From patchwork Fri Dec 21 18:14:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Stoppa X-Patchwork-Id: 10740827 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DAFEF924 for ; Fri, 21 Dec 2018 18:15:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CB0C42835B for ; Fri, 21 Dec 2018 18:15:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BEDA828618; Fri, 21 Dec 2018 18:15:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id A2A552835B for ; Fri, 21 Dec 2018 18:15:16 +0000 (UTC) Received: (qmail 32128 invoked by uid 550); 21 Dec 2018 18:15:01 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 32082 invoked from network); 21 Dec 2018 18:15:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=IC72E1SkxQby2tnvUgxalWUUCvjmMLY+yVrjL3hsqg8=; b=DqfsEH5L9YLdOJEXEYum6nwamDbHwKJwJCpeilO+Exni09zMXlLazjQWwG6UxGeyFW cthZ8/pTG4OViX9K/JQWfmJtS9F33LP1hb71YBXNsYDRjNxCpqV8NAzPvx7VOuAH5Tsc LPXPMnueI2EidByLqVwQ22AzvLQ144Ldw2HPEGliQyeXceXtPW1uaP/Sg86LlkmwCPHw /WOXCOYsw5cASKVRpV1s+hAEGzNAktCNUUXk5jWzgAJ/4jfpfwYuqnCr8CnsDS11dTI1 Ntel2Ew+lNIzH4pDzhUWw44FbLcUVoKFuI4LeX7oBViWiQnjx4Wqptqvm437EweXZB72 NKwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=IC72E1SkxQby2tnvUgxalWUUCvjmMLY+yVrjL3hsqg8=; b=QUJcTwGZNo4pgBbdbZLgDhgH4wJO84hngWltaNvfJ+s2P+1WaNlEt+d01zbyb1iib0 5L2JMZW/9iDHox2ym+GyANsA0ocEjOssFV2zIvtog++SBvWXMdPe2k1Lg90gIc5hukm+ wKfySfbxf+rzdVQmxeW+LDQgp+rB5Gql5oHIFevo2PJEabURkqOq/816J1Rv/t+P8IrW wU+2BBfH62Blhb6fT7FNqiR6avUk2JKrR163HfsGupHnYwzeIKMIaPDbEW6ZeSktON6/ X9p8djoDGa0inJJmdrcfGjNPNj6MjZMXzRGJCZDLszJzuBdY9sNpEXBgFZwUyJ58yS0n RbKA== X-Gm-Message-State: AA+aEWaskZ/6mfWO066yvK75/DQbKL0bon/bKf/24hgV2iqimC6Ngthr tismjzbKyQ2viA4tcO50/Ls= X-Google-Smtp-Source: AFSGD/UxlqHZez0NWd/HSVJmkToecB7S72thDSg2Cw/dydhEx7i1lDETl2T5I7D9XKZozHyTtVweIQ== X-Received: by 2002:a2e:4746:: with SMTP id u67-v6mr2238745lja.142.1545416089950; Fri, 21 Dec 2018 10:14:49 -0800 (PST) From: Igor Stoppa X-Google-Original-From: Igor Stoppa To: Andy Lutomirski , Matthew Wilcox , Peter Zijlstra , Dave Hansen , Mimi Zohar , Thiago Jung Bauermann Cc: igor.stoppa@huawei.com, Nadav Amit , Kees Cook , Ahmed Soliman , linux-integrity@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 03/12] __wr_after_init: generic functionality Date: Fri, 21 Dec 2018 20:14:14 +0200 Message-Id: <20181221181423.20455-4-igor.stoppa@huawei.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221181423.20455-1-igor.stoppa@huawei.com> References: <20181221181423.20455-1-igor.stoppa@huawei.com> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP The patch provides: - the generic part of the write rare functionality for static data, based on code from Matthew Wilcox - the dummy functionality, in case an arch doesn't support write rare or the functionality is disabled The basic functions are: - wr_memset(): write rare counterpart of memset() - wr_memcpy(): write rare counterpart of memcpy() - wr_assign(): write rare counterpart of the assignment ('=') operator - wr_rcu_assign_pointer(): write rare counterpart of rcu_assign_pointer() Signed-off-by: Igor Stoppa CC: Andy Lutomirski CC: Nadav Amit CC: Matthew Wilcox CC: Peter Zijlstra CC: Kees Cook CC: Dave Hansen CC: Mimi Zohar CC: Thiago Jung Bauermann CC: Ahmed Soliman CC: linux-integrity@vger.kernel.org CC: kernel-hardening@lists.openwall.com CC: linux-mm@kvack.org CC: linux-kernel@vger.kernel.org --- include/linux/prmem.h | 106 ++++++++++++++++++++++++++++++++++++++++++ mm/Makefile | 1 + mm/prmem.c | 97 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 204 insertions(+) create mode 100644 include/linux/prmem.h create mode 100644 mm/prmem.c diff --git a/include/linux/prmem.h b/include/linux/prmem.h new file mode 100644 index 000000000000..12c1d0d1cb78 --- /dev/null +++ b/include/linux/prmem.h @@ -0,0 +1,106 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * prmem.h: Header for memory protection library + * + * (C) Copyright 2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + * + * Support for: + * - statically allocated write rare data + */ + +#ifndef _LINUX_PRMEM_H +#define _LINUX_PRMEM_H + +#include +#include +#include + + +/** + * memtst() - test len bytes starting at p to match the c value + * @p: beginning of the memory to test + * @c: byte to compare against + * @len: amount of bytes to test + * + * Returns 0 on success, non-zero otherwise. + */ +static inline int memtst(void *p, int c, __kernel_size_t len) +{ + __kernel_size_t i; + + for (i = 0; i < len; i++) { + u8 d = *(i + (u8 *)p) - (u8)c; + + if (unlikely(d)) + return d; + } + return 0; +} + + +#ifndef CONFIG_PRMEM + +static