| Message ID | 20230609183632.48706-4-alexander.shishkin@linux.intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1117996vqr;
Fri, 9 Jun 2023 11:59:12 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ7IBWcwrNQqIRyE4zKzYPPN3sieVKMjvhkN69zXkgJOn5OrtD4ET0M8N3+2jRlj4yKh1Nb7
X-Received: by 2002:a17:90a:f312:b0:250:9e7b:2798 with SMTP id
ca18-20020a17090af31200b002509e7b2798mr1973303pjb.18.1686337152477;
Fri, 09 Jun 2023 11:59:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686337152; cv=none;
d=google.com; s=arc-20160816;
b=l/KY/0ynUVaMe49MmmAXHW7abLqf6zCi29v5OfTXymDCKCVxDle6v1ogOMhgrS/Z97
NFcAfXrxPHUK5HAmnXvoGmyMsPf3BJnevJxZxnXGfklXN7LbzdZw9qQwHCUZCUoEDE1e
dE/D6WOrdMcRiJNOxjAn7sMKLzCAecJJFJ/sFvfqhu0Ajv2RZoZxXH1GPMy2zMS2/Kpt
QibSr1WpgJhDk4fvlMRiOv1fi8sEmXLVGxc1nAAy2ZG0pLn3TNSArWfTItzUQItFLmIl
ephBpACWS26ToZxE/Az3Pn8/HqtEV+dnlbW+engbUSdAGpxWZd5yt8WsHXHCsiUMripd
m4tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=qvDtSxjNwvRFXkP1MBDC+T/keKSdLBm9h50d9f7+84g=;
b=qITCWYCZvHcE8nNBYqqEp5vst7y0l5c29i3/wXK7x/uSXRfgBLLHVM99lwwtlpGCac
b5OAM8Vna67PfQawjdO8BzXtCZLV4fpfAEcYGhsAiYvV4lMNEcrfSd4JmsOFAildi5ej
mw52sOCuOs5+5sGjdfpC4YaQEwS4koNmP4cAG19j/v327GBlbf364ujG4V8MBQbTXVXT
0nqAwLGwZ3NqtjL7UOsPxHR1LD8n7dOawffvrvvBXlQ7uvUiiDsDkdfVNmX7XA0Q1nsZ
YKV4WosF542SG8I461tkNHX62YuEsv5TjpgT9zQbEy9vQMapXuwYj+wn0wjtLhH6jg/a
tPVQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=GdcwdBO2;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
16-20020a17090a1a1000b002565045f145si4759426pjk.122.2023.06.09.11.58.58;
Fri, 09 Jun 2023 11:59:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=GdcwdBO2;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231477AbjFIShK (ORCPT <rfc822;liningstudo@gmail.com>
+ 99 others); Fri, 9 Jun 2023 14:37:10 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49690 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231494AbjFIShD (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 9 Jun 2023 14:37:03 -0400
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C03893A81
for <linux-kernel@vger.kernel.org>;
Fri, 9 Jun 2023 11:37:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1686335821; x=1717871821;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=Proxdl6OP+ssiJM42L+/0ZzD/+N45NVfmnXriOx5xto=;
b=GdcwdBO2MszjDYqGJ7Lp3/i6ecGtP+G0GvT1FTBSzTtBqfDvuj6mRV6g
obelZYy8t2OndJ11yJQJtk4pPQZYvFXpsQBEOBIa7NBFrSPSGbGOzU20u
/BC44OuSJgyRNwE7P9rIOAxSaXYjzS5L0UK1hGIhVYzpgRSNJT4zY8u19
dSwb8mXi/QUZkUO7CpPHhRr3fy2mauD6/KFsdLUGLjOKV8VPlWZX+uaYw
wByqvFDFO8hMJLwRzpsi/uQOoRJRvwIjVe7oCBG9LzDs+SE05dVxI+SJo
TaxfLLWXGkQNBRK+yB4dBPO7LDmeyrQtB5sK4rIp/b1RRizNEU8yZXePl
A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="338022090"
X-IronPort-AV: E=Sophos;i="6.00,230,1681196400";
d="scan'208";a="338022090"
Received: from orsmga002.jf.intel.com ([10.7.209.21])
by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
09 Jun 2023 11:37:01 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10736"; a="710443967"
X-IronPort-AV: E=Sophos;i="6.00,230,1681196400";
d="scan'208";a="710443967"
Received: from black.fi.intel.com (HELO black.fi.intel.com.) ([10.237.72.28])
by orsmga002.jf.intel.com with ESMTP; 09 Jun 2023 11:36:58 -0700
From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ravi Shankar <ravi.v.shankar@intel.com>,
Tony Luck <tony.luck@intel.com>,
Sohil Mehta <sohil.mehta@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Subject: [PATCH v3 03/12] x86/alternatives: Disable LASS when patching kernel
alternatives
Date: Fri, 9 Jun 2023 21:36:23 +0300
Message-Id: <20230609183632.48706-4-alexander.shishkin@linux.intel.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230609183632.48706-1-alexander.shishkin@linux.intel.com>
References: <20230609183632.48706-1-alexander.shishkin@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1768252666004643196?=
X-GMAIL-MSGID: =?utf-8?q?1768252666004643196?=
|
| Series |
Enable Linear Address Space Separation support
|
|
Commit Message
Alexander Shishkin
June 9, 2023, 6:36 p.m. UTC
