Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
From: Peter Zijlstra <peterz@infradead.org>
Date: 2023-11-13 08:21:16
Also in:
kvm, linux-hardening, linux-security-module, lkml, qemu-devel, virtualization, xen-devel
On Sun, Nov 12, 2023 at 09:23:24PM -0500, Mickaël Salaün wrote:
quoted hunk ↗ jump to hunk
From: Madhavan T. Venkataraman <redacted> X86 uses a function called __text_poke() to modify executable code. This patching function is used by many features such as KProbes and FTrace. Update the permissions counters for the text page so that write permissions can be temporarily established in the EPT to modify the instructions in that page. Cc: Borislav Petkov <bp@alien8.de> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kees Cook <redacted> Cc: Madhavan T. Venkataraman <redacted> Cc: Mickaël Salaün <mic@digikod.net> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Sean Christopherson <seanjc@google.com> Cc: Thomas Gleixner <redacted> Cc: Vitaly Kuznetsov <vkuznets@redhat.com> Cc: Wanpeng Li <redacted> Signed-off-by: Madhavan T. Venkataraman <redacted> --- Changes since v1: * New patch --- arch/x86/kernel/alternative.c | 5 ++++ arch/x86/mm/heki.c | 49 +++++++++++++++++++++++++++++++++++ include/linux/heki.h | 14 ++++++++++ 3 files changed, 68 insertions(+)diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index 517ee01503be..64fd8757ba5c 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c@@ -18,6 +18,7 @@ #include <linux/mmu_context.h> #include <linux/bsearch.h> #include <linux/sync_core.h> +#include <linux/heki.h> #include <asm/text-patching.h> #include <asm/alternative.h> #include <asm/sections.h>@@ -1801,6 +1802,7 @@ static void *__text_poke(text_poke_f func, void *addr, const void *src, size_t l */ pgprot = __pgprot(pgprot_val(PAGE_KERNEL) & ~_PAGE_GLOBAL); + heki_text_poke_start(pages, cross_page_boundary ? 2 : 1, pgprot); /* * The lock is not really needed, but this allows to avoid open-coding. */@@ -1865,7 +1867,10 @@ static void *__text_poke(text_poke_f func, void *addr, const void *src, size_t l } local_irq_restore(flags); + pte_unmap_unlock(ptep, ptl); + heki_text_poke_end(pages, cross_page_boundary ? 2 : 1, pgprot); + return addr; }
This makes no sense, we already use a custom CR3 with userspace alias for the actual pages to write to, why are you then frobbing permissions on that *again* ?