From: Thomas Gleixner Sent: November 5, 2018 at 8:28:29 PM GMT > To: Andy Lutomirski <l...@amacapital.net> > Cc: Nadav Amit <na...@vmware.com>, Linus Torvalds > <torva...@linux-foundation.org>, H. Peter Anvin <h...@zytor.com>, Peter > Zijlstra <pet...@infradead.org>, Ingo Molnar <mi...@redhat.com>, LKML > <linux-kernel@vger.kernel.org>, X86 ML <x...@kernel.org>, Borislav Petkov > <b...@alien8.de>, Dave Hansen <dave.han...@linux.intel.com>, Andrew > Lutomirski <l...@kernel.org>, Kees Cook <keesc...@chromium.org>, Dave Hansen > <dave.han...@intel.com>, Masami Hiramatsu <mhira...@kernel.org> > Subject: Re: [PATCH v3 2/7] x86/jump_label: Use text_poke_early() during > early_init > > > On Mon, 5 Nov 2018, Andy Lutomirski wrote: >> On Mon, Nov 5, 2018 at 11:25 AM Nadav Amit <na...@vmware.com> wrote: >> Linus, hpa, or Dave, a question for you: suppose I map some page >> writably, write to it, then upgrade permissions to allow execute. >> Must I force all CPUs that might execute from it without first >> serializing to serialize? I suspect this doesn't really affect user >> code, but it may affect the module loader. >> >> To be safe, shouldn't the module loader broadcast an IPI to >> sync_core() everywhere after loading a module and before making it >> runnable, regardless of alternative patching? >> >> IOW, the right sequence of events probably ought to me: >> >> 1. Allocate the memory and map it. >> 2. Copy in the text. >> 3. Patch alternatives, etc. This is logically just like (2) from an >> architectural perspective -- we're just writing to memory that won't >> be executed. >> 4. Serialize everything. >> 5. Run it! > > I'd make that: > > 1. Allocate the memory and map it RW > 2. Copy in the text. > 3. Patch alternatives, etc. This is logically just like (2) from an > architectural perspective -- we're just writing to memory that won't > be executed. > 4. Map it RX > 5. Serialize everything. > 6. Run it!
Thanks. I will do something along these lines. This can improve module loading time (saving IRQ save/restore time), but it will not make things much prettier, since two code-paths for “early init kernel” and “early init module” would be needed.
