[RFC 0/2] Consolidate patch_instruction
Balbir Singh
bsingharora at gmail.com
Wed May 17 11:23:48 AEST 2017
On Tue, 2017-05-16 at 19:11 +0530, Naveen N. Rao wrote:
> On 2017/05/16 10:56AM, Anshuman Khandual wrote:
> > On 05/16/2017 09:19 AM, Balbir Singh wrote:
> > > patch_instruction is enhanced in this RFC to support
> > > patching via a different virtual address (text_poke_area).
> >
> > Why writing instruction directly into the address is not
> > sufficient and need to go through this virtual address ?
>
> To enable KERNEL_STRICT_RWX and map all of kernel text to be read-only?
>
Precisely, the rest of the bits are still being developed.
> >
> > > The mapping of text_poke_area->addr is RW and not RWX.
> > > This way the mapping allows write for patching and then we tear
> > > down the mapping. The downside is that we introduce a spinlock
> > > which serializes our patching to one patch at a time.
> >
> > So whats the benifits we get otherwise in this approach when
> > we are adding a new lock into the equation.
>
> Instruction patching isn't performance critical, so the slow down is
> likely not noticeable. Marking kernel text read-only helps harden the
> kernel by catching unintended code modifications whether through
> exploits or through bugs.
>
Precisely!
Balbir Singh.
More information about the Linuxppc-dev
mailing list