riscv: bpf: Avoid breaking W^X

We allocate Non-executable pages, then call bpf_jit_binary_lock_ro()
to enable executable permission after mapping them read-only. This is
to prepare for STRICT_MODULE_RWX in following patch.

Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>

diff --git a/arch/riscv/net/bpf_jit_core.c b/arch/riscv/net/bpf_jit_core.c
index d8da819290b79059dcdd40913983afdfbaa9888b..fed86f42dfbe56813a99bf737ec5b75f1c42380f 100644 (file)
--- a/arch/riscv/net/bpf_jit_core.c
+++ b/arch/riscv/net/bpf_jit_core.c
@@ -152,6 +152,7 @@ skip_init_ctx:
        bpf_flush_icache(jit_data->header, ctx->insns + ctx->ninsns);
 
        if (!prog->is_func || extra_pass) {
+               bpf_jit_binary_lock_ro(jit_data->header);
 out_offset:
                kfree(ctx->offset);
                kfree(jit_data);
@@ -169,7 +170,7 @@ void *bpf_jit_alloc_exec(unsigned long size)
 {
        return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START,
                                    BPF_JIT_REGION_END, GFP_KERNEL,
-                                   PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
+                                   PAGE_KERNEL, 0, NUMA_NO_NODE,
                                    __builtin_return_address(0));
 }