Re: [PATCH 11/15] static_call: Add inline static call infrastructure
From: Nadav Amit
Date: Mon Jun 10 2019 - 14:37:57 EST
> On Jun 10, 2019, at 10:19 AM, Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
>
> On Fri, Jun 07, 2019 at 10:37:56AM +0200, Peter Zijlstra wrote:
>>>> +}
>>>> +
>>>> +static int static_call_module_notify(struct notifier_block *nb,
>>>> + unsigned long val, void *data)
>>>> +{
>>>> + struct module *mod = data;
>>>> + int ret = 0;
>>>> +
>>>> + cpus_read_lock();
>>>> + static_call_lock();
>>>> +
>>>> + switch (val) {
>>>> + case MODULE_STATE_COMING:
>>>> + module_disable_ro(mod);
>>>> + ret = static_call_add_module(mod);
>>>> + module_enable_ro(mod, false);
>>>
>>> Doesnât it cause some pages to be W+X ?
>
> How so?
>
>>> Can it be avoided?
>>
>> I don't know why it does this, jump_labels doesn't seem to need this,
>> and I'm not seeing what static_call needs differently.
>
> I forgot why I did this, but it's probably for the case where there's a
> static call site in module init code. It deserves a comment.
>
> Theoretically, jump labels need this to.
>
> BTW, there's a change coming that will require the text_mutex before
> calling module_{disable,enable}_ro().
I think that eventually, the most secure flow is for the module executable
to be write-protected immediately after the module signature is checked and
then use text_poke() to change the code without removing the
write-protection in such manner.
Ideally, these pieces of code (module signature check and static-key/call
mechanisms) would somehow be isolated.
I wonder whether static-calls in init-code cannot just be avoided. They
would most likely introduce more overhead in patching than they would save
in execution time.