From patchwork Mon Jun 26 22:32:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Fainelli X-Patchwork-Id: 9810499 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C95CB603F2 for ; Mon, 26 Jun 2017 22:35:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 454DB2521E for ; Mon, 26 Jun 2017 22:35:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3725C2621B; Mon, 26 Jun 2017 22:35:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 946622521E for ; Mon, 26 Jun 2017 22:35:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=BX2tGOVEQ4vnPVDXfIX6k5EdFPfadAwu7hlKBPF8SSI=; b=VJ2gYj4cU2gUQH4E64eWAL6EoW WTpiSyvKcO0gk0THSa9j6d9OveeDARcmahdDnQ3CvISZCtse6oSAOIvEBvfxomBsKdTrWTR43X6zz W6asLXMbgHgi/pEwvLGdDFW3Dpmi5zbMFboW78B2AEWqEUH6uGdffB+tAEXnSBQ+yE550aouZk56m 38dou7FBJphe0fgc862GSAdETuI4AB570A8TDEJTV3TAhEsbbNQSvJW21zalNG15TEANJz9fLYvIu cb6AGXpEABz9S7TzhoN3ScsD+dJu6i8IW1iH65f0wnApFpSCba/SYzciZ0RtGlbHNiE5/Gtvnt7d4 MnRfqYrw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dPcay-0000j8-Dz; Mon, 26 Jun 2017 22:35:00 +0000 Received: from mail-qt0-x244.google.com ([2607:f8b0:400d:c0d::244]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dPcaG-0008Ie-P3 for linux-arm-kernel@lists.infradead.org; Mon, 26 Jun 2017 22:34:20 +0000 Received: by mail-qt0-x244.google.com with SMTP id w12so1879253qta.2 for ; Mon, 26 Jun 2017 15:33:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5bWnOsVH0upiLjUQMbws8ELARtsuDFAS7j8H/h9kZgs=; b=k5CGlU3sA1tpvoVcMC7gGmDDBT/zfinV8wHWziB+ZILSsIFCyhOhEJlz7EywkNLTXP NDT1qH2m42yBzFHc2EtA5zZIA3AZhmI6kWnWiyXu7mRNPqnG4mb/mVMilW36qA0qOuVN AIikFuHPhz1avBNwPxcjNjCrsmuxYj4Fedcih09ecbFuCMK5UIj2taElXew2bKQ/6tCY o/P8MeOCZhluNi4vtmQKSv5SSt78JFzVz87aVoCDcMRQXGrieohmtcTLGzfLg/fy0sa+ gCq66VOq24JCXORB238GrkFoozkst6Hzw2FmgHWU+cJCpk1xoMyndQNTVr1eE+I/plKi rP8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5bWnOsVH0upiLjUQMbws8ELARtsuDFAS7j8H/h9kZgs=; b=rfRzu2ylyW3QNnP8pjuGWmdVmq9r6gkXkMhUrHMj3SsdlHTwE/7WvTI2i9JD28ks3G ucYq/9vhfB8Vzz2dwlnsRd4NFoTgyNSCXCm/qkjNlxSBYscw2+cyEuZJ/DHp5uEvqPkf jgw1eHfhp/voKGyQG7NlDbsFQNoCWGw613dArIs59TUZxIsmhkyf5iTjqlMGFcqnXB2C CpL5GT8nhSyH1+vTpNljS3DO0O39bW0JV60JnBc+RW3k6d5rWOABY71lgo+yWrnF9+8b SLR/ovhyPdOYBRPaCRITFW6qzSYc8DQKrnRwSWtxIdtGG/l98a+XZoubZdtJn/ASMN3d TAJw== X-Gm-Message-State: AKS2vOx/vTn7zEdtNwuROVQB7X3tZlvS0q0ZfC/YcRMaFaevaRSGlA9z uCl8udXzW5gsXXI153U= X-Received: by 10.200.40.207 with SMTP id j15mr2984517qtj.186.1498516435311; Mon, 26 Jun 2017 15:33:55 -0700 (PDT) Received: from fainelli-desktop.broadcom.com ([192.19.255.250]) by smtp.gmail.com with ESMTPSA id j65sm965542qkf.38.2017.06.26.15.33.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Jun 2017 15:33:54 -0700 (PDT) From: Florian Fainelli To: linux-arm-kernel@lists.infradead.org Subject: [PATCH 2/4] misc: sram-exec: Use aligned fncpy instead of memcpy Date: Mon, 26 Jun 2017 15:32:43 -0700 Message-Id: <20170626223248.14199-4-f.fainelli@gmail.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170626223248.14199-1-f.fainelli@gmail.com> References: <20170626223248.14199-1-f.fainelli@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170626_153417_035147_3916A172 X-CRM114-Status: GOOD ( 18.09 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS" , Florian Fainelli , Markus Mayer , Arnd Bergmann , Dave Gerlach , Hauke Mehrtens , "open list:BROADCOM BCM47XX MIPS ARCHITECTURE" , =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= , "Rafael J. Wysocki" , open list , Ralf Baechle , Eric Anholt , linux-pm@vger.kernerl.org, Rob Herring , "maintainer:BROADCOM BCM7XXX ARM ARCHITECTURE" , Justin Chen , Gregory Fong , Doug Berger , Brian Norris MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Dave Gerlach Currently the sram-exec functionality, which allows allocation of executable memory and provides an API to move code to it, is only selected in configs for the ARM architecture. Based on commit 5756e9dd0de6 ("ARM: 6640/1: Thumb-2: Symbol manipulation macros for function body copying") simply copying a C function pointer address using memcpy without consideration of alignment and Thumb is