On Thu, Dec 06, 2018 at 08:23:20PM +0100, Ard Biesheuvel wrote: > On Thu, 6 Dec 2018 at 20:21, Andy Lutomirski <l...@kernel.org> wrote: > > > > On Thu, Dec 6, 2018 at 11:04 AM Ard Biesheuvel > > <ard.biesheu...@linaro.org> wrote: > > > > > > On Thu, 6 Dec 2018 at 19:54, Andy Lutomirski <l...@kernel.org> wrote: > > > > > > > > > > That’s not totally nuts. Do we ever have code that expects __va() to > > > > work on module data? Perhaps crypto code trying to encrypt static > > > > data because our APIs don’t understand virtual addresses. I guess if > > > > highmem is ever used for modules, then we should be fine. > > > > > > > > > > The crypto code shouldn't care, but I think it will probably break > > > hibernate :-( > > > > How so? Hibernate works (or at least should work) on x86 PAE, where > > __va doesn't work on module data, and, on x86, the direct map has some > > RO parts with where the module is, so hibernate can't be writing to > > the memory through the direct map with its final permissions. > > On arm64 at least, hibernate reads the contents of memory via the > linear mapping. Not sure about other arches.
Can we handle this like the DEBUG_PAGEALLOC case, and extract the pfn from the pte when we see that it's PROT_NONE? Will
