| Message ID | 0b6ad2759b47731a83008b46dbbed7c92e68cae2.1586265122.git.zong.li@sifive.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Support strict kernel memory permissions for security | expand |
On Tue, 7 Apr 2020 22:46:48 +0800 Zong Li <zong.li@sifive.com> wrote: > On strict kernel memory permission, the ftrace have to change the > permission of text for dynamic patching the intructions. Use > riscv_patch_text_nosync() to patch code instead of probe_kernel_write. > > Signed-off-by: Zong Li <zong.li@sifive.com> > Suggested-by: Masami Hiramatsu <mhiramat@kernel.org> Looks good to me. Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org> Thanks! > --- > arch/riscv/kernel/ftrace.c | 26 +++++++++++++++++--------- > 1 file changed, 17 insertions(+), 9 deletions(-) > > diff --git a/arch/riscv/kernel/ftrace.c b/arch/riscv/kernel/ftrace.c > index c40fdcdeb950..08396614d6f4 100644 > --- a/arch/riscv/kernel/ftrace.c > +++ b/arch/riscv/kernel/ftrace.c > @@ -7,9 +7,23 @@ > > #include <linux/ftrace.h> > #include <linux/uaccess.h> > +#include <linux/memory.h> > #include <asm/cacheflush.h> > +#include <asm/patch.h> > > #ifdef CONFIG_DYNAMIC_FTRACE > +int ftrace_arch_code_modify_prepare(void) __acquires(&text_mutex) > +{ > + mutex_lock(&text_mutex); > + return 0; > +} > + > +int ftrace_arch_code_modify_post_process(void) __releases(&text_mutex) > +{ > + mutex_unlock(&text_mutex); > + return 0; > +} > + > static int ftrace_check_current_call(unsigned long hook_pos, > unsigned int *expected) > { > @@ -46,20 +60,14 @@ static int __ftrace_modify_call(unsigned long hook_pos, unsigned long target, > { > unsigned int call[2]; > unsigned int nops[2] = {NOP4, NOP4}; > - int ret = 0; > > make_call(hook_pos, target, call); > > - /* replace the auipc-jalr pair at once */ > - ret = probe_kernel_write((void *)hook_pos, enable ? call : nops, > - MCOUNT_INSN_SIZE); > - /* return must be -EPERM on write error */ > - if (ret) > + /* Replace the auipc-jalr pair at once. Return -EPERM on write error. */ > + if (patch_text_nosync > + ((void *)hook_pos, enable ? call : nops, MCOUNT_INSN_SIZE)) > return -EPERM; > > - smp_mb(); > - flush_icache_range((void *)hook_pos, (void *)hook_pos + MCOUNT_INSN_SIZE); > - > return 0; > } > > -- > 2.26.0 >
diff --git a/arch/riscv/kernel/ftrace.c b/arch/riscv/kernel/ftrace.c index c40fdcdeb950..08396614d6f4 100644 --- a/arch/riscv/kernel/ftrace.c +++ b/arch/riscv/kernel/ftrace.c @@ -7,9 +7,23 @@ #include <linux/ftrace.h> #include <linux/uaccess.h> +#include <linux/memory.h> #include <asm/cacheflush.h> +#include <asm/patch.h> #ifdef CONFIG_DYNAMIC_FTRACE +int ftrace_arch_code_modify_prepare(void) __acquires(&text_mutex) +{ + mutex_lock(&text_mutex); + return 0; +} + +int ftrace_arch_code_modify_post_process(void) __releases(&text_mutex) +{ + mutex_unlock(&text_mutex); + return 0; +} + static int ftrace_check_current_call(unsigned long hook_pos, unsigned int *expected) { @@ -46,20 +60,14 @@ static int __ftrace_modify_call(unsigned long hook_pos, unsigned long target, { unsigned int call[2]; unsigned int nops[2] = {NOP4, NOP4}; - int ret = 0; make_call(hook_pos, target, call); - /* replace the auipc-jalr pair at once */ - ret = probe_kernel_write((void *)hook_pos, enable ? call : nops, - MCOUNT_INSN_SIZE); - /* return must be -EPERM on write error */ - if (ret) + /* Replace the auipc-jalr pair at once. Return -EPERM on write error. */ + if (patch_text_nosync + ((void *)hook_pos, enable ? call : nops, MCOUNT_INSN_SIZE)) return -EPERM; - smp_mb(); - flush_icache_range((void *)hook_pos, (void *)hook_pos + MCOUNT_INSN_SIZE); - return 0; }
On strict kernel memory permission, the ftrace have to change the permission of text for dynamic patching the intructions. Use riscv_patch_text_nosync() to patch code instead of probe_kernel_write. Signed-off-by: Zong Li <zong.li@sifive.com> Suggested-by: Masami Hiramatsu <mhiramat@kernel.org> --- arch/riscv/kernel/ftrace.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-)