Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3469500ybl;
        Mon, 3 Feb 2020 00:36:10 -0800 (PST)
X-Google-Smtp-Source: APXvYqzXe3GsVo7dulLUI9eGCDfW2B3ucfVw+cAveMdkGnc++OeCoOw02bR4R8LzQG7pWRfN4Mxg
X-Received: by 2002:a9d:2184:: with SMTP id s4mr695173otb.121.1580718969881;
        Mon, 03 Feb 2020 00:36:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1580718969; cv=none;
        d=google.com; s=arc-20160816;
        b=fDGGIplWIUaCYV8tIA1N+3F3Trx8eAcDxyYlEIW7RVqa+FzPMELTVjLxfSlP6rgAJc
         Qe2TjNDYdc9SNw1vnMwCl9CVlKMF9e1sDfWIpgG1E5NV5KtkLiiQ9RYL7fZcZCLH2uhF
         n8qEi0vJ6XWkZy4jmDqaV+hotNhoGsahEClANttmakSYQLJvgfJ8alJeUu5piuvAbsAQ
         PO7BYPcNBYadk+x2lIwk7dJDF29QoBrGIYrC4FpoRPZjgWyJD5wIcSIUrUZChympvDwp
         usfYlb+gyIEv7z0czPKVa+tf6aZUsObcGPL/UVTYNwjEckbbVFpfAHm7bkoH2mkgoeIS
         7X6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:cc:to:subject:from:references
         :in-reply-to:message-id:dkim-signature;
        bh=Hl7td6ehvi+friZkP3h29//VBfgNZmbTD687vF6OjtA=;
        b=ts2jGYWB0uGky4Xc8wyksa37F+OQ84URrXxvcilEoHjMZgtISlirdWcCCQ/lFHoW+E
         gjWw1alfpvignqRffGDNXlm1HJGuxFhTp9QwKnbJsEZ4l+A4SRvpRLBScTP+JN0kv3wj
         qHMNU6GSUM6SOlVmrEvyI4/nZEJNN5jLTlFyBiTaApoKcVMNXP9KMyP+C13fGQCYKWoA
         XAnVBjqkQ3keGU2CsuM+T3OuQ8krloA2mHBZe18s5TcXVmT3x1gRKdKMhXvl/kkQQVC6
         u9/x/fjPpdUWffLr3dVSYqXP24r8W7Pee2uaVF75NF9aFtq+DLO0s1SgmqoVwFDphnTK
         NV9A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=TuT1j7vc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e1si8395802otr.8.2020.02.03.00.35.57;
        Mon, 03 Feb 2020 00:36:09 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=TuT1j7vc;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727627AbgBCHL7 (ORCPT <rfc822;a.buran28@gmail.com> + 99 others);
        Mon, 3 Feb 2020 02:11:59 -0500
Received: from pegase1.c-s.fr ([93.17.236.30]:29125 "EHLO pegase1.c-s.fr"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726410AbgBCHL7 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Feb 2020 02:11:59 -0500
Received: from localhost (mailhub1-int [192.168.12.234])
        by localhost (Postfix) with ESMTP id 489zXT0HYRz9tyK2;
        Mon,  3 Feb 2020 08:11:53 +0100 (CET)
Authentication-Results: localhost; dkim=pass
        reason="1024-bit key; insecure key"
        header.d=c-s.fr header.i=@c-s.fr header.b=TuT1j7vc; dkim-adsp=pass;
        dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
        by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024)
        with ESMTP id rACRmnZx5uGd; Mon,  3 Feb 2020 08:11:52 +0100 (CET)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
        by pegase1.c-s.fr (Postfix) with ESMTP id 489zXS6NCcz9tyK0;
        Mon,  3 Feb 2020 08:11:52 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail;
        t=1580713912; bh=Hl7td6ehvi+friZkP3h29//VBfgNZmbTD687vF6OjtA=;
        h=In-Reply-To:References:From:Subject:To:Cc:Date:From;
        b=TuT1j7vcLwXb3zXTwp26qDdV2QR3/UKUmGJZDFm/N+QQfzWsX2CChpCzO0d7uUdpb
         un4+j1oyaUgFMQ1mAZZeNOno05viKyaZaKv/sAo4f6yySZSQS9g9kQT/Tknc5uemlF
         pUl/VtBhbsG09vYV+fpzKWRkDUT6E63QhmteLhDs=
Received: from localhost (localhost [127.0.0.1])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 73B458B791;
        Mon,  3 Feb 2020 08:11:57 +0100 (CET)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
        by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
        with ESMTP id Bk508yKGDFCm; Mon,  3 Feb 2020 08:11:57 +0100 (CET)
Received: from po14934vm.idsi0.si.c-s.fr (po15451.idsi0.si.c-s.fr [172.25.230.102])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 470F08B752;
        Mon,  3 Feb 2020 08:11:57 +0100 (CET)
Received: by po14934vm.idsi0.si.c-s.fr (Postfix, from userid 0)
        id 2B99E652AD; Mon,  3 Feb 2020 07:11:56 +0000 (UTC)
Message-Id: <68a800e0afa0ca6797358cd8b5b12394eac89fdc.1580713729.git.christophe.leroy@c-s.fr>
In-Reply-To: <80ebd9075cd7c8b412c6d5d05f7542f9026642ef.1580713729.git.christophe.leroy@c-s.fr>
References: <80ebd9075cd7c8b412c6d5d05f7542f9026642ef.1580713729.git.christophe.leroy@c-s.fr>
From:   Christophe Leroy <christophe.leroy@c-s.fr>
Subject: [PATCH v3 2/7] powerpc/kprobes: Mark newly allocated probes as RO
To:     Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Michael Ellerman <mpe@ellerman.id.au>, ruscur@russell.cc
Cc:     linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Date:   Mon,  3 Feb 2020 07:11:56 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

