From patchwork Wed Apr 16 05:31:37 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: vkamensky <victor.kamensky@linaro.org>
X-Patchwork-Id: 28449
Return-Path: <patchwork-forward+bncBD7P3VNW5YERB2VMXCNAKGQEQEPGKEQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-oa0-f69.google.com (mail-oa0-f69.google.com
 [209.85.219.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 5432A2036D
 for <linaro@patches.linaro.org>; Wed, 16 Apr 2014 05:34:35 +0000 (UTC)
Received: by mail-oa0-f69.google.com with SMTP id i7sf55852514oag.0
 for <linaro@patches.linaro.org>; Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:subject:date:message-id
 :in-reply-to:references:cc:precedence:list-id:list-unsubscribe
 :list-archive:list-post:list-help:list-subscribe:mime-version:sender
 :errors-to:x-original-sender:x-original-authentication-results
 :mailing-list:content-type:content-transfer-encoding;
 bh=eZT0P+FRSJdpcekmH0NJRW6uhYnlBoL0gPVHJC2tYRQ=;
 b=lqjzHIXFPONPXDv4R1VDFDdkd+zSdKQCDFpGDYt2cpqAEH06f7GdJ5WOgXmXcfGbVt
 jq6pXaXfdyJowEFZmxOewhe4orNbBPZmdKrjsk5LKxviDZPsfQb68o1Pk8ITUbw1BMfm
 GM744Hv8K86bYJpJ2KqpowPPl8X7STZr+/sZugMN8UMZ5CBE1SPmvQbX7tzfvh7zKO3m
 BFz6aSrFfmB9xKKFD2EMD5PL+QuUd6vNXNGgY2mdtpzuyQefqIYJTrNPVh4i8XoJxZ+C
 tva5pueoYqy5JNsXWjjN/gGKSt8hTfbQxCXxRjXcuqctdprhxxDNixDTbmpXR5l0Io/5
 3VsA==
X-Gm-Message-State: ALoCoQkPzaAMmE41c4MCsNPsfiG6FK9M5+Am0A1waKEDrM5GtSgiegM0oxxeVOfMRBBLjIWdDKHT
X-Received: by 10.50.254.1 with SMTP id ae1mr1305505igd.6.1397626474687;
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.40.115 with SMTP id w106ls519410qgw.53.gmail; Tue, 15 Apr
 2014 22:34:34 -0700 (PDT)
X-Received: by 10.52.95.135 with SMTP id dk7mr197555vdb.32.1397626474596;
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
Received: from mail-vc0-f181.google.com (mail-vc0-f181.google.com
 [209.85.220.181]) by mx.google.com with ESMTPS id
 la9si3720422veb.146.2014.04.15.22.34.34
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.220.181 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.220.181; 
Received: by mail-vc0-f181.google.com with SMTP id id10so9997856vcb.26
 for <patchwork-forward@linaro.org>;
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
X-Received: by 10.221.58.144 with SMTP id wk16mr251463vcb.23.1397626474421; 
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.220.221.72 with SMTP id ib8csp285192vcb;
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
X-Received: by 10.140.89.11 with SMTP id u11mr118965qgd.93.1397626474043;
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2001:1868:205::9]) by mx.google.com with ESMTPS id
 i78si8784828qge.106.2014.04.15.22.34.33 for <patch@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 15 Apr 2014 22:34:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:1868:205::9 as permitted sender)
 client-ip=2001:1868:205::9; 
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1WaISc-0002Jn-8M; Wed, 16 Apr 2014 05:32:38 +0000
Received: from mail-pd0-f171.google.com ([209.85.192.171])
 by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
 Linux)) id 1WaISV-0002I7-Sn for linux-arm-kernel@lists.infradead.org;
 Wed, 16 Apr 2014 05:32:32 +0000
Received: by mail-pd0-f171.google.com with SMTP id r10so10356089pdi.30
 for <linux-arm-kernel@lists.infradead.org>;
 Tue, 15 Apr 2014 22:32:11 -0700 (PDT)
X-Received: by 10.66.66.66 with SMTP id d2mr6418747pat.36.1397626330926;
 Tue, 15 Apr 2014 22:32:10 -0700 (PDT)
Received: from kamensky-w530.cisco.com.net (c-24-6-79-41.hsd1.ca.comcast.net.
 [24.6.79.41]) by mx.google.com with ESMTPSA id
 cz3sm44273882pbc.9.2014.04.15.22.32.09 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 15 Apr 2014 22:32:10 -0700 (PDT)
From: Victor Kamensky <victor.kamensky@linaro.org>
To: rmk@arm.linux.org.uk, davem@davemloft.net, oleg@redhat.com,
 dave.long@linaro.org
Subject: [RFC PATCH v4] ARM: uprobes xol write directly to userspace
Date: Tue, 15 Apr 2014 22:31:37 -0700
Message-Id: <1397626297-23873-2-git-send-email-victor.kamensky@linaro.org>
X-Mailer: git-send-email 1.8.1.4
In-Reply-To: <1397626297-23873-1-git-send-email-victor.kamensky@linaro.org>
References: <1397626297-23873-1-git-send-email-victor.kamensky@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20140415_223231_982123_53D8B1F4
X-CRM114-Status: GOOD (  16.62  )
X-Spam-Score: 0.0 (/)
X-Spam-Report: SpamAssassin version 3.3.2 on bombadil.infradead.org summary:
 Content analysis details:   (0.0 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
 no trust [209.85.192.171 listed in list.dnswl.org]
Cc: tixy@linaro.org, linaro-kernel@lists.linaro.org, ananth@in.ibm.com,
 Victor Kamensky <victor.kamensky@linaro.org>, peterz@infradead.org,
 taras.kondratiuk@linaro.org, rabin@rab.in, torvalds@linux-foundation.org, 
 Dave.Martin@arm.com, linux-arm-kernel@lists.infradead.org
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: victor.kamensky@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.220.181 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

