From patchwork Fri Sep 9 08:40:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 75851 Delivered-To: patch@linaro.org Received: by 10.140.106.11 with SMTP id d11csp231441qgf; Fri, 9 Sep 2016 01:42:16 -0700 (PDT) X-Received: by 10.202.212.2 with SMTP id l2mr3788608oig.175.1473410536457; Fri, 09 Sep 2016 01:42:16 -0700 (PDT) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id p140si3129377iod.1.2016.09.09.01.42.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Sep 2016 01:42:16 -0700 (PDT) Received-SPF: neutral (google.com: 192.237.175.120 is neither permitted nor denied by best guess record for domain of xen-devel-bounces@lists.xen.org) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=neutral (google.com: 192.237.175.120 is neither permitted nor denied by best guess record for domain of xen-devel-bounces@lists.xen.org) smtp.mailfrom=xen-devel-bounces@lists.xen.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1biHMB-0002Bq-18; Fri, 09 Sep 2016 08:40:19 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1biHMA-0002B8-NB for xen-devel@lists.xen.org; Fri, 09 Sep 2016 08:40:18 +0000 Received: from [85.158.139.211] by server-12.bemta-5.messagelabs.com id 57/C8-09561-17572D75; Fri, 09 Sep 2016 08:40:17 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrGLMWRWlGSWpSXmKPExsVysyfVTbew9FK 4wY5H4hZLPi5mcWD0OLr7N1MAYxRrZl5SfkUCa8bq158YCw7pVNy5dJqxgfGnQhcjF4eQwCZG iUk3Wpi7GDmBnNOMEgseFILYbAKaEnc+f2ICsUUEpCWufb7MCGIzC0RKPJl5A6xeWCBRou3qC bAaFgFViY/tC8FqeAVcJOYf/A1WIyEgJ3Hy2GRWEJtTwFVi0YKdLBC7XCRuPX3DPoGRewEjwy pGjeLUorLUIl1jA72kosz0jJLcxMwcXUMDU73c1OLixPTUnMSkYr3k/NxNjED/1jMwMO5gnLD K7xCjJAeTkijvZ9lL4UJ8SfkplRmJxRnxRaU5qcWHGGU4OJQkeHeUAOUEi1LTUyvSMnOAgQaT luDgURLhnQ6S5i0uSMwtzkyHSJ1iVJQS560ASQiAJDJK8+DaYMF9iVFWSpiXkYGBQYinILUoN 7MEVf4VozgHo5IwbwHIFJ7MvBK46a+AFjMBLRY6dR5kcUkiQkqqgZHt+3HzfJnz8fm6Di98v0 w0+TuD6+WN8x+q7RbUZ6xqu6S93npBNFPxi6DnN+c63hVZeNyobeJDZpbbd14yn8vNClR41HN uq8nrBnP+kp+7o6qDpVWaL2duaBfsmNWrKP1LwkKbY9frS9/EGA9uWrSiV2mjSkhCrtgb0ar7 NQrFl7ded1ar1lZiKc5INNRiLipOBACTQvoTaQIAAA== X-Env-Sender: julien.grall@arm.com X-Msg-Ref: server-11.tower-206.messagelabs.com!1473410416!46478374!1 X-Originating-IP: [217.140.101.70] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 8.84; banners=-,-,- X-VirusChecked: Checked Received: (qmail 55098 invoked from network); 9 Sep 2016 08:40:17 -0000 Received: from foss.arm.com (HELO foss.arm.com) (217.140.101.70) by server-11.tower-206.messagelabs.com with SMTP; 9 Sep 2016 08:40:17 -0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4C06E22E; Fri, 9 Sep 2016 01:40:16 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.218.32]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8B6413F21A; Fri, 9 Sep 2016 01:40:15 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xen.org Date: Fri, 9 Sep 2016 09:40:08 +0100 Message-Id: <1473410408-12426-3-git-send-email-julien.grall@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1473410408-12426-1-git-send-email-julien.grall@arm.com> References: <1473410408-12426-1-git-send-email-julien.grall@arm.com> Cc: Julien Grall , sstabellini@kernel.org Subject: [Xen-devel] [PATCH v3 2/2] xen/arm: alternative: Make it possible to patch outside of the hypervisor X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" With livepatch the alternatives that should be patched are outside of the Xen hypervisor _start -> _end. The current code is assuming that only Xen could be patched and therefore will explode when a payload contains alternatives. Given that alt_instr contains a relative offset, the function __apply_alternatives could directly take in parameter the virtual address of the alt_instr set of the re-mapped region. So we can mandate the callers of __apply_alternatives to provide use with a region that has read-write access. The only caller that will patch directly the Xen binary is the function __apply_alternatives_multi_stop. The other caller apply_alternatives will work on the payload which will still have read-write access at that time. Signed-off-by: Julien Grall Reviewed-by: