Message ID | 20230705181256.3539027-9-vschneid@redhat.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2066665vqx; Wed, 5 Jul 2023 11:46:00 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6VYSLdC0nMkZtLidJlH+MqOH2lRdWnwEOi9RlyOC3lO0NK+PMHqztoy5T5+WgIHLOieSVh X-Received: by 2002:a05:6a20:1b24:b0:104:35ec:c25c with SMTP id ch36-20020a056a201b2400b0010435ecc25cmr12507108pzb.41.1688582760181; Wed, 05 Jul 2023 11:46:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688582760; cv=none; d=google.com; s=arc-20160816; b=p5OTDucrEj/k4epJieDDEf9VrVZEef4VvHzJIUhvLRr7Ne/3CYq23H4B4522UIaEMr dwyFEfWpyIdu+ah95wt/bDHHJ6YI0dQj9U0lvfo3h1cB2eeKF/rSteVNwBC4F6NImZus TPSs57r6XDFrJuRfYJ5Y+HLINUsxdX2KNi14a6Rj9qX+x/NrSR+6txkW3cqfaIvFGwO9 6zU8iOQygt2g3ouhqHFxWvEiQzW1UUF7iop46C40OU06lUyoBY78nZJo8YUseTddnSAz D+OJKMLdGyqZAhARHhBV4LfZFZyhGriICOJLmBR7yYaNffG32DNq8jn39meqzbrJ3Tp8 2jKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Rmsxmag8ZkUExVz48NdRE4bjGysGk4VVErYcJqwPIM4=; fh=dVCMRuKhK2aqTEuWethYlqkP4G2sINJQEE+rq5xoO1c=; b=SxZ9Rd5o31FfP6tf7MbYp9pWXsA4N4Gj8o6pMqFrL8j3gbA5tgvQZDJp0xRkfBChaU p/S9LYc++1+Xxu0mu+DKSWoUZWX3XRUkIC1HIpkpVW/iGLYEhs49+LuqBFIu2Td+fmz2 BMGq/ANpn1syL421gbeAOn4lUadMCv1U55iaAeiMRcuV5rrhO15WdWvZFAl7LK+1AjfF 7yUc6js7M/vJzWWSWygh8sa7e0/9Geti1Nws59UxlrfDbBOx5Poa35foqWkBXYV1nI1i /itr1x6/aePQWekyxOrEMUSHE7+QMVRA9o6KzHItehqKW49y4RrmnEIDO45HQTKQqN9F zhew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=jVug4lix; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w4-20020a170902e88400b001b89b7ce902si7137760plg.305.2023.07.05.11.45.43; Wed, 05 Jul 2023 11:46:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=jVug4lix; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233438AbjGESSE (ORCPT <rfc822;tebrre53rla2o@gmail.com> + 99 others); Wed, 5 Jul 2023 14:18:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44316 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231799AbjGESRr (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 5 Jul 2023 14:17:47 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3EAEB19B9 for <linux-kernel@vger.kernel.org>; Wed, 5 Jul 2023 11:16:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1688581010; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Rmsxmag8ZkUExVz48NdRE4bjGysGk4VVErYcJqwPIM4=; b=jVug4lixrd8sNTBzab87XhRmBUWCeutjFXjzcwdzf4m5Zw9+HX4i39LypG1+d2tmkks3cr 6diKooABmh6I+YRJpH/d8tRWQ/6HMD8lYeDrdsi2CkPTDFnQy8i3QWu8PJt4CAoK3Gvy/m f15sVMxI63qVqzBRCG0PGRjHoCIbOJY= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-534-K-_lME6ZNbOFxO4KCoVoVw-1; Wed, 05 Jul 2023 14:16:49 -0400 X-MC-Unique: K-_lME6ZNbOFxO4KCoVoVw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 980F53815EF4; Wed, 5 Jul 2023 18:16:46 +0000 (UTC) Received: from vschneid.remote.csb (unknown [10.42.28.164]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D5B65F5CFA; Wed, 5 Jul 2023 18:16:41 +0000 (UTC) From: Valentin Schneider <vschneid@redhat.com> To: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, bpf@vger.kernel.org, x86@kernel.org Cc: Steven Rostedt <rostedt@goodmis.org>, Masami Hiramatsu <mhiramat@kernel.org>, Jonathan Corbet <corbet@lwn.net>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com>, Paolo Bonzini <pbonzini@redhat.com>, Wanpeng Li <wanpengli@tencent.com>, Vitaly Kuznetsov <vkuznets@redhat.com>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Frederic Weisbecker <frederic@kernel.org>, "Paul E. McKenney" <paulmck@kernel.org>, Andrew Morton <akpm@linux-foundation.org>, Uladzislau Rezki <urezki@gmail.com>, Christoph Hellwig <hch@infradead.org>, Lorenzo Stoakes <lstoakes@gmail.com>, Josh Poimboeuf <jpoimboe@kernel.org>, Kees Cook <keescook@chromium.org>, Sami Tolvanen <samitolvanen@google.com>, Ard Biesheuvel <ardb@kernel.org>, Nicholas Piggin <npiggin@gmail.com>, Juerg Haefliger <juerg.haefliger@canonical.com>, Nicolas Saenz Julienne <nsaenz@kernel.org>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, Nadav Amit <namit@vmware.com>, Dan Carpenter <error27@gmail.com>, Chuang Wang <nashuiliang@gmail.com>, Yang Jihong <yangjihong1@huawei.com>, Petr Mladek <pmladek@suse.com>, "Jason A. Donenfeld" <Jason@zx2c4.com>, Song Liu <song@kernel.org>, Julian Pidancet <julian.pidancet@oracle.com>, Tom Lendacky <thomas.lendacky@amd.com>, Dionna Glaze <dionnaglaze@google.com>, =?utf-8?q?Thomas_Wei=C3=9Fschuh?= <linux@weissschuh.net>, Juri Lelli <juri.lelli@redhat.com>, Daniel Bristot de Oliveira <bristot@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>, Yair Podemsky <ypodemsk@redhat.com> Subject: [RFC PATCH 08/14] BROKEN: context_tracking: Make context_tracking_key __ro_after_init Date: Wed, 5 Jul 2023 19:12:50 +0100 Message-Id: <20230705181256.3539027-9-vschneid@redhat.com> In-Reply-To: <20230705181256.3539027-1-vschneid@redhat.com> References: <20230705181256.3539027-1-vschneid@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770607356334719411?= X-GMAIL-MSGID: =?utf-8?q?1770607356334719411?= |
Series |
context_tracking,x86: Defer some IPIs until a user->kernel transition
|
|
Commit Message
Valentin Schneider
July 5, 2023, 6:12 p.m. UTC
objtool now warns about it:
vmlinux.o: warning: objtool: enter_from_user_mode+0x4e: Non __ro_after_init static key "context_tracking_key" in .noinstr section
vmlinux.o: warning: objtool: enter_from_user_mode+0x50: Non __ro_after_init static key "context_tracking_key" in .noinstr section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode+0x60: Non __ro_after_init static key "context_tracking_key" in .noinstr section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode+0x62: Non __ro_after_init static key "context_tracking_key" in .noinstr section
[...]
The key can only be enabled (and not disabled) in the __init function
ct_cpu_tracker_user(), so mark it as __ro_after_init.
BROKEN: the struct static_key lives in a read-only mapping after
mark_rodata_ro(), which falls apart when the KVM module is loaded after
init and a write to the struct happens due to e.g. guest_state_exit_irqoff()
relying on the static key:
jump_label_add_module()
`\
static_key_set_mod()
static_key_set_linked()
Signed-off-by: Valentin Schneider <vschneid@redhat.com>
---
kernel/context_tracking.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Wed, Jul 05, 2023 at 07:12:50PM +0100, Valentin Schneider wrote: > BROKEN: the struct static_key lives in a read-only mapping after > mark_rodata_ro(), which falls apart when the KVM module is loaded after > init and a write to the struct happens due to e.g. guest_state_exit_irqoff() > relying on the static key: Right.. so whoever added the whole ro_after_init jump_label support did a very poor job of it. That said; I think it is fixable. Since the key cannot be changed, we don't actually need to track the entries list and can thus avoid the key update. Something like the completely untested below... --- Subject: jump_label: Seal __ro_after_init keys When a static_key is marked ro_after_init, its state will never change (after init), therefore jump_label_update() will never need to iterate the entries, and thus module load won't actually need to track this -- avoiding the static_key::next write. Therefore, mark these keys such that jump_label_add_module() might recognise them and avoid the modification. Use the special state: 'static_key_linked(key) && !static_key_mod(key)' to denote such keys. *UNTESTED* NOT-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> --- include/asm-generic/sections.h | 5 +++++ include/linux/jump_label.h | 1 + init/main.c | 1 + kernel/jump_label.c | 44 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+) diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h index db13bb620f52..c768de6f19a9 100644 --- a/include/asm-generic/sections.h +++ b/include/asm-generic/sections.h @@ -180,6 +180,11 @@ static inline bool is_kernel_rodata(unsigned long addr) addr < (unsigned long)__end_rodata; } +static inline bool is_kernel_ro_after_init(unsigned long addr) +{ + return addr >= (unsigned long)__start_ro_after_init && + addr < (unsigned long)__end_ro_after_init; +} /** * is_kernel_inittext - checks if the pointer address is located in the * .init.text section diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h index f0a949b7c973..88ef9e776af8 100644 --- a/include/linux/jump_label.h +++ b/include/linux/jump_label.h @@ -216,6 +216,7 @@ extern struct jump_entry __start___jump_table[]; extern struct jump_entry __stop___jump_table[]; extern void jump_label_init(void); +extern void jump_label_ro(void); extern void jump_label_lock(void); extern void jump_label_unlock(void); extern void arch_jump_label_transform(struct jump_entry *entry, diff --git a/init/main.c b/init/main.c index ad920fac325c..cb5304ca18f4 100644 --- a/init/main.c +++ b/init/main.c @@ -1403,6 +1403,7 @@ static void mark_readonly(void) * insecure pages which are W+X. */ rcu_barrier(); + jump_label_ro(); mark_rodata_ro(); rodata_test(); } else diff --git a/kernel/jump_label.c b/kernel/jump_label.c index d9c822bbffb8..40fb72d79d7a 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c @@ -530,6 +530,46 @@ void __init jump_label_init(void) cpus_read_unlock(); } +static inline bool static_key_sealed(struct static_key *key) +{ + return (key->type & JUMP_TYPE_LINKED) && !(key->type & ~JUMP_TYPE_MASK); +} + +static inline void static_key_seal(struct static_key *key) +{ + unsigned long type = key->type & JUMP_TYPE_TRUE; + key->type = JUMP_TYPE_LINKED | type; +} + +void jump_label_ro(void) +{ + struct jump_entry *iter_start = __start___jump_table; + struct jump_entry *iter_stop = __stop___jump_table; + struct static_key *key = NULL; + struct jump_entry *iter; + + if (WARN_ON_ONCE(!static_key_initialized)) + return; + + cpus_read_lock(); + jump_label_lock(); + + for (iter = iter_start; iter < iter_stop; iter++) { + struct static_key *iterk = jump_entry_key(iter); + + if (!is_kernel_ro_after_init(iterk)) + continue; + + if (static_key_sealed(iterk)) + continue; + + static_key_seal(iterk); + } + + jump_label_unlock(); + cpus_read_unlock(); +} + #ifdef CONFIG_MODULES enum jump_label_type jump_label_init_type(struct jump_entry *entry) @@ -650,6 +690,9 @@ static int jump_label_add_module(struct module *mod) static_key_set_entries(key, iter); continue; } + if (static_key_sealed(key)) + goto do_poke; + jlm = kzalloc(sizeof(struct static_key_mod), GFP_KERNEL); if (!jlm) return -ENOMEM; @@ -675,6 +718,7 @@ static int jump_label_add_module(struct module *mod) static_key_set_linked(key); /* Only update if we've changed from our initial state */ +do_poke: if (jump_label_type(iter) != jump_label_init_type(iter)) __jump_label_update(key, iter, iter_stop, true); }
diff --git a/kernel/context_tracking.c b/kernel/context_tracking.c index a09f1c19336ae..4e6cb14272fcb 100644 --- a/kernel/context_tracking.c +++ b/kernel/context_tracking.c @@ -432,7 +432,7 @@ static __always_inline void ct_kernel_enter(bool user, int offset) { } #define CREATE_TRACE_POINTS #include <trace/events/context_tracking.h> -DEFINE_STATIC_KEY_FALSE(context_tracking_key); +DEFINE_STATIC_KEY_FALSE_RO(context_tracking_key); EXPORT_SYMBOL_GPL(context_tracking_key); static noinstr bool context_tracking_recursion_enter(void)