From patchwork Tue Sep 12 00:37:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Konrad Rzeszutek Wilk X-Patchwork-Id: 9948249 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6474B603F3 for ; Tue, 12 Sep 2017 00:41:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5554128D31 for ; Tue, 12 Sep 2017 00:41:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4A02A28D33; Tue, 12 Sep 2017 00:41:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RCVD_IN_SORBS_SPAM,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 26D5728D6C for ; Tue, 12 Sep 2017 00:41:04 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drZDH-0000lk-O2; Tue, 12 Sep 2017 00:38:03 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drZDF-0000io-JH for xen-devel@lists.xenproject.org; Tue, 12 Sep 2017 00:38:01 +0000 Received: from [85.158.137.68] by server-13.bemta-3.messagelabs.com id 83/61-01916-86C27B95; Tue, 12 Sep 2017 00:38:00 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrHIsWRWlGSWpSXmKPExsVyMfTOId0Mne2 RBtOmMFt83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBm3uxazFjwKq7h2bQ9TA+MXly5GLg4hgRmM Eqv6JjODOCwCH1gkXm56yt7FyMkhITCNVeLflWgIO06i4c9fZgg7TWL6ns0sEHaFxJan65lAb CEBJYktkx8zQtgHmSTuXgkGsYUF9CQmf7sNFmcT0Jd4uvYa0BwOoF43iU/XuED2igi0M0rMvv KLFaSGWcBQovXtUTaI3jCJo2e2s4DUswioSmz8rAUS5hWwklj3rAPqHHmJib3TwMZzAsV//5j HCnGCpUTHgitMExiFFzAyrGLUKE4tKkst0jUy1ksqykzPKMlNzMzRNTQw1stNLS5OTE/NSUwq 1kvOz93ECAzPegYGxh2MfXv9DjFKcjApifL+Ft4eKcSXlJ9SmZFYnBFfVJqTWnyIUYaDQ0mCt 0wbKCdYlJqeWpGWmQOMFJi0BAePkghvlhZQmre4IDG3ODMdInWK0ZLjwp1Lf5g4Duy5BSQ7bt 79wyTEkpeflyolzvsbpEEApCGjNA9uHCyaLzHKSgnzMjIwMAjxFKQW5WaWoMq/YhTnYFQS5k0 GuYonM68EbusroIOYgA7iubQF5KCSRISUVAPjuj8muQyC7Esdqib5Lcll+xm1RK9Jj2fG57f7 RFdf/F57zptJdvlvmar95x8e/vsxtn3mwfDXJsrC3O+m7dIWV3pTHbTX9N72BSf3vOPcrjt/r e9KeZOV+TFPpgQK3e0usDyp0f3u43rxyQ2L/s1PdYw3bd6+I9/eimXhiz+zVk+9zfL29ckZrk osxRmJhlrMRcWJABYxX/jhAgAA X-Env-Sender: ketuzsezr@gmail.com X-Msg-Ref: server-11.tower-31.messagelabs.com!1505176679!83413620!1 X-Originating-IP: [209.85.220.194] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 51944 invoked from network); 12 Sep 2017 00:37:59 -0000 Received: from mail-qk0-f194.google.com (HELO mail-qk0-f194.google.com) (209.85.220.194) by server-11.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 12 Sep 2017 00:37:59 -0000 Received: by mail-qk0-f194.google.com with SMTP id r66so6218114qke.4 for ; Mon, 11 Sep 2017 17:37:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=WSGDAygtpvc3LY6Gzm5QQtwQ0Id/AuQg/qPXOMAJhow=; b=I4nz3V6FCd1jkMdISSFp49iZtB8R0VGvblafszYezh+aR6PvpLAAn0WnNHtRqJKLIN WTxyX7lf+3esN4ehYUbEgp3gPb1i3kkTj3+2Bds+w/r0CEDrvO7wLFcH9JSW9UwdXjOe 0SRhXWK0zk33Xzqf9Yk2KHnC43gJYv9mbGAe7Psp9xOGUxZLVKVoBN8Ag/Y9cKgJsXna XYzfISLd1RAzakwECl/oaPmHvDj3TWazhYQ+yWaUiTj2WqNe2HPoYN7V/421DDhBSCeL +lG1sbl2+CprIyzk9wU2MxpCwQfQ4E1qVMVxpVEJp3PzYWgLkOZW2+zZL93t1NKQMzbJ F/KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=WSGDAygtpvc3LY6Gzm5QQtwQ0Id/AuQg/qPXOMAJhow=; b=BF6uMXjSajfJFKNbfeh6ydv0Z8AjvdQyF7nX/wIlaTEEknfzN6GWPWnDPnsfzmm9iw Zl9xOuDM4y2PtiXpQ0dC//fGNGLpJHRJp3boz5f8Zy1P2OG0ZREukM5yVRo5xLW233L4 NbwUbU/6pJkHI7fM1Zv2CKQ+FNZoVnExJ8hHgsPAo8tSP6mQHAxTdJMynKuM5PCOhQVd 0RtoX0g35Ni4OsNpwU9eK/+A5TmoXwgEQITq5uZ+0Zz/Uo1DxcJoB2kgtjs1cD+rsXR6 2tmU0nb6o6qRVm8q3WAPl8RT8Ni9sMgJmRFRlT0Lc09LSas33G5rxhGDkGtZEpdfN0l0 AP/A== X-Gm-Message-State: AHPjjUiMOcgiJnA7DLt1RYCzQrMiukKLALiIvklURBk0/yo8FpjF6Y1e OyE1Ho0yFM39G2MI X-Google-Smtp-Source: AOwi7QDyWn+EBz113Q4Su+eoZBOQzOGtkFDjg+gyyInVb5nsP2NeDgfQ6l7s/4K0v4ykMfQsKqGH2A== X-Received: by 10.55.10.76 with SMTP id 73mr16704215qkk.205.1505176678232; Mon, 11 Sep 2017 17:37:58 -0700 (PDT) Received: from localhost.localdomain (209-6-200-48.s4398.c3-0.smr-ubr2.sbo-smr.ma.cable.rcncustomer.com. [209.6.200.48]) by smtp.gmail.com with ESMTPSA id z75sm6771034qkb.71.2017.09.11.17.37.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 11 Sep 2017 17:37:57 -0700 (PDT) From: Konrad Rzeszutek Wilk X-Google-Original-From: Konrad Rzeszutek Wilk To: xen-devel@lists.xenproject.org, ross.lagerwall@citrix.com, konrad.wilk@oracle.com, julien.grall@arm.com, sstabellini@kernel.org Date: Mon, 11 Sep 2017 20:37:20 -0400 Message-Id: <20170912003726.368-12-konrad.wilk@oracle.com> X-Mailer: git-send-email 2.13.3 In-Reply-To: <20170912003726.368-1-konrad.wilk@oracle.com> References: <20170912003726.368-1-konrad.wilk@oracle.com> Cc: andrew.cooper3@citrix.com, jbeulich@suse.com Subject: [Xen-devel] [PATCH v3 11/17] livepatch/x86/arm[32, 64]: Use common vmap code for applying. X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Patch titled "livepatch/arm[32,64]: Modify livepatch_funcs" added the infrastructure on ARM [32,64] to use vmap as way to map read-only regions. On x86 we use a global register. But there is nothing wrong with using on x86 the same method as on ARM[32,64] - which is exactly what this patch does. As result the common code for setting up vmap is now done in livepatch_quiesce and there is no arch specific arch_livepatch_quiesce anymore. The same treatment is applied to arch_livepatch_revive albeit we still need arch specific code for ARM (to clear the i-cache). Interestingly the arch_livepatch_revert looks almost the same on x86 and ARM. See 'livepatch/x86/arm[32,64]: Unify arch_livepatch_revert' Signed-off-by: Konrad Rzeszutek Wilk --- xen/arch/arm/livepatch.c | 64 -------------------------------- xen/arch/x86/livepatch.c | 32 +++++++++------- xen/common/livepatch.c | 81 +++++++++++++++++++++++++++++++++++++++-- xen/include/asm-arm/livepatch.h | 13 ------- xen/include/xen/livepatch.h | 13 +++++++ 5 files changed, 108 insertions(+), 95 deletions(-) diff --git a/xen/arch/arm/livepatch.c b/xen/arch/arm/livepatch.c index 2f9ae8e61e..2debb5368c 100644 --- a/xen/arch/arm/livepatch.c +++ b/xen/arch/arm/livepatch.c @@ -17,57 +17,6 @@ #undef virt_to_mfn #define virt_to_mfn(va) _mfn(__virt_to_mfn(va)) -struct