at 9:49 PM, Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote:
> On Fri, 31 Aug 2018 13:46:35 +0900
> Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote:
>
>> On Thu, 30 Aug 2018 10:32:12 -0700
>> Nadav Amit <namit@xxxxxxxxxx> wrote:
>>
>>> This patch-set addresses some issues that were raised in a recent
>>> correspondence and might affect the security and the correctness of code
>>> patching. (Note that patching performance is not addressed by this
>>> patch-set).
>>>
>>> The main issue that the patches deal with is the fact that the fixmap
>>> PTEs that are used for patching are available for access from other
>>> cores and might be exploited. They are not even flushed from the TLB in
>>> remote cores, so the risk is even higher. Address this issue by
>>> introducing a temporary mm that is only used during patching.
>>> Unfortunately, due to init ordering, fixmap is still used during
>>> boot-time patching. Future patches can eliminate the need for it.
>>>
>>> The second issue is the missing lockdep assertion to ensure text_mutex
>>> is taken. It is actually not always taken, so fix the instances that
>>> were found not to take the lock (although they should be safe even
>>> without taking the lock).
>>>
>>> Finally, try to be more conservative and to map a single page, instead
>>> of two, when possible. This helps both security and performance.
>>>
>>> In addition, there is some cleanup of the patching code to make it more
>>> readable.
>>
>> OK, this series looks good to me, and tested with ftracetest, kprobe testsets.
>>
>> Reviewed-by: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
>> Tested-by: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
>
> Oh, I missed a note.
>
> To apply this series on -tip tree, we have to revert Jiri's text_mutex
> checker.
>
> 9222f606506c ("x86/alternatives: Lockdep-enforce text_mutex in text_poke*()")
Thanks for the heads-up. I’ll add a revert for this patch and send v2.
Regards,
Nadav
