From patchwork Thu Jun 30 09:46:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haibo Li X-Patchwork-Id: 12901686 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7D91EC43334 for ; Thu, 30 Jun 2022 10:48:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type: Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date :Subject:CC:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=K+LzNH3QfcIE7oxTDVd/PxwJu8sCyU6BPZLIBGwMYyo=; b=fUZH5u8tRJ0iOHLT2bYxzKXj5r eleGP1gwLM4bElnftcxj6ljPVcxa7Jxm6BEy1AfuOngTV7cXC+XsUSDq1+k3TbiqBDA1y333Hmsl6 zUMvYhfpbfWo7F3bu1fhsPnLvu+BJ1nHwC5EMUYYWz4/aTwoyNT3j+7+SDajv0PSEaGW0aJhwSDoD aYsTYsVk1hG457d5LcpbnON8qcvzG8jYfKPgFVXw+8tJq17mtiTgYfRVhL69WUyR0GStEXIASGYUD iVoi3vaFeMAzCiuJYcfOjycomBY1hOXbQztU/M8hzVUKYr7eEolE9cwof1tNAK3JqZ86qRMkCId+k seRNfBBw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o6riu-00Gelb-70; Thu, 30 Jun 2022 10:48:36 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o6rZE-00GaDn-MJ; Thu, 30 Jun 2022 10:38:38 +0000 X-UUID: e8ce9591fae14668bb752dc9d0666f7f-20220630 X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.7,REQID:1b7c1eb8-c085-4d1d-878e-f921750ec0a8,OB:0,LO B:0,IP:0,URL:5,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,RULE:Release_Ham,ACTI ON:release,TS:5 X-CID-META: VersionHash:87442a2,CLOUDID:706441d6-5d6d-4eaf-a635-828a3ee48b7c,C OID:IGNORED,Recheck:0,SF:nil,TC:nil,Content:0,EDM:-3,IP:nil,URL:1,File:nil ,QS:nil,BEC:nil,COL:0 X-UUID: e8ce9591fae14668bb752dc9d0666f7f-20220630 Received: from mtkmbs11n1.mediatek.inc [(172.21.101.185)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 118666790; Thu, 30 Jun 2022 03:38:29 -0700 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 30 Jun 2022 17:47:03 +0800 Received: from mszsdtcf10.gcn.mediatek.inc (10.16.4.60) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.792.3 via Frontend Transport; Thu, 30 Jun 2022 17:47:03 +0800 From: Haibo Li To: Sami Tolvanen CC: , Kees Cook , "Nathan Chancellor" , Nick Desaulniers , Matthias Brugger , Peter Zijlstra , Masami Hiramatsu , "Christophe Leroy" , =?utf-8?q?Andr=C3=A9_Alme?= =?utf-8?q?ida?= , Luis Chamberlain , Juergen Gross , Haibo Li , Tiezhu Yang , Aaron Tomlin , Dmitry Torokhov , , , , , Lecopzer Chen Subject: [PATCH 1/2] ANDROID: cfi: enable sanitize for cfi.c Date: Thu, 30 Jun 2022 17:46:45 +0800 Message-ID: <20220630094646.91837-2-haibo.li@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220630094646.91837-1-haibo.li@mediatek.com> References: <20220630094646.91837-1-haibo.li@mediatek.com> MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220630_033836_862510_8DC575C9 X-CRM114-Status: GOOD ( 11.39 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org currenly,cfi.c is excluded from cfi sanitize because of cfi handler. The side effect is that we can not transfer function pointer to other files which enable cfi sanitize. Enable cfi sanitize for cfi.c and bypass cfi check for __cfi_slowpath_diag Signed-off-by: Haibo Li Signed-off-by: Lecopzer Chen --- kernel/Makefile | 3 --- kernel/cfi.c | 8 +++++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile index a7e1f49ab2b3..a997bef1a200 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n UBSAN_SANITIZE_kcov.o := n CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector -# Don't instrument error handlers -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI) - obj-y += sched/ obj-y += locking/ obj-y += power/ diff --git a/kernel/cfi.c b/kernel/cfi.c index 08102d19ec15..456771c8e454 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr) return fn; } -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void *diag) { cfi_check_fn fn = find_check_fn((unsigned long)ptr); @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) else /* Don't allow unchecked modules */ handle_cfi_failure(ptr); } + +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag) +{ + /*run cfi check without cfi sanitize to avoid calling cfi handler recursively*/ + _run_cfi_check(id, ptr, diag); +} EXPORT_SYMBOL(__cfi_slowpath_diag); #else /* !CONFIG_MODULES */ From patchwork Thu Jun 30 09:46:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haibo Li X-Patchwork-Id: 12901591 