On Thu, 6 Dec 2018 at 20:30, Will Deacon <will.deacon@xxxxxxx> wrote: > > On Thu, Dec 06, 2018 at 08:23:20PM +0100, Ard Biesheuvel wrote: > > On Thu, 6 Dec 2018 at 20:21, Andy Lutomirski <luto@xxxxxxxxxx> wrote: > > > > > > On Thu, Dec 6, 2018 at 11:04 AM Ard Biesheuvel > > > <ard.biesheuvel@xxxxxxxxxx> wrote: > > > > > > > > On Thu, 6 Dec 2018 at 19:54, Andy Lutomirski <luto@xxxxxxxxxx> wrote: > > > > > > > > > > > > > That’s not totally nuts. Do we ever have code that expects __va() to > > > > > work on module data? Perhaps crypto code trying to encrypt static > > > > > data because our APIs don’t understand virtual addresses. I guess if > > > > > highmem is ever used for modules, then we should be fine. > > > > > > > > > > > > > The crypto code shouldn't care, but I think it will probably break hibernate :-( > > > > > > How so? Hibernate works (or at least should work) on x86 PAE, where > > > __va doesn't work on module data, and, on x86, the direct map has some > > > RO parts with where the module is, so hibernate can't be writing to > > > the memory through the direct map with its final permissions. > > > > On arm64 at least, hibernate reads the contents of memory via the > > linear mapping. Not sure about other arches. > > Can we handle this like the DEBUG_PAGEALLOC case, and extract the pfn from > the pte when we see that it's PROT_NONE? > As long as we can easily figure out whether a certain linear address is mapped or not, having a special case like that for these mappings doesn't sound unreasonable.
