From patchwork Mon Apr 10 14:52:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Gerlach X-Patchwork-Id: 9672777 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3B8736020C for ; Mon, 10 Apr 2017 14:53:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 19F1B27B81 for ; Mon, 10 Apr 2017 14:53:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0D95527CF3; Mon, 10 Apr 2017 14:53:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7875A27B81 for ; Mon, 10 Apr 2017 14:53:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=EYZDUGGWanWFoaJLpyzI6yM8J2FWfVL7k3yoeUboS7Q=; b=G87x/mpUqX0tAB tL4xOAfTrS5DBhjFsUiO7Ovz3mK8V+hIbsJixIREICjcKL8XYYPyRQ1AwS9Gd0I2lAQzsbhcDTx0j 22Kb1yLlJ72n7IQU46U7pij7NUTdbVNO1tC6VPsPc9YwhphJCzb8lB/ovbEO0wr/pKU2JNVo5cFgX 3HzkV4Nze7R9UEhbS6hPWI2WDun5LImGsJ3Ymnuv4vB8Y5l4QTjk7Sb9TATEv5JrBaZMxtlkc0EOY TR83S0VIKBVbAQuOLkYfkfYHTxnywetLw6JV5m1ig4I6r8pzyzhdKZN8dkaNLpdz+cwprdiYfYABm CUJfJAqAnKYvV+uLg5RQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1cxahH-0000ad-8z; Mon, 10 Apr 2017 14:53:39 +0000 Received: from lelnx194.ext.ti.com ([198.47.27.80]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1cxahC-0000Q8-Eu for linux-arm-kernel@lists.infradead.org; Mon, 10 Apr 2017 14:53:37 +0000 Received: from dflxv15.itg.ti.com ([128.247.5.124]) by lelnx194.ext.ti.com (8.15.1/8.15.1) with ESMTP id v3AEqqxe014953; Mon, 10 Apr 2017 09:52:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ti.com; s=ti-com-17Q1; t=1491835972; bh=5NUoTZRPiGvcMnRf2gpQyWb70YfJG9b+1QZHjU1O+6k=; h=From:To:CC:Subject:Date; b=EV/linEGFZh0KHdWuWjQ1GoONTiuL/LcgJlsZWpOZUTDmyz7SvHQzgU1hhZYF9NkC jWSZyflUvHFKwVnvJV2ZG0Ml+4HwCDBan34iF8m5eQjAQ4p48jkQQVpz+RPx5UfQXs uLVOU56Nd/JP5IdERRndHIPRGBe3WW9Y0l5fpG9I= Received: from DFLE73.ent.ti.com (dfle73.ent.ti.com [128.247.5.110]) by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id v3AEqpaP004769; Mon, 10 Apr 2017 09:52:51 -0500 Received: from dlep32.itg.ti.com (157.170.170.100) by DFLE73.ent.ti.com (128.247.5.110) with Microsoft SMTP Server id 14.3.294.0; Mon, 10 Apr 2017 09:52:51 -0500 Received: from legion.dal.design.ti.com (legion.dal.design.ti.com [128.247.22.53]) by dlep32.itg.ti.com (8.14.3/8.13.8) with ESMTP id v3AEqo44015115; Mon, 10 Apr 2017 09:52:50 -0500 Received: from localhost (uda0274052.am.dhcp.ti.com [128.247.83.19]) by legion.dal.design.ti.com (8.11.7p1+Sun/8.11.7) with ESMTP id v3AEqo323187; Mon, 10 Apr 2017 09:52:50 -0500 (CDT) From: Dave Gerlach To: Greg Kroah-Hartman , Arnd Bergmann , Tony Lindgren , Russell King Subject: [PATCH v2] misc: sram-exec: Use aligned fncpy instead of memcpy Date: Mon, 10 Apr 2017 09:52:47 -0500 Message-ID: <20170410145247.6023-1-d-gerlach@ti.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170410_075334_628308_BF3FE1A0 X-CRM114-Status: GOOD ( 14.85 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Dave Gerlach , Keerthy J , linux-kernel@vger.kernel.org, Alexandre Belloni , linux-omap@vger.kernel.org, Shawn Guo , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Currently the sram-exec functionality, which allows allocation of executable memory and provides an API to move code to it, is only selected in configs for the ARM architecture. Based on commit 5756e9dd0de6 ("ARM: 6640/1: Thumb-2: Symbol manipulation macros for function body copying") simply copying a C function pointer address using memcpy without consideration of alignment and Thumb is unsafe on ARM platforms. The aforementioned patch introduces the fncpy macro which is a safe way to copy executable code on ARM platforms, so let's make use of that here rather than the unsafe plain memcpy that was previously used by sram_exec_copy. Now sram_exec_copy will move the code to "dst" and return an address that is guaranteed to be safely callable. In the future, architectures hoping to make use of the sram-exec