1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LINUX_EXECMEM_ALLOC_H
3 #define _LINUX_EXECMEM_ALLOC_H
4
5 #include <linux/types.h>
6 #include <linux/moduleloader.h>
7 #include <linux/cleanup.h>
8
9 #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \
10 !defined(CONFIG_KASAN_VMALLOC)
11 #include <linux/kasan.h>
12 #define MODULE_ALIGN (PAGE_SIZE << KASAN_SHADOW_SCALE_SHIFT)
13 #else
14 #define MODULE_ALIGN PAGE_SIZE
15 #endif
16
17 /**
18 * enum execmem_type - types of executable memory ranges
19 *
20 * There are several subsystems that allocate executable memory.
21 * Architectures define different restrictions on placement,
22 * permissions, alignment and other parameters for memory that can be used
23 * by these subsystems.
24 * Types in this enum identify subsystems that allocate executable memory
25 * and let architectures define parameters for ranges suitable for
26 * allocations by each subsystem.
27 *
28 * @EXECMEM_DEFAULT: default parameters that would be used for types that
29 * are not explicitly defined.
30 * @EXECMEM_MODULE_TEXT: parameters for module text sections
31 * @EXECMEM_KPROBES: parameters for kprobes
32 * @EXECMEM_FTRACE: parameters for ftrace
33 * @EXECMEM_BPF: parameters for BPF
34 * @EXECMEM_MODULE_DATA: parameters for module data sections
35 * @EXECMEM_TYPE_MAX:
36 */
37 enum execmem_type {
38 EXECMEM_DEFAULT,
39 EXECMEM_MODULE_TEXT = EXECMEM_DEFAULT,
40 EXECMEM_KPROBES,
41 EXECMEM_FTRACE,
42 EXECMEM_BPF,
43 EXECMEM_MODULE_DATA,
44 EXECMEM_TYPE_MAX,
45 };
46
47 /**
48 * enum execmem_range_flags - options for executable memory allocations
49 * @EXECMEM_KASAN_SHADOW: allocate kasan shadow
50 * @EXECMEM_ROX_CACHE: allocations should use ROX cache of huge pages
51 */
52 enum execmem_range_flags {
53 EXECMEM_KASAN_SHADOW = (1 << 0),
54 EXECMEM_ROX_CACHE = (1 << 1),
55 };
56
57 #if defined(CONFIG_ARCH_HAS_EXECMEM_ROX) && defined(CONFIG_EXECMEM)
58 /**
59 * execmem_fill_trapping_insns - set memory to contain instructions that
60 * will trap
61 * @ptr: pointer to memory to fill
62 * @size: size of the range to fill
63 * @writable: is the memory poited by @ptr is writable or ROX
64 *
65 * A hook for architecures to fill execmem ranges with invalid instructions.
66 * Architectures that use EXECMEM_ROX_CACHE must implement this.
67 */
68 void execmem_fill_trapping_insns(void *ptr, size_t size, bool writable);
69
70 /**
71 * execmem_make_temp_rw - temporarily remap region with read-write
72 * permissions
73 * @ptr: address of the region to remap
74 * @size: size of the region to remap
75 *
76 * Remaps a part of the cached large page in the ROX cache in the range
77 * [@ptr, @ptr + @size) as writable and not executable. The caller must
78 * have exclusive ownership of this range and ensure nothing will try to
79 * execute code in this range.
80 *
81 * Return: 0 on success or negative error code on failure.
82 */
83 int execmem_make_temp_rw(void *ptr, size_t size);
84
85 /**
86 * execmem_restore_rox - restore read-only-execute permissions
87 * @ptr: address of the region to remap
88 * @size: size of the region to remap
89 *
90 * Restores read-only-execute permissions on a range [@ptr, @ptr + @size)
91 * after it was temporarily remapped as writable. Relies on architecture
92 * implementation of set_memory_rox() to restore mapping using large pages.
93 *
94 * Return: 0 on success or negative error code on failure.
95 */
96 int execmem_restore_rox(void *ptr, size_t size);
97
98 /*
99 * Called from mark_readonly(), where the system transitions to ROX.
