Re: [RFC v2 0/4] vmalloc_exec for modules and BPF programs

From: Song Liu
Date: Tue Oct 18 2022 - 11:06:00 EST




> On Oct 18, 2022, at 7:50 AM, Christoph Hellwig <hch@xxxxxx> wrote:
>
> On Mon, Oct 17, 2022 at 04:23:52PM +0000, Song Liu wrote:
>>> Well, nothing explains what the method is to avoid having memory
>>> that is mapped writable and executable at the same time, which really
>>> could use some explanation here (and in the main patch as well).
>>
>> Thanks for the feedback. I will add this.
>>
>> Does the code look good to you? I personally think patch 1, 2, 4 could
>> ship with a little more work.
>
> I only took a quick look and I'm not sure how the W^X actually works.
> Yes, it alls into the text poke helpers, but how do these work on
> less than page sized allocations?

Aha, I guess I understand your point (and concern) now.

It is the same as text poke into static kernel text: we create a local
writable mapping to the memory we need to update. For less than page
sized allocation, this mapping does have access to X memory that may
belong to a different allocation, just like text poke into static
kernel text.

Maybe we need something like vcopy_exec(x_mem, tmp_buf, size), where
we explicitly check the allowed memory of x_mem is bigger or equal to
size. And users of vmalloc_exec should only use vcopy_exec to update
memory from vmalloc_exec.

Does this make sense? Did I understand your concern correctly?

Thanks,
Song