Re: [PATCH v3 2/7] x86/jump_label: Use text_poke_early() during early_init

From: Nadav Amit
Date: Mon Nov 05 2018 - 16:31:31 EST


From: Thomas Gleixner
Sent: November 5, 2018 at 8:28:29 PM GMT
> To: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> Cc: Nadav Amit <namit@xxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, H. Peter Anvin <hpa@xxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Andrew Lutomirski <luto@xxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, Masami Hiramatsu <mhiramat@xxxxxxxxxx>
> Subject: Re: [PATCH v3 2/7] x86/jump_label: Use text_poke_early() during early_init
>
>
> On Mon, 5 Nov 2018, Andy Lutomirski wrote:
>> On Mon, Nov 5, 2018 at 11:25 AM Nadav Amit <namit@xxxxxxxxxx> wrote:
>> Linus, hpa, or Dave, a question for you: suppose I map some page
>> writably, write to it, then upgrade permissions to allow execute.
>> Must I force all CPUs that might execute from it without first
>> serializing to serialize? I suspect this doesn't really affect user
>> code, but it may affect the module loader.
>>
>> To be safe, shouldn't the module loader broadcast an IPI to
>> sync_core() everywhere after loading a module and before making it
>> runnable, regardless of alternative patching?
>>
>> IOW, the right sequence of events probably ought to me:
>>
>> 1. Allocate the memory and map it.
>> 2. Copy in the text.
>> 3. Patch alternatives, etc. This is logically just like (2) from an
>> architectural perspective -- we're just writing to memory that won't
>> be executed.
>> 4. Serialize everything.
>> 5. Run it!
>
> I'd make that:
>
> 1. Allocate the memory and map it RW
> 2. Copy in the text.
> 3. Patch alternatives, etc. This is logically just like (2) from an
> architectural perspective -- we're just writing to memory that won't
> be executed.
> 4. Map it RX
> 5. Serialize everything.
> 6. Run it!

Thanks. I will do something along these lines. This can improve module
loading time (saving IRQ save/restore time), but it will not make things
much prettier, since two code-paths for âearly init kernelâ and âearly init
moduleâ would be needed.