livepatch_vmap_stash livepatch_vmap; - -int arch_livepatch_quiesce(struct livepatch_func *funcs, unsigned int nfuncs) -{ - mfn_t text_mfn, rodata_mfn; - void *vmap_addr; - unsigned int text_order; - unsigned long va = (unsigned long)(funcs); - unsigned int offs = va & (PAGE_SIZE - 1); - unsigned int size = PFN_UP(offs + nfuncs * sizeof(*funcs)); - - if ( livepatch_vmap.text || livepatch_vmap.funcs ) - return -EINVAL; - - text_mfn = virt_to_mfn(_start); - text_order = get_order_from_bytes(_end - _start); - - /* - * The text section is read-only. So re-map Xen to be able to patch - * the code. - */ - vmap_addr = __vmap(&text_mfn, 1U << text_order, 1, 1, PAGE_HYPERVISOR, - VMAP_DEFAULT); - - if ( !vmap_addr ) - { - printk(XENLOG_ERR LIVEPATCH "Failed to setup vmap of hypervisor! (order=%u)\n", - text_order); - return -ENOMEM; - } - - livepatch_vmap.text = vmap_addr; - livepatch_vmap.offset = offs; - - rodata_mfn = virt_to_mfn(va & PAGE_MASK); - vmap_addr = __vmap(&rodata_mfn, size, 1, 1, PAGE_HYPERVISOR, VMAP_DEFAULT); - if ( !vmap_addr ) - { - printk(XENLOG_ERR LIVEPATCH "Failed to setup vmap of livepatch_funcs! (mfn=%"PRI_mfn", size=%u)\n", - mfn_x(rodata_mfn), size); - vunmap(livepatch_vmap.text); - livepatch_vmap.text = NULL; - return -ENOMEM; - } - - livepatch_vmap.funcs = vmap_addr; - livepatch_vmap.va = funcs; - - return 0; -} - void arch_livepatch_revive(void) { /* @@ -75,19 +24,6 @@ void arch_livepatch_revive(void) * arch_livepatch_[apply|revert]. */ invalidate_icache(); - - if ( livepatch_vmap.text ) - vunmap(livepatch_vmap.text); - - livepatch_vmap.text = NULL; - - if ( livepatch_vmap.funcs ) - vunmap(livepatch_vmap.funcs); - - livepatch_vmap.funcs = NULL; - - livepatch_vmap.va = NULL; - livepatch_vmap.offset = 0; } int arch_livepatch_verify_func(const struct livepatch_func *func) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index 8522fcbd36..5273f5a176 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -14,18 +14,9 @@ #include #include -int arch_livepatch_quiesce(struct livepatch_func *func, unsigned int nfuncs) -{ - /* Disable WP to allow changes to read-only pages. */ - write_cr0(read_cr0() & ~X86_CR0_WP); - - return 0; -} - void arch_livepatch_revive(void) { - /* Reinstate WP. */ - write_cr0(read_cr0() | X86_CR0_WP); + /* Nothing to do. */ } int arch_livepatch_verify_func(const struct livepatch_func *func) @@ -54,14 +45,21 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) { uint8_t *old_ptr; uint8_t insn[sizeof(func->opaque)]; - unsigned int len; + unsigned int i, len; + struct livepatch_func *f; - old_ptr = func->old_addr; + /* Recompute using the vmap. */ + old_ptr = func->old_addr - (void *)_start + livepatch_vmap.text; len = livepatch_insn_len(func); if ( !len ) return; - memcpy(func->opaque, old_ptr, len); + /* Index in the vmap region. */ + i = livepatch_vmap.va - func; + f = (struct livepatch_func *)(livepatch_vmap.funcs + livepatch_vmap.offset) + i; + + memcpy(f->opaque, old_ptr, len); + if ( func->new_addr ) { int32_t val; @@ -85,7 +83,13 @@ void noinline arch_livepatch_apply(struct livepatch_func *func) */ void noinline arch_livepatch_revert(const struct livepatch_func *func) { - memcpy(func->old_addr, func->opaque, livepatch_insn_len(func)); + uint32_t *new_ptr; + unsigned int len; + + new_ptr = func->old_addr - (void *)_start + livepatch_vmap.text; + + len = livepatch_insn_len(func); + memcpy(new_ptr, func->opaque, len); } /* diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index e707802279..eb7d4098fd 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -104,6 +104,12 @@ static struct livepatch_work livepatch_work; */ static DEFINE_PER_CPU(bool_t, work_to_do); +/* + * The va of the hypervisor .text region and the livepatch_funcs. + * We need this as the normal va are write protected. + */ +struct livepatch_vmap_stash livepatch_vmap; + static int get_name(const xen_livepatch_name_t *name, char *n) { if ( !name->size || name->size > XEN_LIVEPATCH_NAME_SIZE ) @@ -1055,6 +1061,73 @@ static int livepatch_list(xen_sysctl_livepatch_list_t *list) return rc ? : idx; } +static int livepatch_quiesce(struct livepatch_func *funcs, unsigned int nfuncs) +{ + mfn_t text_mfn, rodata_mfn; + void *vmap_addr; + unsigned int text_order; + unsigned long va = (unsigned long)(funcs); + unsigned int offs = va & (PAGE_SIZE - 1); + unsigned int size = PFN_UP(offs + nfuncs * sizeof(*funcs)); + + if ( livepatch_vmap.text || livepatch_vmap.funcs ) + return -EINVAL; + + text_mfn = _mfn(virt_to_mfn(_start)); + text_order = get_order_from_bytes(_end - _start); + + /* + * The text section is read-only. So re-map Xen to be able to patch + * the code. + */ + vmap_addr = __vmap(&text_mfn, 1U << text_order, 1, 1, PAGE_HYPERVISOR, + VMAP_DEFAULT); + + if ( !vmap_addr ) + { + printk(XENLOG_ERR LIVEPATCH "Failed to setup vmap of hypervisor! (order=%u)\n", + text_order); + return -ENOMEM; + } + + livepatch_vmap.text = vmap_addr; + livepatch_vmap.offset = offs; + + rodata_mfn = _mfn(virt_to_mfn(va & PAGE_MASK)); + vmap_addr = __vmap(&rodata_mfn, size, 1, 1, PAGE_HYPERVISOR, VMAP_DEFAULT); + if ( !vmap_addr ) + { + printk(XENLOG_ERR LIVEPATCH "Failed to setup vmap of livepatch_funcs! (mfn=%"PRI_mfn", size=%u)\n", + mfn_x(rodata_mfn), size); + vunmap(livepatch_vmap.text); + livepatch_vmap.text = NULL; + return -ENOMEM; + } + + livepatch_vmap.funcs = vmap_addr; + livepatch_vmap.va = funcs; + + return 0; +} + +static void livepatch_revive(void) +{ + arch_livepatch_revive(); + + if ( livepatch_vmap.text ) + vunmap(livepatch_vmap.text); + + livepatch_vmap.text = NULL; + + if ( livepatch_vmap.funcs ) + vunmap(livepatch_vmap.funcs); + + livepatch_vmap.funcs = NULL; + + livepatch_vmap.va = NULL; + livepatch_vmap.offset = 0; +} + /* * The following functions get the CPUs into an appropriate state and * apply (or revert) each of the payload's functions. This is needed @@ -1069,7 +1142,7 @@ static int apply_payload(struct payload *data) printk(XENLOG_INFO LIVEPATCH "%s: Applying %u functions\n", data->name, data->nfuncs); - rc = arch_livepatch_quiesce(data->funcs, data->nfuncs); + rc = livepatch_quiesce(data->funcs, data->nfuncs); if ( rc ) { printk(XENLOG_ERR LIVEPATCH "%s: unable to quiesce!