From patchwork Thu Feb 21 23:44:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10824917 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C8DCE1399 for ; Thu, 21 Feb 2019 23:51:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BB87831D2C for ; Thu, 21 Feb 2019 23:51:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AF38531D30; Thu, 21 Feb 2019 23:51:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 464C131D2C for ; Thu, 21 Feb 2019 23:51:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D1B228E00CD; Thu, 21 Feb 2019 18:51:11 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id CBE9E8E00D6; Thu, 21 Feb 2019 18:51:11 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B30EA8E00D4; Thu, 21 Feb 2019 18:51:11 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by kanga.kvack.org (Postfix) with ESMTP id 6AAA98E00D4 for ; Thu, 21 Feb 2019 18:51:11 -0500 (EST) Received: by mail-pl1-f197.google.com with SMTP id s22so318456plq.7 for ; Thu, 21 Feb 2019 15:51:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=wlyB6G1b+Tm41nLBBmWshnK0KkaA3tTinkVpxpprDWU=; b=jiyNeEoLJPbe3ysqJieZtUAoHY8a6NxL+9hiNSGQSo3WbCHAOO4kna3471Pr2afrMN h3J+4+7BtulZJ2g8yZBtGkcOdPdeBTVSi2XWnf9iPuRjaGfD6kc/EVnViM154BvEZnHY mtXZVuyRcliqBxuCprdKsqX8K1qQWNW3zjdKbcBVxgAE2+KFVPz391X3BlT2B4EqE+5j 9se8nEkYUcarbz5XLXVZk8SBDrLAKsVgZWzCzyJh9wfkPGAUHA+SzGc9OYZ5kCBsrdyn lfc2FGSM+X6/4VAKCO+x3R8tMgJvpLKfHTxVmHR8La6RoDgJg6hJOq598AafjdQ+K/Xd ETDg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: AHQUAubay3TIpuWEldMoewTpIvLPkHhnMWSePttEtgMyq7c0oBcnQwgF Ccw73w87EytK+mKFuV+OGj6UaGYJbXVn1vPdUwMJCW1JfNlWhRCBOjnjEQBfFnRKXGVVeRlM2sI gdFIwegfTmSUcCbg/oKCagIVmQHhGuCzNwRmPYbYCSpgP7g/AJD7vqxtgD+94GyGZkA== X-Received: by 2002:a17:902:6bc7:: with SMTP id m7mr1223989plt.106.1550793071029; Thu, 21 Feb 2019 15:51:11 -0800 (PST) X-Google-Smtp-Source: AHgI3IYsrEx/PaShl8Jeua71g0BpS+zpIalcy31KXVdoiuPt3WQuxAjE0y9qPkenQwVoP0md63rl X-Received: by 2002:a17:902:6bc7:: with SMTP id m7mr1223947plt.106.1550793070071; Thu, 21 Feb 2019 15:51:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550793070; cv=none; d=google.com; s=arc-20160816; b=e7cLln3MfGDsSKUG3n+yWCUfvHESpRS0kTlEPHkA5670ir3yk6Epm0ZEVGrnrZ5IIl AE/kG53cMWBvsh4osw/uvC1edSqYa9wHSxxSuOJUAONNBOVQrxS9awLtpa5xWI3JeQSs wc1aHgvdrxCK4lGvuzlBj4lMqjFs2X65apoPScK+0vRfPc5MtcuqHOodXc8IrgE3JtsF vzCClpBhYlK5xd/G2Bwp/OEYs2G0iLRuXNz0vLjUvBTttBN81rBxo5Qu7vZaiqkQhW5I gbZCJc7/DzlVhlvjSOWqE3u1lbcM/fpWbyspS6dnViaUjHCKo0nbt0TJjiAW6o4itj0V x7sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=wlyB6G1b+Tm41nLBBmWshnK0KkaA3tTinkVpxpprDWU=; b=Hi/Ialk4okQ+e+rtnIO/k05+5/LHufen2Ah6cTUvgaek8MyCdLztEZh9ZH5YRTKEkM 5aYJKLB7gh/7US7bJ+OYe9gKc/ZgrqEAEtj+u5IxUvD5/jfWwY5wjeo41Z6qHbHabVeB 9nyqSjhFw8qWohkU2XlFqV5O5XDTaoAR2LRIbZJFPc6dSi+FP0BGoeeGZbLF4ASGaR+5 wOJR/+vCbkXuwlVf3k25cqXeQ7FqBHdELhpSQlLGJKRvP55AZQAQY4ZPvScYgJDZGLls jCBPa3dw817fHtZqWKbb1kqAGGOxZ8NuQa135DLPdYpYCwWxVk1RrYSCpBVpTF3JEsDm CoGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga03.intel.com (mga03.intel.com. [134.134.136.65]) by mx.google.com with ESMTPS id c4si238494pfn.83.2019.02.21.15.51.