With CONFIG_STRICT_KERNEL_RWX=y and CONFIG_KPROBES=y, there will be one
W+X page at boot by default.  This can be tested with
CONFIG_PPC_PTDUMP=y and CONFIG_PPC_DEBUG_WX=y set, and checking the
kernel log during boot.

powerpc doesn't implement its own alloc() for kprobes like other
architectures do, but we couldn't immediately mark RO anyway since we do
a memcpy to the page we allocate later.  After that, nothing should be
allowed to modify the page, and write permissions are removed well
before the kprobe is armed.

The memcpy() would fail if >1 probes were allocated, so use
patch_instruction() instead which is safe for RO.

Reviewed-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
---
v3: copied alloc_insn_page() from arm64, set_memory_ro() is now called there.
v2: removed the redundant flush
---
 arch/powerpc/kernel/kprobes.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
index 2d27ec4feee4..bfab91ded234 100644
--- a/arch/powerpc/kernel/kprobes.c
+++ b/arch/powerpc/kernel/kprobes.c
@@ -24,6 +24,8 @@
 #include <asm/sstep.h>
 #include <asm/sections.h>
 #include <linux/uaccess.h>
+#include <linux/set_memory.h>
+#include <linux/vmalloc.h>
 
 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
@@ -102,6 +104,16 @@ kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
 	return addr;
 }
 
+void *alloc_insn_page(void)
+{
+	void *page = vmalloc_exec(PAGE_SIZE);
+
+	if (page)
+		set_memory_ro((unsigned long)page, 1);
+
+	return page;
+}
+
 int arch_prepare_kprobe(struct kprobe *p)
 {
 	int ret = 0;
@@ -124,11 +136,8 @@ int arch_prepare_kprobe(struct kprobe *p)
 	}
 
 	if (!ret) {
-		memcpy(p->ainsn.insn, p->addr,
-				MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
+		patch_instruction(p->ainsn.insn, *p->addr);
 		p->opcode = *p->addr;
-		flush_icache_range((unsigned long)p->ainsn.insn,
-			(unsigned long)p->ainsn.insn + sizeof(kprobe_opcode_t));
 	}
 
 	p->ainsn.boostable = 0;
-- 
2.25.0