mbox series

[v2,00/10] x86/module: rework ROX cache to avoid writable copy

Message ID 20250121095739.986006-1-rppt@kernel.org (mailing list archive)
Headers show
Series x86/module: rework ROX cache to avoid writable copy | expand

Message

Mike Rapoport Jan. 21, 2025, 9:57 a.m. UTC 
From: "Mike Rapoport (Microsoft)" <rppt@kernel.org>

Hi,

Following Peter's comments [1] these patches rework handling of ROX caches
for module text allocations. 

Instead of using a writable copy that really complicates alternatives
patching, temporarily remap parts of a large ROX page as RW for the time of
module formation and then restore it's ROX protections when the module is
ready.

To keep the ROX memory mapped with large pages, make set_memory_rox()
capable of restoring large pages (more details are in patch 3).

Since this is really about x86, I believe this should go in via tip tree.

The patches also available in git
https://git.kernel.org/rppt/h/execmem/x86-rox/v9

v2 changes:
* only collapse large mappings in set_memory_rox()
* simplify RW <-> ROX remapping
* don't remove ROX cache pages from the direct map (patch 4)

v1: https://lore.kernel.org/all/20241227072825.1288491-1-rppt@kernel.org

[1] https://lore.kernel.org/all/20241209083818.GK8562@noisy.programming.kicks-ass.net

Kirill A. Shutemov (1):
  x86/mm/pat: restore large ROX pages after fragmentation

Mike Rapoport (Microsoft) (9):
  x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
  x86/mm/pat: drop duplicate variable in cpa_flush()
  execmem: don't remove ROX cache from the direct map
  execmem: add API for temporal remapping as RW and restoring ROX afterwards
  module: introduce MODULE_STATE_GONE
  module: switch to execmem API for remapping as RW and restoring ROX
  Revert "x86/module: prepare module loading for ROX allocations of text"
  module: drop unused module_writable_address()
  x86: re-enable EXECMEM_ROX support

 arch/um/kernel/um_arch.c                      |  11 +-
 arch/x86/Kconfig                              |   1 +
 arch/x86/entry/vdso/vma.c                     |   3 +-
 arch/x86/include/asm/alternative.h            |  14 +-
 arch/x86/include/asm/pgtable_types.h          |   2 +
 arch/x86/kernel/alternative.c                 | 181 ++++++--------
 arch/x86/kernel/ftrace.c                      |  30 ++-
 arch/x86/kernel/module.c                      |  45 ++--
 arch/x86/mm/pat/cpa-test.c                    |   2 +-
 arch/x86/mm/pat/set_memory.c                  | 220 +++++++++++++++++-
 include/linux/execmem.h                       |  31 +++
 include/linux/module.h                        |  22 +-
 include/linux/moduleloader.h                  |   4 -
 include/linux/vm_event_item.h                 |   2 +
 kernel/module/kallsyms.c                      |   8 +-
 kernel/module/kdb.c                           |   2 +-
 kernel/module/main.c                          |  86 ++-----
 kernel/module/procfs.c                        |   2 +-
 kernel/module/strict_rwx.c                    |   9 +-
 kernel/tracepoint.c                           |   2 +
 lib/kunit/test.c                              |   2 +
 mm/execmem.c                                  |  39 ++--
 mm/vmstat.c                                   |   2 +
 samples/livepatch/livepatch-callbacks-demo.c  |   1 +
 .../test_modules/test_klp_callbacks_demo.c    |   1 +
 .../test_modules/test_klp_callbacks_demo2.c   |   1 +
 .../livepatch/test_modules/test_klp_state.c   |   1 +
 .../livepatch/test_modules/test_klp_state2.c  |   1 +
 28 files changed, 442 insertions(+), 283 deletions(-)


base-commit: ffd294d346d185b70e28b1a28abe367bbfe53c04

Comments

Peter Zijlstra Jan. 21, 2025, 12:36 p.m. UTC | #1 
On Tue, Jan 21, 2025 at 11:57:29AM +0200, Mike Rapoport wrote:

> Kirill A. Shutemov (1):
>   x86/mm/pat: restore large ROX pages after fragmentation

The duplication between pmd and pud collapse is a bit annoying, but so
be it.

> Mike Rapoport (Microsoft) (9):
>   x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
>   x86/mm/pat: drop duplicate variable in cpa_flush()
>   execmem: don't remove ROX cache from the direct map
>   execmem: add API for temporal remapping as RW and restoring ROX afterwards
>   module: introduce MODULE_STATE_GONE
>   module: switch to execmem API for remapping as RW and restoring ROX
>   Revert "x86/module: prepare module loading for ROX allocations of text"
>   module: drop unused module_writable_address()
>   x86: re-enable EXECMEM_ROX support

All these look good on a first reading, let me go build and test the
various options.
Peter Zijlstra Jan. 22, 2025, 9:51 a.m. UTC | #2 
On Tue, Jan 21, 2025 at 01:36:47PM +0100, Peter Zijlstra wrote:
> On Tue, Jan 21, 2025 at 11:57:29AM +0200, Mike Rapoport wrote:
> 
> > Kirill A. Shutemov (1):
> >   x86/mm/pat: restore large ROX pages after fragmentation
> 
> The duplication between pmd and pud collapse is a bit annoying, but so
> be it.
> 
> > Mike Rapoport (Microsoft) (9):
> >   x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
> >   x86/mm/pat: drop duplicate variable in cpa_flush()
> >   execmem: don't remove ROX cache from the direct map
> >   execmem: add API for temporal remapping as RW and restoring ROX afterwards
> >   module: introduce MODULE_STATE_GONE
> >   module: switch to execmem API for remapping as RW and restoring ROX
> >   Revert "x86/module: prepare module loading for ROX allocations of text"
> >   module: drop unused module_writable_address()
> >   x86: re-enable EXECMEM_ROX support
> 
> All these look good on a first reading, let me go build and test the
> various options.

I've tested:

GCC:  ibt=off
      ibt=on
LLVM: ibt-off,cfi=off
      ibt=off,cfi=kcfi
      ibt=on,cfi=off
      ibt=on,cfi=kcfi
      ibt=on,cfi=fineibt

And all of them were able to load a module, so yay!

My plan is to merge these patches into tip/x86/mm once we have -rc1.