riscv: bpf: Avoid breaking W^X

We allocate Non-executable pages, then call bpf_jit_binary_lock_ro() to enable executable permission after mapping them read-only. This is to prepare for STRICT_MODULE_RWX in following patch. Signed-off-by: Jisheng Zhang <jszhang@kernel.org> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
author: Jisheng Zhang <jszhang@kernel.org> 2021-03-29 21:25:21 +0300
committer: Palmer Dabbelt <palmerdabbelt@google.com> 2021-04-26 18:25:14 +0300
commit: fc8504765ec5e812135b8ccafca7101069a0c6d8 (patch)
tree: a4b9d1f65e9bf35e0d6a2120363f108c7c07aca0 /arch/riscv
parent: 1d27d854425faec98f352cf88ec3e2a8844429a4 (diff)
download: linux-fc8504765ec5e812135b8ccafca7101069a0c6d8.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/riscv/net/bpf_jit_core.c b/arch/riscv/net/bpf_jit_core.c
index d8da819290b7..fed86f42dfbe 100644
--- a/arch/riscv/net/bpf_jit_core.c
+++ b/arch/riscv/net/bpf_jit_core.c
@@ -152,6 +152,7 @@ skip_init_ctx:
 	bpf_flush_icache(jit_data->header, ctx->insns + ctx->ninsns);
 
 	if (!prog->is_func || extra_pass) {
+		bpf_jit_binary_lock_ro(jit_data->header);
 out_offset:
 		kfree(ctx->offset);
 		kfree(jit_data);
@@ -169,7 +170,7 @@ void *bpf_jit_alloc_exec(unsigned long size)
 {
 	return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START,
 				    BPF_JIT_REGION_END, GFP_KERNEL,
-				    PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE,
+				    PAGE_KERNEL, 0, NUMA_NO_NODE,
 				    __builtin_return_address(0));
 }
author	Jisheng Zhang <jszhang@kernel.org>	2021-03-29 21:25:21 +0300
committer	Palmer Dabbelt <palmerdabbelt@google.com>	2021-04-26 18:25:14 +0300
commit	fc8504765ec5e812135b8ccafca7101069a0c6d8 (patch)
tree	a4b9d1f65e9bf35e0d6a2120363f108c7c07aca0 /arch/riscv
parent	1d27d854425faec98f352cf88ec3e2a8844429a4 (diff)
download	linux-fc8504765ec5e812135b8ccafca7101069a0c6d8.tar.xz