From: Mike Rapoport <rppt@kernel.org>
To: x86@kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Borislav Petkov <bp@alien8.de>,
Brendan Higgins <brendan.higgins@linux.dev>,
Daniel Gomez <da.gomez@samsung.com>,
Daniel Thompson <danielt@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
David Gow <davidgow@google.com>,
Douglas Anderson <dianders@chromium.org>,
Ingo Molnar <mingo@redhat.com>,
Jason Wessel <jason.wessel@windriver.com>,
Jiri Kosina <jikos@kernel.org>,
Joe Lawrence <joe.lawrence@redhat.com>,
Johannes Berg <johannes@sipsolutions.net>,
Josh Poimboeuf <jpoimboe@kernel.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mike Rapoport <rppt@kernel.org>, Miroslav Benes <mbenes@suse.cz>,
"H. Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Petr Mladek <pmladek@suse.com>, Petr Pavlu <petr.pavlu@suse.com>,
Rae Moar <rmoar@google.com>, Richard Weinberger <richard@nod.at>,
Sami Tolvanen <samitolvanen@google.com>,
Shuah Khan <shuah@kernel.org>, Song Liu <song@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Thomas Gleixner <tglx@linutronix.de>,
kgdb-bugreport@lists.sourceforge.net, kunit-dev@googlegroups.com,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-mm@kvack.org, linux-modules@vger.kernel.org,
linux-trace-kernel@vger.kernel.org, linux-um@lists.infradead.org,
live-patching@vger.kernel.org
Subject: [PATCH v3 5/9] execmem: add API for temporal remapping as RW and restoring ROX afterwards
Date: Sun, 26 Jan 2025 09:47:29 +0200 [thread overview]
Message-ID: <20250126074733.1384926-6-rppt@kernel.org> (raw)
In-Reply-To: <20250126074733.1384926-1-rppt@kernel.org>
From: "Mike Rapoport (Microsoft)" <rppt@kernel.org>
Using a writable copy for ROX memory is cumbersome and error prone.
Add API that allow temporarily remapping of ranges in the ROX cache as
writable and then restoring their read-only-execute permissions.
This API will be later used in modules code and will allow removing nasty
games with writable copy in alternatives patching on x86.
The restoring of the ROX permissions relies on the ability of architecture
to reconstruct large pages in its set_memory_rox() method.
Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
---
include/linux/execmem.h | 31 +++++++++++++++++++++++++++++++
mm/execmem.c | 22 ++++++++++++++++++++++
2 files changed, 53 insertions(+)
diff --git a/include/linux/execmem.h b/include/linux/execmem.h
index 64130ae19690..65655a5d1be2 100644
--- a/include/linux/execmem.h
+++ b/include/linux/execmem.h
@@ -65,6 +65,37 @@ enum execmem_range_flags {
* Architectures that use EXECMEM_ROX_CACHE must implement this.
*/
void execmem_fill_trapping_insns(void *ptr, size_t size, bool writable);
+
+/**
+ * execmem_make_temp_rw - temporarily remap region with read-write
+ * permissions
+ * @ptr: address of the region to remap
+ * @size: size of the region to remap
+ *
+ * Remaps a part of the cached large page in the ROX cache in the range
+ * [@ptr, @ptr + @size) as writable and not executable. The caller must
+ * have exclusive ownership of this range and ensure nothing will try to
+ * execute code in this range.
+ *
+ * Return: 0 on success or negative error code on failure.
+ */
+int execmem_make_temp_rw(void *ptr, size_t size);
+
+/**
+ * execmem_restore_rox - restore read-only-execute permissions
+ * @ptr: address of the region to remap
+ * @size: size of the region to remap
+ *
+ * Restores read-only-execute permissions on a range [@ptr, @ptr + @size)
+ * after it was temporarily remapped as writable. Relies on architecture
+ * implementation of set_memory_rox() to restore mapping using large pages.
+ *
+ * Return: 0 on success or negative error code on failure.
