Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp648969ybl;
        Fri, 31 Jan 2020 05:37:02 -0800 (PST)
X-Google-Smtp-Source: APXvYqxt9zi48PuyUDs56uoLzFRAhZKZO+bqUdtYQe/swE5jYJ7BTXFaunraSkFZApCcGiu0wZle
X-Received: by 2002:aca:3284:: with SMTP id y126mr1836470oiy.67.1580477822383;
        Fri, 31 Jan 2020 05:37:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1580477822; cv=none;
        d=google.com; s=arc-20160816;
        b=pvnKUBtkP+4VvKUuwggyXol11cC1SqN3Siupa+BEwxWHOeqirYqRNdUw8VmobYi+gx
         LzQHqHZjsBA2linHkOYIBnI+DY2PV0jX5HHCV3jjZeT5WUldrSKOwpFVWp3DXIBSQ36b
         TffBHo33NQ0dFVhw69Z0KKbD0gTZi/yF8CtERQnk+QFrCLQGZGRYn9OSqsAnt5RfrUAz
         spJUPOT+4tdn5Fdsubofw7+WKFhazDFH7hDh8te8Cdi4LUt1fJIo2+Wt1cWRynrj/SW/
         W5cRiiBB+06T4QH3nj710mcCjCP9agDUfdCcKwAikTsXAK3k/pV5pFrFWM1+F3j/6lPV
         +fpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:cc:to:subject:from:references
         :in-reply-to:message-id:dkim-signature;
        bh=mjuNGyt46RnkUzR/kKHxdzVtmCg0Aph6VaxHWduWcuc=;
        b=nq9slFpwzwt6RyvLo1NVcy6g8LV2QZkt+94dE7Xis8AxiN/Cwf02ovRl7tDC/hMXoa
         5DDsmy9suU7ZX+xqcWPShAQc2St6l/QdueuDtJF84tz7XdTsvkxpMYFv/jV2R/v5MuOR
         dO3QBkOvLPkhqT4oyLK6jzCCZbTPwtaU9ZsawMsBgYoqJw+0uasycTpHfD8ITvb3ZyK5
         p1Xg/nJbUbKJ0PMgDBO4rwycFOd6XwkTSGRSZbLB3firh8GAF9o070KnOkPxpfkvEyKL
         szy0eNTYp/kwSd+U0g+7u6/axMzEMR4ecJrH+IWr5xTE5vOeHPY883dj06Yg8Dk4J+02
         hvcw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b="F0WK/nOG";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g26si2413602otl.172.2020.01.31.05.36.49;
        Fri, 31 Jan 2020 05:37:02 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b="F0WK/nOG";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728742AbgAaNex (ORCPT <rfc822;chenc2371@gmail.com> + 99 others);
        Fri, 31 Jan 2020 08:34:53 -0500
Received: from pegase1.c-s.fr ([93.17.236.30]:44714 "EHLO pegase1.c-s.fr"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728641AbgAaNew (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 31 Jan 2020 08:34:52 -0500
Received: from localhost (mailhub1-int [192.168.12.234])
        by localhost (Postfix) with ESMTP id 488J9j398pz9vCRk;
        Fri, 31 Jan 2020 14:34:49 +0100 (CET)
Authentication-Results: localhost; dkim=pass
        reason="1024-bit key; insecure key"
        header.d=c-s.fr header.i=@c-s.fr header.b=F0WK/nOG; dkim-adsp=pass;
        dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
        by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024)
        with ESMTP id 5yyRt-Avr9Pu; Fri, 31 Jan 2020 14:34:49 +0100 (CET)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
        by pegase1.c-s.fr (Postfix) with ESMTP id 488J9j19kqz9vCRQ;
        Fri, 31 Jan 2020 14:34:49 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail;
        t=1580477689; bh=mjuNGyt46RnkUzR/kKHxdzVtmCg0Aph6VaxHWduWcuc=;
        h=In-Reply-To:References:From:Subject:To:Cc:Date:From;
        b=F0WK/nOGUzE8LFC8g2w8xfv06I8z3PCc/CNpjMlY+PK91hWNTti3j6ut3f1oiSOws
         uLNKxCJ3FPlJvuUs35gxZomOOTuAAcGcsmu9HknChFvfsxmCK7zP/WV0AKZsVGAZ0n
         MaHO47UigsnLat5x0MRNv0lRJsdygy6TfAKlocVg=
Received: from localhost (localhost [127.0.0.1])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 862128B8AA;
        Fri, 31 Jan 2020 14:34:50 +0100 (CET)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
        by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
        with ESMTP id 5xBniH5AQlBF; Fri, 31 Jan 2020 14:34:50 +0100 (CET)
Received: from po14934vm.idsi0.si.c-s.fr (po15451.idsi0.si.c-s.fr [172.25.230.105])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 525498B8A2;
        Fri, 31 Jan 2020 14:34:50 +0100 (CET)
Received: by po14934vm.idsi0.si.c-s.fr (Postfix, from userid 0)
        id 4BE2765288; Fri, 31 Jan 2020 13:34:50 +0000 (UTC)
Message-Id: <01fdf1b7375b3e1e43a634bf6719b576c4c5db11.1580477672.git.christophe.leroy@c-s.fr>
In-Reply-To: <84be5ad6a996adf5693260749dcb4d8c69182073.1580477672.git.christophe.leroy@c-s.fr>
References: <84be5ad6a996adf5693260749dcb4d8c69182073.1580477672.git.christophe.leroy@c-s.fr>
From:   Christophe Leroy <christophe.leroy@c-s.fr>
Subject: [PATCH v2 2/7] powerpc/kprobes: Mark newly allocated probes as RO
To:     Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Michael Ellerman <mpe@ellerman.id.au>, ruscur@russell.cc
Cc:     linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Date:   Fri, 31 Jan 2020 13:34:50 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

With CONFIG_STRICT_KERNEL_RWX=y and CONFIG_KPROBES=y, there will be one
W+X page at boot by default.  This can be tested with
CONFIG_PPC_PTDUMP=y and CONFIG_PPC_DEBUG_WX=y set, and checking the
kernel log during boot.

powerpc doesn't implement its own alloc() for kprobes like other
architectures do, but we couldn't immediately mark RO anyway since we do
a memcpy to the page we allocate later.  After that, nothing should be
allowed to modify the page, and write permissions are removed well
before the kprobe is armed.

The memcpy() would fail if >1 probes were allocated, so use
patch_instruction() instead which is safe for RO.

Reviewed-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
---
v2: removed the redundant flush
---
 arch/powerpc/kernel/kprobes.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
index 2d27ec4feee4..d3e594e6094c 100644
--- a/arch/powerpc/kernel/kprobes.c
+++ b/arch/powerpc/kernel/kprobes.c
@@ -24,6 +24,7 @@
 #include <asm/sstep.h>
 #include <asm/sections.h>
 #include <linux/uaccess.h>
+#include <linux/set_memory.h>
 
 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
@@ -124,13 +125,12 @@ int arch_prepare_kprobe(struct kprobe *p)
 	}
 
 	if (!ret) {
-		memcpy(p->ainsn.insn, p->addr,
-				MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
+		patch_instruction(p->ainsn.insn, *p->addr);
 		p->opcode = *p->addr;
-		flush_icache_range((unsigned long)p->ainsn.insn,
-			(unsigned long)p->ainsn.insn + sizeof(kprobe_opcode_t));
 	}
 
+	set_memory_ro((unsigned long)p->ainsn.insn, 1);
+
 	p->ainsn.boostable = 0;
 	return ret;
 }
-- 
2.25.0