[PATCH v2 02/20] x86/jump_label: Use text_poke_early() during early init

Rick Edgecombe rick.p.edgecombe at intel.com
Tue Jan 29 00:34:04 UTC 2019


From: Nadav Amit <namit at vmware.com>

There is no apparent reason not to use text_poke_early() while we are
during early-init and we do not patch code that might be on the stack
(i.e., we'll return to the middle of the patched code). This appears to
be the case of jump-labels, so do so.

This is required for the next patches that would set a temporary mm for
patching, which is initialized after some static-keys are
enabled/disabled.

Cc: Andy Lutomirski <luto at kernel.org>
Cc: Kees Cook <keescook at chromium.org>
Cc: Dave Hansen <dave.hansen at intel.com>
Cc: Masami Hiramatsu <mhiramat at kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz at infradead.org>
Signed-off-by: Nadav Amit <namit at vmware.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe at intel.com>
---
 arch/x86/kernel/jump_label.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/jump_label.c b/arch/x86/kernel/jump_label.c
index f99bd26bd3f1..e36cfec0f35e 100644
--- a/arch/x86/kernel/jump_label.c
+++ b/arch/x86/kernel/jump_label.c
@@ -50,7 +50,12 @@ static void __ref __jump_label_transform(struct jump_entry *entry,
 	jmp.offset = jump_entry_target(entry) -
 		     (jump_entry_code(entry) + JUMP_LABEL_NOP_SIZE);
 
-	if (early_boot_irqs_disabled)
+	/*
+	 * As long as we're UP and not yet marked RO, we can use
+	 * text_poke_early; SYSTEM_BOOTING guarantees both, as we switch to
+	 * SYSTEM_SCHEDULING before going either.
+	 */
+	if (system_state == SYSTEM_BOOTING)
 		poker = text_poke_early;
 
 	if (type == JUMP_LABEL_JMP) {
-- 
2.17.1



More information about the Linux-security-module-archive mailing list