fasttrap: Avoid creating WX mappings

fasttrap instruments certain instructions by overwriting them and
copying the original instruction to some per-thread scratch space which
is executed after the probe fires.  This trampoline jumps back to the
tracepoint after executing the original instruction.

The created mapping has both write and execute permissions, and so this
mechanism doesn't work when allow_wx is disabled.  Work around the
restriction by using proc_rwmem() to write to the trampoline.

Reviewed by:	vangyzen
Tested by:	Amit <akamit91@hotmail.com>
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34304

2 files changed, 4 insertions, 3 deletions

diff --git a/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c b/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c
index d96d3f44182e..04ef3ecc3e8d 100644
--- a/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c
+++ b/sys/cddl/contrib/opensolaris/uts/common/dtrace/fasttrap.c
@@ -336,8 +336,9 @@ fasttrap_scraddr(struct thread *td, fasttrap_proc_t *fprc)
 		 */
 		addr = 0;
 		error = vm_map_find(&p->p_vmspace->vm_map, NULL, 0, &addr,
-		    FASTTRAP_SCRBLOCK_SIZE, 0, VMFS_ANY_SPACE, VM_PROT_ALL,
-		    VM_PROT_ALL, 0);
+		    FASTTRAP_SCRBLOCK_SIZE, 0, VMFS_ANY_SPACE,
+		    VM_PROT_READ | VM_PROT_EXECUTE,
+		    VM_PROT_READ | VM_PROT_EXECUTE, MAP_COPY_ON_WRITE);
 		if (error != KERN_SUCCESS)
 			goto done;
 
diff --git a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
index f92070d8088d..c40b4b94e38d 100644
--- a/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
+++ b/sys/cddl/contrib/opensolaris/uts/intel/dtrace/fasttrap_isa.c
@@ -1666,7 +1666,7 @@ fasttrap_pid_probe(struct trapframe *tf)
 
 		ASSERT(i <= sizeof (scratch));
 
-		if (fasttrap_copyout(scratch, (char *)addr, i)) {
+		if (uwrite(curproc, scratch, i, addr) != 0) {
 			fasttrap_sigtrap(p, curthread, pc);
 			new_pc = pc;
 			break;