Konrad Rzeszutek Wilk --- This is an alternative of the patch suggested by Konrad [1] to fix alternatives patching with livepatching. [1] https://lists.xenproject.org/archives/html/xen-devel/2016-08/msg02880.html Changes in v3: - Add Konrad's reviewed-by Changes in v2: - Fix typoes - Add a comment to details how __apply_alternative should be called - Clean-up the casting for region.begin and region.end --- xen/arch/arm/alternative.c | 65 ++++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/xen/arch/arm/alternative.c b/xen/arch/arm/alternative.c index bd7d409..7203bae 100644 --- a/xen/arch/arm/alternative.c +++ b/xen/arch/arm/alternative.c @@ -94,28 +94,18 @@ static u32 get_alt_insn(const struct alt_instr *alt, return insn; } +/* + * The region patched should be read-write to allow __apply_alternatives + * to replacing the instructions when necessary. + */ static int __apply_alternatives(const struct alt_region *region) { const struct alt_instr *alt; - const u32 *origptr, *replptr; - u32 *writeptr, *writemap; - mfn_t xen_mfn = _mfn(virt_to_mfn(_start)); - unsigned int xen_order = get_order_from_bytes(_end - _start); + const u32 *replptr; + u32 *origptr; - printk(XENLOG_INFO "alternatives: Patching kernel code\n"); - - /* - * The text and inittext section are read-only. So re-map Xen to be - * able to patch the code. - */ - writemap = __vmap(&xen_mfn, 1U << xen_order, 1, 1, PAGE_HYPERVISOR, - VMAP_DEFAULT); - if ( !writemap ) - { - printk(XENLOG_ERR "alternatives: Unable to map the text section (size %u)\n", - 1 << xen_order); - return -ENOMEM; - } + printk(XENLOG_INFO "alternatives: Patching with alt table %p -> %p\n", + region->begin, region->end); for ( alt = region->begin; alt < region->end; alt++ ) { @@ -128,7 +118,6 @@ static int __apply_alternatives(const struct alt_region *region) BUG_ON(alt->alt_len != alt->orig_len); origptr = ALT_ORIG_PTR(alt); - writeptr = origptr - (u32 *)_start + writemap; replptr = ALT_REPL_PTR(alt); nr_inst = alt->alt_len / sizeof(insn); @@ -136,19 +125,17 @@ static int __apply_alternatives(const struct alt_region *region) for ( i = 0; i < nr_inst; i++ ) { insn = get_alt_insn(alt, origptr + i, replptr + i); - *(writeptr + i) = cpu_to_le32(insn); + *(origptr + i) = cpu_to_le32(insn); } /* Ensure the new instructions reached the memory and nuke */ - clean_and_invalidate_dcache_va_range(writeptr, - (sizeof (*writeptr) * nr_inst)); + clean_and_invalidate_dcache_va_range(origptr, + (sizeof (*origptr) * nr_inst)); } /* Nuke the instruction cache */ invalidate_icache(); - vunmap(writemap); - return 0; } @@ -159,10 +146,6 @@ static int __apply_alternatives(const struct alt_region *region) static int __apply_alternatives_multi_stop(void *unused) { static int patched = 0; - const struct alt_region region = { - .begin = __alt_instructions, - .end = __alt_instructions_end, - }; /* We always have a CPU 0 at this point (__init) */ if ( smp_processor_id() ) @@ -174,12 +157,38 @@ static int __apply_alternatives_multi_stop(void *unused) else { int ret; + struct alt_region region; + mfn_t xen_mfn = _mfn(virt_to_mfn(_start)); + unsigned int xen_order = get_order_from_bytes(_end - _start); + void *xenmap; BUG_ON(patched); + + /* + * The text and inittext section are read-only. So re-map Xen to + * be able to patch the code. + */ + xenmap = __vmap(&xen_mfn, 1U << xen_order, 1, 1, PAGE_HYPERVISOR, + VMAP_DEFAULT); + /* Re-mapping Xen is not expected to fail during boot. */ + BUG_ON(!xenmap); + + /* + * Find the virtual address of the alternative region in the new + * mapping. + * alt_instr contains relative offset, so the function + * __apply_alternatives will patch in the re-mapped version of + * Xen. + */ + region.begin = (void *)__alt_instructions - (void *)_start + xenmap; + region.end = (void *)__alt_instructions_end - (void *)_start + xenmap; + ret = __apply_alternatives(®ion); /* The patching is not expected to fail during boot. */ BUG_ON(ret != 0); + vunmap(xenmap); + /* Barriers provided by the cache flushing */ write_atomic(&patched, 1); }