+ */
+int execmem_restore_rox(void *ptr, size_t size);
+#else
+static inline int execmem_make_temp_rw(void *ptr, size_t size) { return 0; }
+static inline int execmem_restore_rox(void *ptr, size_t size) { return 0; }
#endif
/**
diff --git a/mm/execmem.c b/mm/execmem.c
index 04b0bf1b5025..e6c4f5076ca8 100644
--- a/mm/execmem.c
+++ b/mm/execmem.c
@@ -335,6 +335,28 @@ static bool execmem_cache_free(void *ptr)
return true;
}
+
+int execmem_make_temp_rw(void *ptr, size_t size)
+{
+ unsigned int nr = PAGE_ALIGN(size) >> PAGE_SHIFT;
+ unsigned long addr = (unsigned long)ptr;
+ int ret;
+
+ ret = set_memory_nx(addr, nr);
+ if (ret)
+ return ret;
+
+ return set_memory_rw(addr, nr);
+}
+
+int execmem_restore_rox(void *ptr, size_t size)
+{
+ unsigned int nr = PAGE_ALIGN(size) >> PAGE_SHIFT;
+ unsigned long addr = (unsigned long)ptr;
+
+ return set_memory_rox(addr, nr);
+}
+
#else /* CONFIG_ARCH_HAS_EXECMEM_ROX */
static void *execmem_cache_alloc(struct execmem_range *range, size_t size)
{
--
2.45.2
next prev parent reply other threads:[~2025-01-26 7:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-26 7:47 [PATCH v3 0/9] x86/module: rework ROX cache to avoid writable copy Mike Rapoport
2025-01-26 7:47 ` [PATCH v3 1/9] x86/mm/pat: cpa-test: fix length for CPA_ARRAY test Mike Rapoport
2025-01-26 7:47 ` [PATCH v3 2/9] x86/mm/pat: drop duplicate variable in cpa_flush() Mike Rapoport
2025-01-26 7:47 ` [PATCH v3 3/9] x86/mm/pat: restore large ROX pages after fragmentation Mike Rapoport
2025-01-26 7:47 ` [PATCH v3 4/9] execmem: don't remove ROX cache from the direct map Mike Rapoport
2025-01-26 7:47 ` Mike Rapoport [this message]
2025-01-26 7:47 ` [PATCH v3 6/9] module: switch to execmem API for remapping as RW and restoring ROX Mike Rapoport
2025-01-27 12:50 ` Petr Pavlu
2025-01-28 10:00 ` Mike Rapoport
2025-01-28 10:31 ` Petr Pavlu
2025-01-26 7:47 ` [PATCH v3 7/9] Revert "x86/module: prepare module loading for ROX allocations of text" Mike Rapoport
2025-01-26 7:47 ` [PATCH v3 8/9] module: drop unused module_writable_address() Mike Rapoport
2025-01-26 7:47 ` [PATCH v3 9/9] x86: re-enable EXECMEM_ROX support Mike Rapoport
2025-01-27 11:19 ` [PATCH v3 0/9] x86/module: rework ROX cache to avoid writable copy Peter Zijlstra
2025-01-29 17:28 ` Lorenzo Stoakes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250126074733.1384926-6-rppt@kernel.org \
--to=rppt@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=anton.ivanov@cambridgegreys.com \
--cc=bp@alien8.de \
--cc=brendan.higgins@linux.dev \
--cc=da.gomez@samsung.com \
--cc=danielt@kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=davidgow@google.com \
--cc=dianders@chromium.org \
--cc=hpa@zytor.com \
--cc=jason.wessel@windriver.com \
--cc=jikos@kernel.org \
--cc=joe.lawrence@redhat.com \
--cc=johannes@sipsolutions.net \
--cc=jpoimboe@kernel.org \
--cc=kgdb-bugreport@lists.sourceforge.net \
--cc=kirill.shutemov@linux.intel.com \
--cc=kunit-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=linux-um@lists.infradead.org \
--cc=live-patching@vger.kernel.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=mbenes@suse.cz \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=petr.pavlu@suse.com \
--cc=pmladek@suse.com \
--cc=richard@nod.at \
--cc=rmoar@google.com \
--cc=rostedt@goodmis.org \
--cc=samitolvanen@google.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox