[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231113022326.24388-18-mic@digikod.net>
Date: Sun, 12 Nov 2023 21:23:24 -0500
From: Mickaël Salaün <mic@...ikod.net>
To: Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H . Peter Anvin" <hpa@...or.com>,
Ingo Molnar <mingo@...hat.com>,
Kees Cook <keescook@...omium.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>
Cc: Mickaël Salaün <mic@...ikod.net>,
Alexander Graf <graf@...zon.com>,
Chao Peng <chao.p.peng@...ux.intel.com>,
"Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
Forrest Yuan Yu <yuanyu@...gle.com>,
James Gowans <jgowans@...zon.com>,
James Morris <jamorris@...ux.microsoft.com>,
John Andersen <john.s.andersen@...el.com>,
"Madhavan T . Venkataraman" <madvenka@...ux.microsoft.com>,
Marian Rotariu <marian.c.rotariu@...il.com>,
Mihai Donțu <mdontu@...defender.com>,
Nicușor Cîțu <nicu.citu@...oud.com>,
Thara Gopinath <tgopinath@...rosoft.com>,
Trilok Soni <quic_tsoni@...cinc.com>,
Wei Liu <wei.liu@...nel.org>,
Will Deacon <will@...nel.org>,
Yu Zhang <yu.c.zhang@...ux.intel.com>,
Zahra Tarkhani <ztarkhani@...rosoft.com>,
Ștefan Șicleru <ssicleru@...defender.com>,
dev@...ts.cloudhypervisor.org,
kvm@...r.kernel.org,
linux-hardening@...r.kernel.org,
linux-hyperv@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
qemu-devel@...gnu.org,
virtualization@...ts.linux-foundation.org,
x86@...nel.org,
xen-devel@...ts.xenproject.org
Subject: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching
From: Madhavan T. Venkataraman <madvenka@...ux.microsoft.com>
X86 uses a function called __text_poke() to modify executable code. This
patching function is used by many features such as KProbes and FTrace.
Update the permissions counters for the text page so that write
permissions can be temporarily established in the EPT to modify the
instructions in that page.
Cc: Borislav Petkov <bp@...en8.de>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Madhavan T. Venkataraman <madvenka@...ux.microsoft.com>
Cc: Mickaël Salaün <mic@...ikod.net>
Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Sean Christopherson <seanjc@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Vitaly Kuznetsov <vkuznets@...hat.com>
Cc: Wanpeng Li <wanpengli@...cent.com>
Signed-off-by: Madhavan T. Venkataraman <madvenka@...ux.microsoft.com>
---
Changes since v1:
* New patch
---
arch/x86/kernel/alternative.c | 5 ++++
arch/x86/mm/heki.c | 49 +++++++++++++++++++++++++++++++++++
include/linux/heki.h | 14 ++++++++++
3 files changed, 68 insertions(+)
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 517ee01503be..64fd8757ba5c 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -18,6 +18,7 @@
#include <linux/mmu_context.h>
#include <linux/bsearch.h>
#include <linux/sync_core.h>
+#include <linux/heki.h>
#include <asm/text-patching.h>
#include <asm/alternative.h>
#include <asm/sections.h>
@@ -1801,6 +1802,7 @@ static void *__text_poke(text_poke_f func, void *addr, const void *src, size_t l
*/
pgprot = __pgprot(pgprot_val(PAGE_KERNEL) & ~_PAGE_GLOBAL);
+ heki_text_poke_start(pages, cross_page_boundary ? 2 : 1, pgprot);
/*
* The lock is not really needed, but this allows to avoid open-coding.
*/
@@ -1865,7 +1867,10 @@ static void *__text_poke(text_poke_f func, void *addr, const void *src, size_t l
}
local_irq_restore(flags);
+
pte_unmap_unlock(ptep, ptl);
+ heki_text_poke_end(pages, cross_page_boundary ? 2 : 1, pgprot);
+
return addr;
}
diff --git a/arch/x86/mm/heki.c b/arch/x86/mm/heki.c
index c0eace9e343f..e4c60d8b4f2d 100644
--- a/arch/x86/mm/heki.c
+++ b/arch/x86/mm/heki.c
@@ -5,8 +5,11 @@
* Copyright © 2023 Microsoft Corporation
*/
+#include <asm/pgtable.h>
+#include <asm/text-patching.h>
#include <linux/heki.h>
#include <linux/kvm_mem_attr.h>
+#include <linux/mm.h>
#ifdef pr_fmt
#undef pr_fmt
@@ -63,3 +66,49 @@ void heki_pgprot_to_permissions(pgprot_t prot, unsigned long *set,
if (pgprot_val(prot) & _PAGE_NX)
*clear |= MEM_ATTR_EXEC;
}
+
+static unsigned long heki_pgprot_to_flags(pgprot_t prot)
+{
+ unsigned long flags = 0;
+
+ if (pgprot_val(prot) & _PAGE_RW)
+ flags |= _PAGE_RW;
+ if (pgprot_val(prot) & _PAGE_NX)
+ flags |= _PAGE_NX;
+ return flags;
+}
+
+static void heki_text_poke_common(struct page **pages, int npages,
+ pgprot_t prot, enum heki_cmd cmd)
+{
+ struct heki_args args = {
+ .cmd = cmd,
+ };
+ unsigned long va = poking_addr;
+ int i;
+
+ if (!heki.counters)
+ return;
+
+ mutex_lock(&heki_lock);
+
+ for (i = 0; i < npages; i++, va += PAGE_SIZE) {
+ args.va = va;
+ args.pa = page_to_pfn(pages[i]) << PAGE_SHIFT;
+ args.size = PAGE_SIZE;
+ args.flags = heki_pgprot_to_flags(prot);
+ heki_callback(&args);
+ }
+
+ mutex_unlock(&heki_lock);
+}
+
+void heki_text_poke_start(struct page **pages, int npages, pgprot_t prot)
+{
+ heki_text_poke_common(pages, npages, prot, HEKI_MAP);
+}
+
+void heki_text_poke_end(struct page **pages, int npages, pgprot_t prot)
+{
+ heki_text_poke_common(pages, npages, prot, HEKI_UNMAP);
+}
diff --git a/include/linux/heki.h b/include/linux/heki.h
index 079b34af07f0..6f2cfddc6dac 100644
--- a/include/linux/heki.h
+++ b/include/linux/heki.h
@@ -111,6 +111,7 @@ typedef void (*heki_func_t)(struct heki_args *args);
extern struct heki heki;
extern bool heki_enabled;
+extern struct mutex heki_lock;
extern bool __read_mostly enable_mbec;
@@ -123,12 +124,15 @@ void heki_map(unsigned long va, unsigned long end);
void heki_update(unsigned long va, unsigned long end, unsigned long set,
unsigned long clear);
void heki_unmap(unsigned long va, unsigned long end);
+void heki_callback(struct heki_args *args);
/* Arch-specific functions. */
void heki_arch_early_init(void);
unsigned long heki_flags_to_permissions(unsigned long flags);
void heki_pgprot_to_permissions(pgprot_t prot, unsigned long *set,
unsigned long *clear);
+void heki_text_poke_start(struct page **pages, int npages, pgprot_t prot);
+void heki_text_poke_end(struct page **pages, int npages, pgprot_t prot);
#else /* !CONFIG_HEKI */
@@ -149,6 +153,16 @@ static inline void heki_unmap(unsigned long va, unsigned long end)
{
}
+/* Arch-specific functions. */
+static inline void heki_text_poke_start(struct page **pages, int npages,
+ pgprot_t prot)
+{
+}
+static inline void heki_text_poke_end(struct page **pages, int npages,
+ pgprot_t prot)
+{
+}
+
#endif /* CONFIG_HEKI */
#endif /* __HEKI_H__ */
--
2.42.1
Powered by blists - more mailing lists