100 */
101 void execmem_cache_make_ro(void);
102 #else
execmem_make_temp_rw(void * ptr,size_t size)103 static inline int execmem_make_temp_rw(void *ptr, size_t size) { return 0; }
execmem_restore_rox(void * ptr,size_t size)104 static inline int execmem_restore_rox(void *ptr, size_t size) { return 0; }
execmem_cache_make_ro(void)105 static inline void execmem_cache_make_ro(void) { }
106 #endif
107
108 /**
109 * struct execmem_range - definition of an address space suitable for code and
110 * related data allocations
111 * @start: address space start
112 * @end: address space end (inclusive)
113 * @fallback_start: start of the secondary address space range for fallback
114 * allocations on architectures that require it
115 * @fallback_end: start of the secondary address space (inclusive)
116 * @pgprot: permissions for memory in this address space
117 * @alignment: alignment required for text allocations
118 * @flags: options for memory allocations for this range
119 */
120 struct execmem_range {
121 unsigned long start;
122 unsigned long end;
123 unsigned long fallback_start;
124 unsigned long fallback_end;
125 pgprot_t pgprot;
126 unsigned int alignment;
127 enum execmem_range_flags flags;
128 };
129
130 /**
131 * struct execmem_info - architecture parameters for code allocations
132 * @ranges: array of parameter sets defining architecture specific
133 * parameters for executable memory allocations. The ranges that are not
134 * explicitly initialized by an architecture use parameters defined for
135 * @EXECMEM_DEFAULT.
136 */
137 struct execmem_info {
138 struct execmem_range ranges[EXECMEM_TYPE_MAX];
139 };
140
141 /**
142 * execmem_arch_setup - define parameters for allocations of executable memory
143 *
144 * A hook for architectures to define parameters for allocations of
145 * executable memory. These parameters should be filled into the
146 * @execmem_info structure.
147 *
148 * For architectures that do not implement this method a default set of
149 * parameters will be used
150 *
151 * Return: a structure defining architecture parameters and restrictions
152 * for allocations of executable memory
153 */
154 struct execmem_info *execmem_arch_setup(void);
155
156 /**
157 * execmem_alloc - allocate executable memory
158 * @type: type of the allocation
159 * @size: how many bytes of memory are required
160 *
161 * Allocates memory that will contain executable code, either generated or
162 * loaded from kernel modules.
163 *
164 * Allocates memory that will contain data coupled with executable code,
165 * like data sections in kernel modules.
166 *
167 * The memory will have protections defined by architecture for executable
168 * region of the @type.
169 *
170 * Return: a pointer to the allocated memory or %NULL
171 */
172 void *execmem_alloc(enum execmem_type type, size_t size);
173
174 /**
175 * execmem_free - free executable memory
176 * @ptr: pointer to the memory that should be freed
177 */
178 void execmem_free(void *ptr);
179
180 DEFINE_FREE(execmem, void *, if (_T) execmem_free(_T));
181
182 #ifdef CONFIG_MMU
183 /**
184 * execmem_vmap - create virtual mapping for EXECMEM_MODULE_DATA memory
185 * @size: size of the virtual mapping in bytes
186 *
187 * Maps virtually contiguous area in the range suitable for EXECMEM_MODULE_DATA.
188 *
189 * Return: the area descriptor on success or %NULL on failure.
190 */
191 struct vm_struct *execmem_vmap(size_t size);
192 #endif
193
194 /**
195 * execmem_update_copy - copy an update to executable memory
196 * @dst: destination address to update
197 * @src: source address containing the data
198 * @size: how many bytes of memory shold be copied
199 *
200 * Copy @size bytes from @src to @dst using text poking if the memory at
201 * @dst is read-only.
202 *
203 * Return: a pointer to @dst or NULL on error
204 */
205 void *execmem_update_copy(void *dst, const void *src, size_t size);
206
207 /**
208 * execmem_is_rox - check if execmem is read-only
209 * @type - the execmem type to check
210 *
211 * Return: %true if the @type is read-only, %false if it's writable
212 */
213 bool execmem_is_rox(enum execmem_type type);
214
215 #if defined(CONFIG_EXECMEM) && !defined(CONFIG_ARCH_WANTS_EXECMEM_LATE)
216 void execmem_init(void);
217 #else
execmem_init(void)218 static inline void execmem_init(void) {}
219 #endif
220
221 #endif /* _LINUX_EXECMEM_ALLOC_H */
222