From: Sohil Mehta <sohil.mehta@intel.com> For patching, the kernel initializes a temporary mm area in the lower half of the address range. See commit 4fc19708b165 ("x86/alternatives: Initialize temporary mm for patching"). Disable LASS enforcement during patching using the stac()/clac() instructions to avoid triggering a #GP fault. The objtool warns due to a call to a non-allowed function that exists outside of the stac/clac guard, or references to any function with a dynamic function pointer inside the guard. See the Objtool warnings section #9 in the document tools/objtool/Documentation/objtool.txt. Considering that patching is usually small, replace the memcpy and memset functions in the text poking functions with their inline versions respectively. Signed-off-by: Sohil Mehta <sohil.mehta@intel.com> Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com> --- arch/x86/kernel/alternative.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)
Comments
On Fri, 2023-06-09 at 21:36 +0300, Alexander Shishkin wrote: > +/* > + * poking_init() initializes the text poking address from the lower > half of the > + * address space. Relax LASS enforcement when accessing the poking > address. > + */ > static void text_poke_memcpy(void *dst, const void *src, size_t len) > { > - memcpy(dst, src, len); > + stac(); > + __inline_memcpy(dst, src, len); > + clac(); > } > > static void text_poke_memset(void *dst, const void *src, size_t len) > { > int c = *(const int *)src; > > - memset(dst, c, len); > + stac(); > + __inline_memset(dst, c, len); > + clac(); > } Why not do stac/clac in a single place inside __text_poke()?
> Why not do stac/clac in a single place inside __text_poke()? It would mostly look something like this: > diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c > index 0fbf8a631306..02ef08e2575d 100644 > --- a/arch/x86/kernel/alternative.c > +++ b/arch/x86/kernel/alternative.c > @@ -1781,7 +1781,9 @@ static void *__text_poke(text_poke_f func, void *addr, const void *src, size_t l > prev = use_temporary_mm(poking_mm); > > kasan_disable_current(); > + stac(); > func((u8 *)poking_addr + offset_in_page(addr), src, len); > + clac(); > kasan_enable_current(); > > /* Since, __text_poke() uses a dynamic function to call into text_poke_memcpy() and text_poke_memset(), objtool would still complain. > arch/x86/kernel/alternative.o: warning: objtool: __text_poke+0x259: call to {dynamic}() with UACCESS enabled We could change __text_poke() to not use the dynamic func but it might be a bit heavy handed to save a couple of lines of stac/clac calls. The current trade-off seems reasonable to me. Did you have something different in mind? Sohil
On Tue, 2023-08-01 at 14:10 -0700, Sohil Mehta wrote: > > Why not do stac/clac in a single place inside __text_poke()? > > It would mostly look something like this: > > diff --git a/arch/x86/kernel/alternative.c > > b/arch/x86/kernel/alternative.c > > index 0fbf8a631306..02ef08e2575d 100644 > > --- a/arch/x86/kernel/alternative.c > > +++ b/arch/x86/kernel/alternative.c > > @@ -1781,7 +1781,9 @@ static void *__text_poke(text_poke_f func, > > void *addr, const void *src, size_t l > > prev = use_temporary_mm(poking_mm); > > > > kasan_disable_current(); > > + stac(); > > func((u8 *)poking_addr + offset_in_page(addr), src, len); > > + clac(); > > kasan_enable_current(); > > > > /* > > Since, __text_poke() uses a dynamic function to call into > text_poke_memcpy() and text_poke_memset(), objtool would still > complain. > > > arch/x86/kernel/alternative.o: warning: objtool: __text_poke+0x259: > > call to {dynamic}() with UACCESS enabled > > We could change __text_poke() to not use the dynamic func but it > might > be a bit heavy handed to save a couple of lines of stac/clac calls. > The > current trade-off seems reasonable to me. > > Did you have something different in mind? I wondered if it might be something like that. Yes, seems like an ok tradeoff.
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index f615e0cb6d93..eac6a5406d39 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -1526,16 +1526,24 @@ static inline void unuse_temporary_mm(temp_mm_state_t prev_state) __ro_after_init struct mm_struct *poking_mm; __ro_after_init unsigned long poking_addr; +/* + * poking_init() initializes the text poking address from the lower half of the + * address space. Relax LASS enforcement when accessing the poking address. + */ static void text_poke_memcpy(void *dst, const void *src, size_t len) { - memcpy(dst, src, len); + stac(); + __inline_memcpy(dst, src, len); + clac(); } static void text_poke_memset(void *dst, const void *src, size_t len) { int c = *(const int *)src; - memset(dst, c, len); + stac(); + __inline_memset(dst, c, len); + clac(); } typedef void text_poke_f(void *dst, const void *src, size_t len);