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Feb 2019 15:51:10 -0800 (PST) Received-SPF: pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) client-ip=134.134.136.65; Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Feb 2019 15:51:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,397,1544515200"; d="scan'208";a="322394951" Received: from linksys13920.jf.intel.com (HELO rpedgeco-DESK5.jf.intel.com) ([10.54.75.11]) by fmsmga005.fm.intel.com with ESMTP; 21 Feb 2019 15:51:08 -0800 From: Rick Edgecombe To: Andy Lutomirski , Ingo Molnar Cc: linux-kernel@vger.kernel.org, x86@kernel.org, hpa@zytor.com, Thomas Gleixner , Borislav Petkov , Nadav Amit , Dave Hansen , Peter Zijlstra , linux_dti@icloud.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, akpm@linux-foundation.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, will.deacon@arm.com, ard.biesheuvel@linaro.org, kristen@linux.intel.com, deneen.t.dock@intel.com, Rick Edgecombe , Daniel Borkmann , Alexei Starovoitov Subject: [PATCH v3 17/20] bpf: Use vmalloc special flag Date: Thu, 21 Feb 2019 15:44:48 -0800 Message-Id: <20190221234451.17632-18-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190221234451.17632-1-rick.p.edgecombe@intel.com> References: <20190221234451.17632-1-rick.p.edgecombe@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Use new flag VM_FLUSH_RESET_PERMS for handling freeing of special permissioned memory in vmalloc and remove places where memory was set RW before freeing which is no longer needed. Don't track if the memory is RO anymore because it is now tracked in vmalloc. Cc: Daniel Borkmann Cc: Alexei Starovoitov Signed-off-by: Rick Edgecombe --- include/linux/filter.h | 17 +++-------------- kernel/bpf/core.c | 1 - 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/include/linux/filter.h b/include/linux/filter.h index b9f93e62db96..f7b6c8a2e591 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -20,6 +20,7 @@ #include #include #include +#include #include @@ -483,7 +484,6 @@ struct bpf_prog { u16 pages; /* Number of allocated pages */ u16 jited:1, /* Is our filter JIT'ed? */ jit_requested:1,/* archs need to JIT the prog */ - undo_set_mem:1, /* Passed set_memory_ro() checkpoint */ gpl_compatible:1, /* Is filter GPL compatible? */ cb_access:1, /* Is control block accessed? */ dst_needed:1, /* Do we need dst entry? */ @@ -681,27 +681,17 @@ bpf_ctx_narrow_access_ok(u32 off, u32 size, u32 size_default) static inline void bpf_prog_lock_ro(struct bpf_prog *fp) { - fp->undo_set_mem = 1; + set_vm_flush_reset_perms(fp); set_memory_ro((unsigned long)fp, fp->pages); } -static inline void bpf_prog_unlock_ro(struct bpf_prog *fp) -{ - if (fp->undo_set_mem) - set_memory_rw((unsigned long)fp, fp->pages); -} - static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr) { + set_vm_flush_reset_perms(hdr); set_memory_ro((unsigned long)hdr, hdr->pages); set_memory_x((unsigned long)hdr, hdr->pages); } -static inline void bpf_jit_binary_unlock_ro(struct bpf_binary_header *hdr) -{ - set_memory_rw((unsigned long)hdr, hdr->pages); -} - static inline struct bpf_binary_header * bpf_jit_binary_hdr(const struct bpf_prog *fp) { @@ -736,7 +726,6 @@ void __bpf_prog_free(struct bpf_prog *fp); static inline void bpf_prog_unlock_free(struct bpf_prog *fp) { - bpf_prog_unlock_ro(fp); __bpf_prog_free(fp); } diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 19c49313c709..465c1c3623e8 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -804,7 +804,6 @@ void __weak bpf_jit_free(struct bpf_prog *fp) if (fp->jited) { struct bpf_binary_header *hdr = bpf_jit_binary_hdr(fp); - bpf_jit_binary_unlock_ro(hdr); bpf_jit_binary_free(hdr); WARN_ON_ONCE(!bpf_prog_kallsyms_verify_off(fp));