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4550EC433EF for ; Thu, 30 Jun 2022 10:18:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type: Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date :Subject:CC:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=eYkJoa/0UJo+7yqtZrgFOU7Q2onaxfGGKww/YiP4fKM=; b=oLaz818rgo/S6QPSbbPcbGN9ye YCIpbF54gzzVMod579UidO3Okm6NkJTKy+dKiyziuhsi1AHiMlC/2Z4XkfhrQQYUkNVCLWMzVI6Uq MEKDipBKl/eXtJgDaRjkYNu5okMan+EtXjaH75Y+y8G0cbQRLiQmFnQ6cNNa9EXZvapXnT4/lWTxU GYXytuM9X/Qn3Jz3fM9k5Braid/2UXKO3BUnILOI3ZLarKH4hMq/YSZlpKSnGEH+BhGqx5ykduZFT AqxKgXD39RJxwmuj6TbPpTOoRdfQIL5a94i16rPqL9IJ3q0MCV9dSXc328lIa0vbDqxHvTtU1h9HK VfPnwTnA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o6rFE-00GVVf-Az; Thu, 30 Jun 2022 10:17:56 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o6rFB-00GVTh-Hp; Thu, 30 Jun 2022 10:17:54 +0000 X-UUID: 0f3ea2dce78049168a18f854e41e2e96-20220630 X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.7,REQID:6880349b-6e07-44f6-a9ec-3c1b560981b3,OB:0,LO B:0,IP:0,URL:5,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,RULE:Release_Ham,ACTI ON:release,TS:5 X-CID-META: VersionHash:87442a2,CLOUDID:de6b3186-57f0-47ca-ba27-fe8c57fbf305,C OID:IGNORED,Recheck:0,SF:nil,TC:nil,Content:0,EDM:-3,IP:nil,URL:1,File:nil ,QS:nil,BEC:nil,COL:0 X-UUID: 0f3ea2dce78049168a18f854e41e2e96-20220630 Received: from mtkmbs11n1.mediatek.inc [(172.21.101.185)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 355211776; Thu, 30 Jun 2022 03:17:44 -0700 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs11n1.mediatek.inc (172.21.101.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 30 Jun 2022 17:47:06 +0800 Received: from mszsdtcf10.gcn.mediatek.inc (10.16.4.60) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.792.3 via Frontend Transport; Thu, 30 Jun 2022 17:47:05 +0800 From: Haibo Li To: Sami Tolvanen CC: , Kees Cook , Nathan Chancellor , Nick Desaulniers , Matthias Brugger , Peter Zijlstra , Masami Hiramatsu , Christophe Leroy , =?utf-8?q?Andr=C3=A9_Almeid?= =?utf-8?q?a?= , Luis Chamberlain , Juergen Gross , Haibo Li , Tiezhu Yang , Aaron Tomlin , Dmitry Torokhov , , , , , Lecopzer Chen Subject: [PATCH 2/2] ANDROID: cfi: free old cfi shadow asynchronously Date: Thu, 30 Jun 2022 17:46:46 +0800 Message-ID: <20220630094646.91837-3-haibo.li@mediatek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220630094646.91837-1-haibo.li@mediatek.com> References: <20220630094646.91837-1-haibo.li@mediatek.com> MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220630_031753_622675_8624FBE9 X-CRM114-Status: GOOD ( 13.83 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Currenly, it uses synchronize_rcu() to wait old rcu reader to go away in update_shadow.In embedded platform like ARM CA7X, load_module blocks 40~50ms in update_shadow. When there are more than one hundred kernel modules, it blocks several seconds. To accelerate load_module,change synchronize_rcu to call_rcu. Signed-off-by: Haibo Li Signed-off-by: Lecopzer Chen --- kernel/cfi.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/kernel/cfi.c b/kernel/cfi.c index 456771c8e454..a4836d59ca27 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -43,6 +43,8 @@ typedef u16 shadow_t; struct cfi_shadow { /* Page index for the beginning of the shadow */ unsigned long base; + /* rcu to free old cfi_shadow asynchronously */ + struct rcu_head rcu; /* An array of __cfi_check locations (as indices to the shadow) */ shadow_t shadow[1]; } __packed; @@ -182,6 +184,13 @@ static void remove_module_from_shadow(struct cfi_shadow *s, struct module *mod, } } +static void _cfi_shadow_free_rcu(struct rcu_head *rcu) +{ + struct cfi_shadow *old = container_of(rcu, struct cfi_shadow, rcu); + + vfree(old); +} + typedef void (*update_shadow_fn)(struct cfi_shadow *, struct module *, unsigned long min_addr, unsigned long max_addr); @@ -211,11 +220,10 @@ static void update_shadow(struct module *mod, unsigned long base_addr, rcu_assign_pointer(cfi_shadow, next); mutex_unlock(&shadow_update_lock); - synchronize_rcu(); if (prev) { set_memory_rw((unsigned long)prev, SHADOW_PAGES); - vfree(prev); + call_rcu(&prev->rcu, _cfi_shadow_free_rcu); } }