unsafe on ARM platforms. The aforementioned patch introduces the fncpy macro which is a safe way to copy executable code on ARM platforms, so let's make use of that here rather than the unsafe plain memcpy that was previously used by sram_exec_copy. Now sram_exec_copy will move the code to "dst" and return an address that is guaranteed to be safely callable. In the future, architectures hoping to make use of the sram-exec functionality must define an fncpy macro just as ARM has done to guarantee or check for safe copying to executable memory before allowing the arch to select CONFIG_SRAM_EXEC. Acked-by: Tony Lindgren Acked-by: Russell King Reviewed-by: Alexandre Belloni Signed-off-by: Dave Gerlach --- drivers/misc/sram-exec.c | 27 ++++++++++++++++++++------- include/linux/sram.h | 8 ++++---- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/drivers/misc/sram-exec.c b/drivers/misc/sram-exec.c index 3d528a13b8fc..426ad912b441 100644 --- a/drivers/misc/sram-exec.c +++ b/drivers/misc/sram-exec.c @@ -19,6 +19,7 @@ #include #include +#include #include #include "sram.h" @@ -58,20 +59,32 @@ int sram_add_protect_exec(struct sram_partition *part) * @src: Source address for the data to copy * @size: Size of copy to perform, which starting from dst, must reside in pool * + * Return: Address for copied data that can safely be called through function + * pointer, or NULL if problem. + * * This helper function allows sram driver to act as central control location * of 'protect-exec' pools which are normal sram pools but are always set * read-only and executable except when copying data to them, at which point * they are set to read-write non-executable, to make sure no memory is * writeable and executable at the same time. This region must be page-aligned * and is checked during probe, otherwise page attribute manipulation would - * not be possible. + * not be possible. Care must be taken to only call the returned address as + * dst address is not guaranteed to be safely callable. + * + * NOTE: This function uses the fncpy macro to move code to the executable + * region. Some architectures have strict requirements for relocating + * executable code, so fncpy is a macro that must be defined by any arch + * making use of this functionality that guarantees a safe copy of exec + * data and returns a safe address that can be called as a C function + * pointer. */ -int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, - size_t size) +void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, + size_t size) { struct sram_partition *part = NULL, *p; unsigned long base; int pages; + void *dst_cpy; mutex_lock(&exec_pool_list_mutex); list_for_each_entry(p, &exec_pool_list, list) { @@ -81,10 +94,10 @@ int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, mutex_unlock(&exec_pool_list_mutex); if (!part) - return -EINVAL; + return NULL; if (!addr_in_gen_pool(pool, (unsigned long)dst, size)) - return -EINVAL; + return NULL; base = (unsigned long)part->base; pages = PAGE_ALIGN(size) / PAGE_SIZE; @@ -94,13 +107,13 @@ int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, set_memory_nx((unsigned long)base, pages); set_memory_rw((unsigned long)base, pages); - memcpy(dst, src, size); + dst_cpy = fncpy(dst, src, size); set_memory_ro((unsigned long)base, pages); set_memory_x((unsigned long)base, pages); mutex_unlock(&part->lock); - return 0; + return dst_cpy; } EXPORT_SYMBOL_GPL(sram_exec_copy); diff --git a/include/linux/sram.h b/include/linux/sram.h index c97dcbe8ce25..4fb405fb0480 100644 --- a/include/linux/sram.h +++ b/include/linux/sram.h @@ -16,12 +16,12 @@ struct gen_pool; #ifdef CONFIG_SRAM_EXEC -int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, size_t size); +void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, size_t size); #else -static inline int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, - size_t size) +static inline void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, + size_t size) { - return -ENODEV; + return NULL; } #endif /* CONFIG_SRAM_EXEC */ #endif /* __LINUX_SRAM_H__ */