misc: sram-exec: Use aligned fncpy instead of memcpy

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Currently the sram-exec functionality, which allows allocation of
executable memory and provides an API to move code to it, is only
selected in configs for the ARM architecture. Based on commit
5756e9dd0de6 ("ARM: 6640/1: Thumb-2: Symbol manipulation macros for
function body copying") simply copying a C function pointer address
using memcpy without consideration of alignment and Thumb is unsafe on
ARM platforms.

The aforementioned patch introduces the fncpy macro which is a safe way
to copy executable code on ARM platforms, so let's make use of that here
rather than the unsafe plain memcpy that was previously used by
sram_exec_copy. Now sram_exec_copy will move the code to "dst" and
return an address that is guaranteed to be safely callable.

In the future, architectures hoping to make use of the sram-exec
functionality must define an fncpy macro just as ARM has done to
guarantee or check for safe copying to executable memory before allowing
the arch to select CONFIG_SRAM_EXEC.

Acked-by: Tony Lindgren <tony@atomide.com>
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Reviewed-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Dave Gerlach and committed by

Greg Kroah-Hartman 9 years ago 34cfb106 a5061d02

+24 -11

2 changed files

expand all

drivers

misc

sram-exec.c

include

linux

sram.h

+20 -7

drivers/misc/sram-exec.c

··· 19 19 #include <linux/mm.h> 20 20 #include <linux/sram.h> 21 21 22 + #include <asm/fncpy.h> 22 23 #include <asm/set_memory.h> 23 24 24 25 #include "sram.h" ··· 59 58 * @src: Source address for the data to copy 60 59 * @size: Size of copy to perform, which starting from dst, must reside in pool 61 60 * 61 + * Return: Address for copied data that can safely be called through function 62 + * pointer, or NULL if problem. 63 + * 62 64 * This helper function allows sram driver to act as central control location 63 65 * of 'protect-exec' pools which are normal sram pools but are always set 64 66 * read-only and executable except when copying data to them, at which point 65 67 * they are set to read-write non-executable, to make sure no memory is 66 68 * writeable and executable at the same time. This region must be page-aligned 67 69 * and is checked during probe, otherwise page attribute manipulation would 68 - * not be possible. 70 + * not be possible. Care must be taken to only call the returned address as 71 + * dst address is not guaranteed to be safely callable. 72 + * 73 + * NOTE: This function uses the fncpy macro to move code to the executable 74 + * region. Some architectures have strict requirements for relocating 75 + * executable code, so fncpy is a macro that must be defined by any arch 76 + * making use of this functionality that guarantees a safe copy of exec 77 + * data and returns a safe address that can be called as a C function 78 + * pointer. 69 79 */ 70 - int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, 71 - size_t size) 80 + void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, 81 + size_t size) 72 82 { 73 83 struct sram_partition *part = NULL, *p; 74 84 unsigned long base; 75 85 int pages; 86 + void *dst_cpy; 76 87 77 88 mutex_lock(&exec_pool_list_mutex); 78 89 list_for_each_entry(p, &exec_pool_list, list) { ··· 94 81 mutex_unlock(&exec_pool_list_mutex); 95 82 96 83 if (!part) 97 - return -EINVAL; 84 + return NULL; 98 85 99 86 if (!addr_in_gen_pool(pool, (unsigned long)dst, size)) 100 - return -EINVAL; 87 + return NULL; 101 88 102 89 base = (unsigned long)part->base; 103 90 pages = PAGE_ALIGN(size) / PAGE_SIZE; ··· 107 94 set_memory_nx((unsigned long)base, pages); 108 95 set_memory_rw((unsigned long)base, pages); 109 96 110 - memcpy(dst, src, size); 97 + dst_cpy = fncpy(dst, src, size); 111 98 112 99 set_memory_ro((unsigned long)base, pages); 113 100 set_memory_x((unsigned long)base, pages); 114 101 115 102 mutex_unlock(&part->lock); 116 103 117 - return 0; 104 + return dst_cpy; 118 105 } 119 106 EXPORT_SYMBOL_GPL(sram_exec_copy);

+4 -4

include/linux/sram.h

··· 16 16 struct gen_pool; 17 17 18 18 #ifdef CONFIG_SRAM_EXEC 19 - int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, size_t size); 19 + void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, size_t size); 20 20 #else 21 - static inline int sram_exec_copy(struct gen_pool *pool, void *dst, void *src, 22 - size_t size) 21 + static inline void *sram_exec_copy(struct gen_pool *pool, void *dst, void *src, 22 + size_t size) 23 23 { 24 - return -ENODEV; 24 + return NULL; 25 25 } 26 26 #endif /* CONFIG_SRAM_EXEC */ 27 27 #endif /* __LINUX_SRAM_H__ */