From aa9935597c2c534a5bdb6017457ea8f05074041f Mon Sep 17 00:00:00 2001
From: Wei Yongjun <weiyongjun1@huawei.com>
Date: Tue, 19 Jul 2022 11:22:49 +0800
Subject: [PATCH 1/2] drivers: add support for tracepoint based hooks

ohos inclusion
category: feature
issue: #I5HVRJ
CVE: NA

---------------------------------------

Allow vendor modules to attach to tracepoint "hooks" defined via
DECLARE_TRACE or DECLARE_HOOK.

Add include/trace/hooks directory for trace definition headers
where hooks can be defined and vendor_hook.c for instantiating
and exporting them for vendor modules.

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Cui Gaosheng <cuigaosheng1@huawei.com>
---
 drivers/Kconfig                    |  3 +++
 drivers/Makefile                   |  1 +
 drivers/hooks/Kconfig              | 13 +++++++++++++
 drivers/hooks/Makefile             |  5 +++++
 drivers/hooks/vendor_hooks.c       | 19 +++++++++++++++++++
 include/trace/hooks/vendor_hooks.h | 13 +++++++++++++
 6 files changed, 54 insertions(+)
 create mode 100644 drivers/hooks/Kconfig
 create mode 100644 drivers/hooks/Makefile
 create mode 100644 drivers/hooks/vendor_hooks.c
 create mode 100644 include/trace/hooks/vendor_hooks.h

diff --git a/drivers/Kconfig b/drivers/Kconfig
index 826b2b19d0b8..3584901f1252 100644
--- a/drivers/Kconfig
+++ b/drivers/Kconfig
@@ -239,4 +239,7 @@ source "drivers/counter/Kconfig"
 source "drivers/most/Kconfig"
 
 source "drivers/accesstokenid/Kconfig"
+
+source "drivers/hooks/Kconfig"
+
 endmenu
diff --git a/drivers/Makefile b/drivers/Makefile
index ecc494918773..f13d70df6557 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -193,3 +193,4 @@ obj-$(CONFIG_INTERCONNECT)	+= interconnect/
 obj-$(CONFIG_COUNTER)		+= counter/
 obj-$(CONFIG_MOST)		+= most/
 obj-$(CONFIG_ACCESS_TOKENID)	+= accesstokenid/
+obj-$(CONFIG_VENDOR_HOOKS)	+= hooks/
diff --git a/drivers/hooks/Kconfig b/drivers/hooks/Kconfig
new file mode 100644
index 000000000000..547933c5975f
--- /dev/null
+++ b/drivers/hooks/Kconfig
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: GPL-2.0
+menu "Vendor Hooks"
+
+config VENDOR_HOOKS
+	bool "Vendor Hooks"
+	depends on TRACEPOINTS
+	help
+	  Enable vendor hooks implemented as tracepoints
+
+	  Allow vendor modules to attach to tracepoint "hooks" defined via
+	  DECLARE_TRACE or DECLARE_HOOK
+
+endmenu
diff --git a/drivers/hooks/Makefile b/drivers/hooks/Makefile
new file mode 100644
index 000000000000..533f270e0920
--- /dev/null
+++ b/drivers/hooks/Makefile
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+ccflags-y += -I$(src)	# needed for trace events
+
+obj-$(CONFIG_VENDOR_HOOKS) += vendor_hooks.o
diff --git a/drivers/hooks/vendor_hooks.c b/drivers/hooks/vendor_hooks.c
new file mode 100644
index 000000000000..e98e4f8ab5b6
--- /dev/null
+++ b/drivers/hooks/vendor_hooks.c
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* vendor_hooks.c
+ *
+ * Vendor Hook Support
+ *
+ * Copyright (C) 2020 Google, Inc.
+ * Copyright (C) 2022 Huawei Technologies Co., Ltd.
+ */
+
+#define CREATE_TRACE_POINTS
+#include <trace/hooks/vendor_hooks.h>
+
+/*
+ * Export tracepoints that act as a bare tracehook(ie: have no trace event
+ * associated with them) to allow external modules to probe them.
+ *
+ * For example:
+ *   EXPORT_TRACEPOINT_SYMBOL_GPL(vendor_foo);
+ */
diff --git a/include/trace/hooks/vendor_hooks.h b/include/trace/hooks/vendor_hooks.h
new file mode 100644
index 000000000000..21bafd638874
--- /dev/null
+++ b/include/trace/hooks/vendor_hooks.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#include <linux/tracepoint.h>
+
+#if defined(CONFIG_TRACEPOINTS) && defined(CONFIG_VENDOR_HOOKS)
+
+#define DECLARE_HOOK DECLARE_TRACE
+
+#else /* !CONFIG_TRACEPOINTS || !CONFIG_VENDOR_HOOKS */
+
+#define DECLARE_HOOK DECLARE_EVENT_NOP
+
+#endif
-- 
Gitee


From 7f411aaec9f8d3f6d79545cebc2c327d6b4e8533 Mon Sep 17 00:00:00 2001
From: Wei Yongjun <weiyongjun1@huawei.com>
Date: Tue, 19 Jul 2022 14:20:45 +0800
Subject: [PATCH 2/2] vendor: add vendor hooks for do_mmap and do_mprotect_pkey

ohos inclusion
category: feature
issue: #I5HVRJ
CVE: NA

---------------------------------------

Add vendor hooks for do_mmap and do_mprotect_pkey to mm subsystem,
so kernel vendor can support memory writable and executable permission
control through the vendor hooks.

Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Cui Gaosheng <cuigaosheng1@huawei.com>
---
 drivers/hooks/vendor_hooks.c |  4 ++++
 include/trace/hooks/mm.h     | 25 +++++++++++++++++++++++++
 mm/mmap.c                    |  8 ++++++++
 mm/mprotect.c                |  6 ++++++
 4 files changed, 43 insertions(+)
 create mode 100644 include/trace/hooks/mm.h

diff --git a/drivers/hooks/vendor_hooks.c b/drivers/hooks/vendor_hooks.c
index e98e4f8ab5b6..939146da879c 100644
--- a/drivers/hooks/vendor_hooks.c
+++ b/drivers/hooks/vendor_hooks.c
@@ -9,6 +9,7 @@
 
 #define CREATE_TRACE_POINTS
 #include <trace/hooks/vendor_hooks.h>
+#include <trace/hooks/mm.h>
 
 /*
  * Export tracepoints that act as a bare tracehook(ie: have no trace event
@@ -17,3 +18,6 @@
  * For example:
  *   EXPORT_TRACEPOINT_SYMBOL_GPL(vendor_foo);
  */
+
+EXPORT_TRACEPOINT_SYMBOL_GPL(vendor_do_mmap);
+EXPORT_TRACEPOINT_SYMBOL_GPL(vendor_do_mprotect_pkey);
diff --git a/include/trace/hooks/mm.h b/include/trace/hooks/mm.h
new file mode 100644
index 000000000000..dbe41923041b
--- /dev/null
+++ b/include/trace/hooks/mm.h
@@ -0,0 +1,25 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#undef TRACE_SYSTEM
+#define TRACE_SYSTEM mm
+
+#define TRACE_INCLUDE_PATH trace/hooks
+#if !defined(_TRACE_HOOKS_MM_H) || defined(TRACE_HEADER_MULTI_READ)
+#define _TRACE_HOOKS_MM_H
+
+#include <linux/tracepoint.h>
+#include <trace/hooks/vendor_hooks.h>
+
+DECLARE_HOOK(vendor_do_mmap,
+	TP_PROTO(vm_flags_t *vm_flags, int *err),
+	TP_ARGS(vm_flags, err)
+);
+
+DECLARE_HOOK(vendor_do_mprotect_pkey,
+	TP_PROTO(unsigned long prot, int *err),
+	TP_ARGS(prot, err)
+);
+
+#endif
+
+/* This part must be outside protection */
+#include <trace/define_trace.h>
diff --git a/mm/mmap.c b/mm/mmap.c
index 76e95375ed02..d6c6a639ce3d 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -57,6 +57,9 @@
 #define CREATE_TRACE_POINTS
 #include <trace/events/mmap.h>
 
+#undef CREATE_TRACE_POINTS
+#include <trace/hooks/mm.h>
+
 #include "internal.h"
 
 #ifndef arch_mmap_check
@@ -1416,6 +1419,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
 	struct mm_struct *mm = current->mm;
 	vm_flags_t vm_flags;
 	int pkey = 0;
+	int err = 0;
 
 	*populate = 0;
 
@@ -1479,6 +1483,10 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
 	vm_flags = calc_vm_prot_bits(prot, pkey) | calc_vm_flag_bits(flags) |
 			mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
 
+	trace_vendor_do_mmap(&vm_flags, &err);
+	if (err)
+		return err;
+
 	if (flags & MAP_LOCKED)
 		if (!can_do_mlock())
 			return -EPERM;
diff --git a/mm/mprotect.c b/mm/mprotect.c
index 53b6b1b8fb67..8fc1f3bee7f3 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -33,6 +33,7 @@
 #include <asm/mmu_context.h>
 #include <asm/tlbflush.h>
 
+#include <trace/hooks/mm.h>
 #include "internal.h"
 
 static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
@@ -519,6 +520,11 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
 	const bool rier = (current->personality & READ_IMPLIES_EXEC) &&
 				(prot & PROT_READ);
 
+	error = 0;
+	trace_vendor_do_mprotect_pkey(prot, &error);
+	if (error)
+		return error;
+
 	start = untagged_addr(start);
 
 	prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP);
-- 
Gitee