tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

x86/kprobes: enable EXECMEM_ROX_CACHE for kprobes allocations

x86::alloc_insn_page() always allocates ROX memory.

Instead of overriding this method, add EXECMEM_KPROBES entry in
execmem_info with pgprot set to PAGE_KERNEL_ROX and use ROX cache when
configuration and CPU features allow it.

Link: https://lkml.kernel.org/r/20250713071730.4117334-8-rppt@kernel.org
Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Cc: Daniel Gomez <da.gomez@samsung.com>
Cc: Petr Pavlu <petr.pavlu@suse.com>
Cc: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Mike Rapoport (Microsoft) and committed by
Andrew Morton 36de1e42 ab674b68

+8 -19
-18
arch/x86/kernel/kprobes/core.c
··· 481 481 return len; 482 482 } 483 483 484 - /* Make page to RO mode when allocate it */ 485 - void *alloc_insn_page(void) 486 - { 487 - void *page; 488 - 489 - page = execmem_alloc(EXECMEM_KPROBES, PAGE_SIZE); 490 - if (!page) 491 - return NULL; 492 - 493 - /* 494 - * TODO: Once additional kernel code protection mechanisms are set, ensure 495 - * that the page was not maliciously altered and it is still zeroed. 496 - */ 497 - set_memory_rox((unsigned long)page, 1); 498 - 499 - return page; 500 - } 501 - 502 484 /* Kprobe x86 instruction emulation - only regs->ip or IF flag modifiers */ 503 485 504 486 static void kprobe_emulate_ifmodifiers(struct kprobe *p, struct pt_regs *regs)
+8 -1
arch/x86/mm/init.c
··· 1098 1098 .pgprot = pgprot, 1099 1099 .alignment = MODULE_ALIGN, 1100 1100 }, 1101 - [EXECMEM_KPROBES ... EXECMEM_BPF] = { 1101 + [EXECMEM_KPROBES] = { 1102 + .flags = flags, 1103 + .start = start, 1104 + .end = MODULES_END, 1105 + .pgprot = PAGE_KERNEL_ROX, 1106 + .alignment = MODULE_ALIGN, 1107 + }, 1108 + [EXECMEM_FTRACE ... EXECMEM_BPF] = { 1102 1109 .flags = EXECMEM_KASAN_SHADOW, 1103 1110 .start = start, 1104 1111 .end = MODULES_END,