inline void *wr_memset(void *p, int c, __kernel_size_t len) +{ + return memset(p, c, len); +} + +static inline void *wr_memcpy(void *p, const void *q, __kernel_size_t size) +{ + return memcpy(p, q, size); +} + +#define wr_assign(var, val) ((var) = (val)) +#define wr_rcu_assign_pointer(p, v) rcu_assign_pointer(p, v) + +#else + +#include +#include +#include +#include + +#include + +void *wr_memset(void *p, int c, __kernel_size_t len); +void *wr_memcpy(void *p, const void *q, __kernel_size_t size); + +/** + * wr_assign() - sets a write-rare variable to a specified value + * @var: the variable to set + * @val: the new value + * + * Returns: the variable + * + * Note: it might be possible to optimize this, to use wr_memset in some + * cases (maybe with NULL?). + */ + +#define wr_assign(var, val) ({ \ + typeof(var) tmp = (typeof(var))val; \ + \ + wr_memcpy(&var, &tmp, sizeof(var)); \ + var; \ +}) + +/** + * wr_rcu_assign_pointer() - initialize a pointer in rcu mode + * @p: the rcu pointer - it MUST be aligned to a machine word + * @v: the new value + * + * Returns the value assigned to the rcu pointer. + * + * It is provided as macro, to match rcu_assign_pointer() + * The rcu_assign_pointer() is implemented as equivalent of: + * + * smp_mb(); + * WRITE_ONCE(); + */ +#define wr_rcu_assign_pointer(p, v) ({ \ + smp_mb(); \ + wr_assign(p, v); \ + p; \ +}) +#endif +#endif diff --git a/mm/Makefile b/mm/Makefile index d210cc9d6f80..ef3867c16ce0 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -58,6 +58,7 @@ obj-$(CONFIG_SPARSEMEM) += sparse.o obj-$(CONFIG_SPARSEMEM_VMEMMAP) += sparse-vmemmap.o obj-$(CONFIG_SLOB) += slob.o obj-$(CONFIG_MMU_NOTIFIER) += mmu_notifier.o +obj-$(CONFIG_PRMEM) += prmem.o obj-$(CONFIG_KSM) += ksm.o obj-$(CONFIG_PAGE_POISONING) += page_poison.o obj-$(CONFIG_SLAB) += slab.o diff --git a/mm/prmem.c b/mm/prmem.c new file mode 100644 index 000000000000..e1c1be3a1171 --- /dev/null +++ b/mm/prmem.c @@ -0,0 +1,97 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * prmem.c: Memory Protection Library + * + * (C) Copyright 2017-2018 Huawei Technologies Co. Ltd. + * Author: Igor Stoppa + */ + +#include +#include +#include +#include +#include +#include +#include + +__ro_after_init bool wr_ready; + +/* + * The following two variables are statically allocated by the linker + * script at the the boundaries of the memory region (rounded up to + * multiples of PAGE_SIZE) reserved for __wr_after_init. + */ +extern long __start_wr_after_init; +extern long __end_wr_after_init; +static unsigned long start = (unsigned long)&__start_wr_after_init; +static unsigned long end = (unsigned long)&__end_wr_after_init; + +static inline bool is_wr_after_init(void *p, __kernel_size_t size) +{ + unsigned long low = (unsigned long)p; + unsigned long high = low + size; + + return likely(start <= low && high <= end); +} + +/** + * wr_memcpy() - copyes size bytes from q to p + * @p: beginning of the memory to write to + * @q: beginning of the memory to read from + * @size: amount of bytes to copy + * + * Returns pointer to the destination + * + * The architecture code must provide: + * void __wr_enable(wr_state_t *state) + * void *__wr_addr(void *addr) + * void *__wr_memcpy(void *p, const void *q, __kernel_size_t size) + * void __wr_disable(wr_state_t *state) + */ +void *wr_memcpy(void *p, const void *q, __kernel_size_t size) +{ + wr_state_t wr_state; + void *wr_poking_addr = __wr_addr(p); + + if (WARN_ONCE(!wr_ready, "No writable mapping available") || + WARN_ONCE(!is_wr_after_init(p, size), "Invalid WR range.")) + return p; + + local_irq_disable(); + __wr_enable(&wr_state); + __wr_memcpy(wr_poking_addr, q, size); + __wr_disable(&wr_state); + local_irq_enable(); + return p; +} + +/** + * wr_memset() - sets len bytes of the destination p to the c value + * @p: beginning of the memory to write to + * @c: byte to replicate + * @len: amount of bytes to copy + * + * Returns pointer to the destination + * + * The architecture code must provide: + * void __wr_enable(wr_state_t *state) + * void *__wr_addr(void *addr) + * void *__wr_memset(void *p, int c, __kernel_size_t len) + * void __wr_disable(wr_state_t *state) + */ +void *wr_memset(void *p, int c, __kernel_size_t len) +{ + wr_state_t wr_state; + void *wr_poking_addr = __wr_addr(p); + + if (WARN_ONCE(!wr_ready, "No writable mapping available") || + WARN_ONCE(!is_wr_after_init(p, len), "Invalid WR range.")) + return p; + + local_irq_disable(); + __wr_enable(&wr_state); + __wr_memset(wr_poking_addr, c, len); + __wr_disable(&wr_state); + local_irq_enable(); + return p; +}