bpf: Enforce W^X for bpf trampoline

Mark the trampoline as RO+X after arch_prepare_bpf_trampoline, so that
the trampoine follows W^X rule strictly. This will turn off warnings like

CPA refuse W^X violation: 8000000000000163 -> 0000000000000163 range: ...

Also remove bpf_jit_alloc_exec_page(), since it is not used any more.

Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20220926184739.3512547-3-song@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 9ae155c..5161fac 100644 (file)
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1008,7 +1008,6 @@ int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_func
 void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from,
                                struct bpf_prog *to);
 /* Called only from JIT-enabled code, so there's no need for stubs. */
-void *bpf_jit_alloc_exec_page(void);
 void bpf_image_ksym_add(void *data, struct bpf_ksym *ksym);
 void bpf_image_ksym_del(struct bpf_ksym *ksym);
 void bpf_ksym_add(struct bpf_ksym *ksym);

diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
index 41b67eb..6f7b939 100644 (file)
--- a/kernel/bpf/trampoline.c
+++ b/kernel/bpf/trampoline.c
@@ -116,22 +116,6 @@ bool bpf_prog_has_trampoline(const struct bpf_prog *prog)
                (ptype == BPF_PROG_TYPE_LSM && eatype == BPF_LSM_MAC);
 }
 
-void *bpf_jit_alloc_exec_page(void)
-{
-       void *image;
-
-       image = bpf_jit_alloc_exec(PAGE_SIZE);
-       if (!image)
-               return NULL;
-
-       set_vm_flush_reset_perms(image);
-       /* Keep image as writeable. The alternative is to keep flipping ro/rw
-        * every time new program is attached or detached.
-        */
-       set_memory_x((long)image, 1);
-       return image;
-}
-
 void bpf_image_ksym_add(void *data, struct bpf_ksym *ksym)
 {
        ksym->start = (unsigned long) data;
@@ -404,9 +388,10 @@ static struct bpf_tramp_image *bpf_tramp_image_alloc(u64 key, u32 idx)
                goto out_free_im;
 
        err = -ENOMEM;
-       im->image = image = bpf_jit_alloc_exec_page();
+       im->image = image = bpf_jit_alloc_exec(PAGE_SIZE);
        if (!image)
                goto out_uncharge;
+       set_vm_flush_reset_perms(image);
 
        err = percpu_ref_init(&im->pcref, __bpf_tramp_image_release, 0, GFP_KERNEL);
        if (err)
@@ -483,6 +468,9 @@ again:
        if (err < 0)
                goto out;
 
+       set_memory_ro((long)im->image, 1);
+       set_memory_x((long)im->image, 1);
+
        WARN_ON(tr->cur_image && tr->selector == 0);
        WARN_ON(!tr->cur_image && tr->selector);
        if (tr->cur_image)