On Thu, Jun 1, 2023 at 3:15 AM Mike Rapoport <rppt@xxxxxxxxxx> wrote:
>
> From: Song Liu <song@xxxxxxxxxx>
>
> Replace direct memory writes to memory allocated for code with text poking
> to allow allocation of executable memory as ROX.
>
> The only exception is arch_prepare_bpf_trampoline() that cannot jit
> directly into module memory yet, so it uses set_memory calls to
> unprotect the memory before writing to it and to protect memory in the
> end.
>
> Signed-off-by: Song Liu <song@xxxxxxxxxx>
> Co-developed-by: Mike Rapoport (IBM) <rppt@xxxxxxxxxx>
> Signed-off-by: Mike Rapoport (IBM) <rppt@xxxxxxxxxx>
> ---
> arch/x86/kernel/alternative.c | 43 +++++++++++++++++++++++------------
> arch/x86/kernel/ftrace.c | 41 +++++++++++++++++++++------------
> arch/x86/kernel/module.c | 24 +++++--------------
> arch/x86/kernel/static_call.c | 10 ++++----
> arch/x86/kernel/unwind_orc.c | 13 +++++++----
> arch/x86/net/bpf_jit_comp.c | 22 +++++++++++++-----
We need the following in this patch (or before this patch).
Otherwise, the system will crash at the VIRTUAL_BUG_ON()
in vmalloc_to_page().
Thanks,
Song
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index bf954d2721c1..4efa8a795ebc 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -1084,7 +1084,7 @@ bpf_jit_binary_pack_alloc(unsigned int proglen,
u8 **image_ptr,
return NULL;
}
- *rw_header = kvmalloc(size, GFP_KERNEL);
+ *rw_header = kvzalloc(size, GFP_KERNEL);
if (!*rw_header) {
bpf_arch_text_copy(&ro_header->size, &size, sizeof(size));
bpf_prog_pack_free(ro_header);
@@ -1092,8 +1092,6 @@ bpf_jit_binary_pack_alloc(unsigned int proglen,
u8 **image_ptr,
return NULL;
}
- /* Fill space with illegal/arch-dep instructions. */
- bpf_fill_ill_insns(*rw_header, size);
(*rw_header)->size = size;
hole = min_t(unsigned int, size - (proglen + sizeof(*ro_header)),
