MODULE_DATA];
unsigned long limit = (unsigned long)_etext - SZ_32M;
/* First try within 32M limit from _etext to avoid branch trampolines */
@@ -116,6 +124,10 @@ struct execmem_params __init *execmem_arch_params(void)
range->start = MODULES_VADDR;
range->end = MODULES_END;
}
+ data->start = VMALLOC_START;
+ data->end = VMALLOC_END;
+ data->pgprot = PAGE_KERNEL;
+ data->alignment = 1;
#else
range->start = VMALLOC_START;
range->end = VMALLOC_END;
@@ -29,6 +29,7 @@
* @EXECMEM_KPROBES: parameters for kprobes
* @EXECMEM_FTRACE: parameters for ftrace
* @EXECMEM_BPF: parameters for BPF
+ * @EXECMEM_MODULE_DATA: parameters for module data sections
* @EXECMEM_TYPE_MAX:
*/
enum execmem_type {
@@ -37,6 +38,7 @@ enum execmem_type {
EXECMEM_KPROBES,
EXECMEM_FTRACE,
EXECMEM_BPF,
+ EXECMEM_MODULE_DATA,
EXECMEM_TYPE_MAX,
};
@@ -107,6 +109,23 @@ struct execmem_params *execmem_arch_params(void);
*/
void *execmem_text_alloc(enum execmem_type type, size_t size);
+/**
+ * execmem_data_alloc - allocate memory for data coupled to code
+ * @type: type of the allocation
+ * @size: how many bytes of memory are required
+ *
+ * Allocates memory that will contain data coupled with executable code,
+ * like data sections in kernel modules.
+ *
+ * The memory will have protections defined by architecture.
+ *
+ * The allocated memory will reside in an area that does not impose
+ * restrictions on the addressing modes.
+ *
+ * Return: a pointer to the allocated memory or %NULL
+ */
+void *execmem_data_alloc(enum execmem_type type, size_t size);
+
/**
* execmem_free - free executable memory
* @ptr: pointer to the memory that should be freed
@@ -1188,25 +1188,16 @@ void __weak module_arch_freeing_init(struct module *mod)
{
}
-static bool mod_mem_use_vmalloc(enum mod_mem_type type)
-{
- return IS_ENABLED(CONFIG_ARCH_WANTS_MODULES_DATA_IN_VMALLOC) &&
- mod_mem_type_is_core_data(type);
-}
-
static void *module_memory_alloc(unsigned int size, enum mod_mem_type type)
{
- if (mod_mem_use_vmalloc(type))
- return vzalloc(size);
+ if (mod_mem_type_is_data(type))
+ return execmem_data_alloc(EXECMEM_MODULE_DATA, size);
return execmem_text_alloc(EXECMEM_MODULE_TEXT, size);
}
static void module_memory_free(void *ptr, enum mod_mem_type type)
{
- if (mod_mem_use_vmalloc(type))
- vfree(ptr);
- else
- execmem_free(ptr);
+ execmem_free(ptr);
}
static void free_mod_mem(struct module *mod)
@@ -53,11 +53,23 @@ static void *execmem_alloc(size_t size, struct execmem_range *range)
return kasan_reset_tag(p);
}
+static inline bool execmem_range_is_data(enum execmem_type type)
+{
+ return type == EXECMEM_MODULE_DATA;
+}
+
void *execmem_text_alloc(enum execmem_type type, size_t size)
{
return execmem_alloc(size, &execmem_params.ranges[type]);
}
+void *execmem_data_alloc(enum execmem_type type, size_t size)
+{
+ WARN_ON_ONCE(!execmem_range_is_data(type));
+
+ return execmem_alloc(size, &execmem_params.ranges[type]);
+}
+
void execmem_free(void *ptr)
{
/*
@@ -93,7 +105,10 @@ static void execmem_init_missing(struct execmem_params *p)
struct execmem_range *r = &p->ranges[i];
if (!r->start) {
- r->pgprot = default_range->pgprot;
+ if (execmem_range_is_data(i))
+ r->pgprot = PAGE_KERNEL;
+ else
+ r->pgprot = default_range->pgprot;
r->alignment = default_range->alignment;
r->start = default_range->start;
r->end = default_range->end;