\n", data->name); @@ -1091,7 +1164,7 @@ static int apply_payload(struct payload *data) for ( i = 0; i < data->nfuncs; i++ ) arch_livepatch_apply(&data->funcs[i]); - arch_livepatch_revive(); + livepatch_revive(); /* * We need RCU variant (which has barriers) in case we crash here. @@ -1110,7 +1183,7 @@ static int revert_payload(struct payload *data) printk(XENLOG_INFO LIVEPATCH "%s: Reverting\n", data->name); - rc = arch_livepatch_quiesce(data->funcs, data->nfuncs); + rc = livepatch_quiesce(data->funcs, data->nfuncs); if ( rc ) { printk(XENLOG_ERR LIVEPATCH "%s: unable to quiesce!\n", data->name); @@ -1132,7 +1205,7 @@ static int revert_payload(struct payload *data) ASSERT(!local_irq_is_enabled()); - arch_livepatch_revive(); + livepatch_revive(); /* * We need RCU variant (which has barriers) in case we crash here. diff --git a/xen/include/asm-arm/livepatch.h b/xen/include/asm-arm/livepatch.h index e030aedced..1d746161a9 100644 --- a/xen/include/asm-arm/livepatch.h +++ b/xen/include/asm-arm/livepatch.h @@ -11,19 +11,6 @@ /* On ARM32,64 instructions are always 4 bytes long. */ #define ARCH_PATCH_INSN_SIZE 4 -/* - * The va of the hypervisor .text region and the livepatch_funcs. - * We need this as the normal va are write protected. - */ -struct livepatch_vmap_stash { - void *text; /* vmap of hypervisor code. */ - void *funcs; /* vmap of the .livepatch.funcs. */ - unsigned int offset; /* Offset in 'funcs'. */ - struct livepatch_func *va; /* The original va. */ -}; - -extern struct livepatch_vmap_stash livepatch_vmap; - /* These ranges are only for unconditional branches. */ #ifdef CONFIG_ARM_32 /* ARM32: A4.3 IN ARM DDI 0406C.c - we are using only ARM instructions in Xen.*/ diff --git a/xen/include/xen/livepatch.h b/xen/include/xen/livepatch.h index a97afb92f9..1659ffcdf0 100644 --- a/xen/include/xen/livepatch.h +++ b/xen/include/xen/livepatch.h @@ -100,6 +100,19 @@ static inline int livepatch_verify_distance(const struct livepatch_func *func) return 0; } + +/* + * The va of the hypervisor .text region and the livepatch_funcs. + * We need this as the normal va are write protected. + */ +struct livepatch_vmap_stash { + void *text; /* vmap of hypervisor code. */ + void *funcs; /* vmap of the .livepatch.funcs. */ + unsigned int offset; /* Offset in 'funcs'. */ + struct livepatch_func *va; /* The original va. */ +}; + +extern struct livepatch_vmap_stash livepatch_vmap; /* * These functions are called around the critical region patching live code, * for an architecture to take make appropratie global state adjustments.