After instruction write into xol area, on ARM V7
architecture code need to flush dcache and icache to sync
them up for given set of addresses. Having just
'flush_dcache_page(page)' call is not enough - it is
possible to have stale instruction sitting in icache
for given xol area slot address.

Introduce arch_uprobe_ixol_copy weak function
that by default calls __copy_to_user function, and
that sufficient for CPUs that can snoop instruction
writes from dcache. On ARM define new one
that handles xol slot copy in ARM specific way.

Arm implementation of arch_uprobe_ixol_copy function
makes __copy_to_user call which does not have dcache
aliasing issues and then flush_cache_user_range to
push dcache out and invalidate corresponding icache
entries.

Note in order to write into uprobes xol area had
to add VM_WRITE to xol area mapping.

Signed-off-by: Victor Kamensky <victor.kamensky@linaro.org>
---
 arch/arm/kernel/uprobes.c |  8 ++++++++
 include/linux/uprobes.h   |  3 +++
 kernel/events/uprobes.c   | 28 +++++++++++++++++++---------
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/arch/arm/kernel/uprobes.c b/arch/arm/kernel/uprobes.c
index f9bacee..4836e54 100644
--- a/arch/arm/kernel/uprobes.c
+++ b/arch/arm/kernel/uprobes.c
@@ -113,6 +113,14 @@ int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm,
 	return 0;
 }
 
+void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr,
+			   void *src, unsigned long len)
+{
+	if (!__copy_to_user((void *) vaddr, src, len))
+		flush_cache_user_range(vaddr, len);
+}
+
+
 int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs)
 {
 	struct uprobe_task *utask = current->utask;
diff --git a/include/linux/uprobes.h b/include/linux/uprobes.h
index edff2b9..c52f827 100644
--- a/include/linux/uprobes.h
+++ b/include/linux/uprobes.h
@@ -32,6 +32,7 @@ struct vm_area_struct;
 struct mm_struct;
 struct inode;
 struct notifier_block;
+struct page;
 
 #define UPROBE_HANDLER_REMOVE		1
 #define UPROBE_HANDLER_MASK		1
@@ -127,6 +128,8 @@ extern int  arch_uprobe_exception_notify(struct notifier_block *self, unsigned l
 extern void arch_uprobe_abort_xol(struct arch_uprobe *aup, struct pt_regs *regs);
 extern unsigned long arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs *regs);
 extern bool __weak arch_uprobe_ignore(struct arch_uprobe *aup, struct pt_regs *regs);
+extern void __weak arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr,
+					 void *src, unsigned long len);
 #else /* !CONFIG_UPROBES */
 struct uprobes_state {
 };
diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
index 04709b6..1038e57 100644
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -1149,7 +1149,7 @@ static int xol_add_vma(struct mm_struct *mm, struct xol_area *area)
 	}
 
 	ret = install_special_mapping(mm, area->vaddr, PAGE_SIZE,
-				VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, &area->page);
+				VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO|VM_WRITE, &area->page);
 	if (ret)
 		goto fail;
 
@@ -1296,14 +1296,8 @@ static unsigned long xol_get_insn_slot(struct uprobe *uprobe)
 	if (unlikely(!xol_vaddr))
 		return 0;
 
-	/* Initialize the slot */
-	copy_to_page(area->page, xol_vaddr,
-			&uprobe->arch.ixol, sizeof(uprobe->arch.ixol));
-	/*
-	 * We probably need flush_icache_user_range() but it needs vma.
-	 * This should work on supported architectures too.
-	 */
-	flush_dcache_page(area->page);
+	arch_uprobe_copy_ixol(area->page, xol_vaddr,
+			      &uprobe->arch.ixol, sizeof(uprobe->arch.ixol));
 
 	return xol_vaddr;
 }
@@ -1346,6 +1340,22 @@ static void xol_free_insn_slot(struct task_struct *tsk)
 	}
 }
 
+void __weak arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr,
+				  void *src, unsigned long len)
+{
+	/*
+	 * Note if CPU does not support instructions write snooping
+	 * from dcache it needs to define its own version of this
+	 * function that would take care of proper cache flushes.
+	 *
+	 * Nothing we can do if it fails, added if to make unused
+	 * result warning happy. If xol write failed because process
+	 * unmapped xol area by mistake, process will crash in some
+	 * other place.
+	 */
+	if (__copy_to_user((void *) vaddr, src, len));
+}
+
 /**
  * uprobe_get_swbp_addr - compute address of swbp given post-swbp regs
  * @regs: Reflects the saved state of the task after it has hit a breakpoint