functionality must define an fncpy macro just as ARM has done to guarantee or check for safe copying to executable memory before allowing the arch to select CONFIG_SRAM_EXEC. Signed-off-by: Dave Gerlach Acked-by: Tony Lindgren Acked-by: Russell King Reviewed-by: Alexandre Belloni --- v1: http://www.spinics.net/lists/linux-omap/msg136517.html v2 changes: Return value of fncpy, as the returned address is the safely executable one, and add supporting docs in comments. drivers/misc/sram-exec.c | 27 ++++++++++++++++++++------- include/linux/sram.h | 8 ++++---- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/drivers/misc/sram-exec.c b/drivers/misc/sram-exec.c index ac522417c462..9d54e14e8360 100644 --- a/drivers/misc/sram-exec.c +++ b/drivers/misc/sram-exec.c @@ -19,6 +19,7 @@ #include #include +#include #include "sram.h" @@ -57,20 +58,32 @@ int sram_add_protect_exec(struct sram_partition *part) * @src: Source address for the data to copy * @size: Size of copy to perform, which starting from dst, must reside in pool * + * Return: Address for copied data that can safely be called through function + * pointer, or NULL if problem. + * * This helper function allows sram driver to act as central control location * of 'protect-exec' pools which are normal sram pools but are always set * read-only and executable except when copying data to them, at which point * they are set to read-write non-executable, to make sure no memory is * writeable and executable at the same time. This region must be page-aligned * and is checked during probe, otherwise page attribute manipulation would - * not be possible. + * not be possible. Care must be taken to only call the returned address as + * dst address is not guaranteed to be safely callable. + * + * NOTE: This function uses the fncpy macro to move code to the executable + * region. Some architectures have strict requirements for relocating + * executable code, so fncpy is a macro that must be defined by any arch + * making use of this functionality that guarantees a safe copy of exec + * data and returns a safe address that can be called as a C function + * pointer. */ -int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, - size_t size) +void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, + size_t size) { struct sram_partition *part = NULL, *p; unsigned long base; int pages; + void *dst_cpy; mutex_lock(&exec_pool_list_mutex); list_for_each_entry(p, &exec_pool_list, list) { @@ -80,10 +93,10 @@ int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, mutex_unlock(&exec_pool_list_mutex); if (!part) - return -EINVAL; + return NULL; if (!addr_in_gen_pool(pool, (unsigned long)dst, size)) - return -EINVAL; + return NULL; base = (unsigned long)part->base; pages = PAGE_ALIGN(size) / PAGE_SIZE; @@ -93,13 +106,13 @@ int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, set_memory_nx((unsigned long)base, pages); set_memory_rw((unsigned long)base, pages); - memcpy(dst, src, size); + dst_cpy = fncpy(dst, src, size); set_memory_ro((unsigned long)base, pages); set_memory_x((unsigned long)base, pages); mutex_unlock(&part->lock); - return 0; + return dst_cpy; } EXPORT_SYMBOL_GPL(sram_exec_copy); diff --git a/include/linux/sram.h b/include/linux/sram.h index c97dcbe8ce25..4fb405fb0480 100644 --- a/include/linux/sram.h +++ b/include/linux/sram.h @@ -16,12 +16,12 @@ struct gen_pool; #ifdef CONFIG_SRAM_EXEC -int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, size_t size); +void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, size_t size); #else -static inline int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, - size_t size) +static inline void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, + size_t size) { - return -ENODEV; + return NULL; } #endif /* CONFIG_SRAM_EXEC */ #endif /* __LINUX_SRAM_H__ */