@@ -994,7 +994,21 @@ static inline void unuse_temporary_mm(temp_mm_state_t prev_state)
994994__ro_after_init struct mm_struct * poking_mm ;
995995__ro_after_init unsigned longpoking_addr ;
996996
997- static void * __text_poke (void * addr , const void * opcode , size_t len )
997+ static void text_poke_memcpy (void * dst , const void * src , size_t len )
998+ {
999+ memcpy (dst , src , len );
1000+ }
1001+
1002+ static void text_poke_memset (void * dst , const void * src , size_t len )
1003+ {
1004+ int c = * (const int * )src ;
1005+
1006+ memset (dst , c , len );
1007+ }
1008+
1009+ typedef void text_poke_f (void * dst , const void * src , size_t len );
1010+
1011+ static void * __text_poke (text_poke_f func , void * addr , const void * src , size_t len )
9981012{
9991013 bool cross_page_boundary = offset_in_page (addr ) + len > PAGE_SIZE ;
10001014 struct page * pages [2 ] = {NULL };
@@ -1059,7 +1073,7 @@ static void *__text_poke(void *addr, const void *opcode, size_t len)
10591073 prev = use_temporary_mm (poking_mm );
10601074
10611075 kasan_disable_current ();
1062- memcpy ((u8 * )poking_addr + offset_in_page (addr ), opcode , len );
1076+ func ((u8 * )poking_addr + offset_in_page (addr ), src , len );
10631077 kasan_enable_current ();
10641078
10651079 /*
@@ -1087,11 +1101,13 @@ static void *__text_poke(void *addr, const void *opcode, size_t len)
10871101 (cross_page_boundary ? 2 : 1 ) * PAGE_SIZE ,
10881102 PAGE_SHIFT , false);
10891103
1090- /*
1091- * If the text does not match what we just wrote then something is
1092- * fundamentally screwy; there's nothing we can really do about that.
1093- */
1094- BUG_ON (memcmp (addr , opcode , len ));
1104+ if (func == text_poke_memcpy ) {
1105+ /*
1106+ * If the text does not match what we just wrote then something is
1107+ * fundamentally screwy; there's nothing we can really do about that.
1108+ */
1109+ BUG_ON (memcmp (addr , src , len ));
1110+ }
10951111
10961112 local_irq_restore (flags );
10971113 pte_unmap_unlock (ptep , ptl );
@@ -1118,7 +1134,7 @@ void *text_poke(void *addr, const void *opcode, size_t len)
11181134{
11191135 lockdep_assert_held (& text_mutex );
11201136
1121- return __text_poke (addr , opcode , len );
1137+ return __text_poke (text_poke_memcpy , addr , opcode , len );
11221138}
11231139
11241140/**
@@ -1137,7 +1153,7 @@ void *text_poke(void *addr, const void *opcode, size_t len)
11371153 */
11381154void * text_poke_kgdb (void * addr , const void * opcode , size_t len )
11391155{
1140- return __text_poke (addr , opcode , len );
1156+ return __text_poke (text_poke_memcpy , addr , opcode , len );
11411157}
11421158
11431159/**
@@ -1167,7 +1183,38 @@ void *text_poke_copy(void *addr, const void *opcode, size_t len)
11671183
11681184 s = min_t (size_t , PAGE_SIZE * 2 - offset_in_page (ptr ), len - patched );
11691185
1170- __text_poke ((void * )ptr , opcode + patched , s );
1186+ __text_poke (text_poke_memcpy , (void * )ptr , opcode + patched , s );
1187+ patched += s ;
1188+ }
1189+ mutex_unlock (& text_mutex );
1190+ return addr ;
1191+ }
1192+
1193+ /**
1194+ * text_poke_set - memset into (an unused part of) RX memory
1195+ * @addr: address to modify
1196+ * @c: the byte to fill the area with
1197+ * @len: length to copy, could be more than 2x PAGE_SIZE
1198+ *
1199+ * This is useful to overwrite unused regions of RX memory with illegal
1200+ * instructions.
1201+ */
1202+ void * text_poke_set (void * addr , int c , size_t len )
1203+ {
1204+ unsigned long start = (unsigned long )addr ;
1205+ size_t patched = 0 ;
1206+
1207+ if (WARN_ON_ONCE (core_kernel_text (start )))
1208+ return NULL ;
1209+
1210+ mutex_lock (& text_mutex );
1211+ while (patched < len ) {
1212+ unsigned long ptr = start + patched ;
1213+ size_t s ;
1214+
1215+ s = min_t (size_t , PAGE_SIZE * 2 - offset_in_page (ptr ), len - patched );
1216+
1217+ __text_poke (text_poke_memset , (void * )ptr , (void * )& c , s );
11711218 patched += s ;
11721219 }
11731220 mutex_unlock (& text_mutex );
0 commit comments