[PATCH AUTOSEL 6.17-6.1] powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure

[Sasha Levin <sashal@kernel.org>]

From: Christophe Leroy <christophe.leroy@csgroup.eu>

[ Upstream commit 9316512b717f6f25c4649b3fdb0a905b6a318e9f ]

PAGE_KERNEL_TEXT is an old macro that is used to tell kernel whether
kernel text has to be mapped read-only or read-write based on build
time options.

But nowadays, with functionnalities like jump_labels, static links,
etc ... more only less all kernels need to be read-write at some
point, and some combinations of configs failed to work due to
innacurate setting of PAGE_KERNEL_TEXT. On the other hand, today
we have CONFIG_STRICT_KERNEL_RWX which implements a more controlled
access to kernel modifications.

Instead of trying to keep PAGE_KERNEL_TEXT accurate with all
possible options that may imply kernel text modification, always
set kernel text read-write at startup and rely on
CONFIG_STRICT_KERNEL_RWX to provide accurate protection.

Do this by passing PAGE_KERNEL_X to map_kernel_page() in
__maping_ram_chunk() instead of passing PAGE_KERNEL_TEXT. Once
this is done, the only remaining user of PAGE_KERNEL_TEXT is
mmu_mark_initmem_nx() which uses it in a call to setibat().
As setibat() ignores the RW/RO, we can seamlessly replace
PAGE_KERNEL_TEXT by PAGE_KERNEL_X here as well and get rid of
PAGE_KERNEL_TEXT completely.

Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Closes: https://lore.kernel.org/all/342b4120-911c-4723-82ec-d8c9b03a8aef@mailbox.org/
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Tested-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Link: https://patch.msgid.link/8e2d793abf87ae3efb8f6dce10f974ac0eda61b8.1757412205.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

Based on my comprehensive analysis, here is my assessment:

## **YES** - This commit should be backported to stable kernel trees.

### **Detailed Analysis:**

#### **Critical Bug Being Fixed:**
The commit fixes a **startup failure** on PowerMac G4 Dual Processor
systems with certain kernel configurations (specifically
`CONFIG_STATIC_CALL_SELFTEST=y`). According to the bug report from
Erhard Furtner, affected systems fail to boot completely, displaying
only partial OpenFirmware output:
```
done
found display   : /pci@f0000000/ATY,AlteracParent@10/ATY,Alterac_B@1,
opening...
```

This is a **complete boot failure** - the system cannot start at all.

#### **Root Cause Analysis:**
The `PAGE_KERNEL_TEXT` macro in **arch/powerpc/include/asm/pgtable.h**
(lines 23-33) attempted to determine at compile-time whether kernel text
should be mapped read-only (`PAGE_KERNEL_ROX`) or read-write
(`PAGE_KERNEL_X`) based on CONFIG options:
```c
#if defined(CONFIG_KGDB) || defined(CONFIG_XMON) ||
defined(CONFIG_BDI_SWITCH) || \
    defined(CONFIG_KPROBES) || defined(CONFIG_DYNAMIC_FTRACE)
#define PAGE_KERNEL_TEXT    PAGE_KERNEL_X
#else
#define PAGE_KERNEL_TEXT    PAGE_KERNEL_ROX
#endif
```

However, this list became **incomplete and inaccurate** with modern
kernel features:
- **jump_labels** - requires runtime code patching
- **static_call** - requires runtime code modification
- **static keys** - requires runtime patching
- Other runtime code modification features

When `PAGE_KERNEL_TEXT` incorrectly resolved to `PAGE_KERNEL_ROX` (read-
only), code patching operations during boot would fail, causing startup
failures.

#### **The Fix - Code Changes:**

1. **arch/powerpc/include/asm/pgtable.h**: Removes the entire
   `PAGE_KERNEL_TEXT` macro definition (12 lines deleted)

2. **arch/powerpc/mm/pgtable_32.c** (line 107):
  ```c
   - ktext = core_kernel_text(v);
   - map_kernel_page(v, p, ktext ? PAGE_KERNEL_TEXT : PAGE_KERNEL);
   + map_kernel_page(v, p, ktext ? PAGE_KERNEL_X : PAGE_KERNEL);
   ```
   Always maps kernel text as read-write-execute at startup.

3. **arch/powerpc/mm/book3s32/mmu.c** (lines 207, 218):
  ```c
   - setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT);
   + setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_X);
   ```
   Note: The commit message explicitly states "setibat() ignores the
RW/RO" bits, so this change is functionally equivalent but maintains
consistency.

#### **Security Implications - THOROUGHLY ANALYZED:**

**This change does NOT weaken kernel security.** Here's why:

1. **CONFIG_STRICT_KERNEL_RWX provides proper protection**: The kernel
   text is mapped as RWX initially, but `mmu_mark_rodata_ro()` (in
   **arch/powerpc/mm/pgtable_32.c:162**, **book3s32/mmu.c:238**) is
   called later during boot to convert text sections from RWX to RX
   (read-execute only). This function:
   - Modifies BAT (Block Address Translation) entries to set `BPP_RX`
     (read-execute, not write)
   - Is controlled by `CONFIG_STRICT_KERNEL_RWX` which has been
     available since ~2017
   - Is called from `mark_rodata_ro()` in **init/main.c:1443** after
     kernel initialization

2. **Modern kernel security model**: This approach aligns with how
   modern kernels handle code patching across architectures:
   - Early boot: Text is writable to allow necessary code patching (jump
     labels, static calls, ftrace, etc.)
   - Post-init: Text is locked down via STRICT_KERNEL_RWX

3. **The window of vulnerability is minimal**: Text is only writable
   during early boot when code patching is necessary, then immediately
   locked down.

4. **Extensive code patching infrastructure exists**: The PowerPC
   architecture has sophisticated code-patching infrastructure
   (**arch/powerpc/lib/code-patching.c**) with many recent commits
   ensuring safe text modification.

#### **Backport Suitability Assessment:**

**✅ STRONG YES - Excellent backport candidate:**

1. **Fixes critical bug**: Complete boot failure on real hardware
2. **User-reported**: Erhard Furtner reported the issue with specific
   hardware (PowerMac G4 DP)
3. **Tested**: Andrew Donnellan provided `Tested-by` tag
4. **Small and contained**: 3 files changed, 3 insertions(+), 15
   deletions(-)
5. **No regressions**: No follow-up fixes or reverts found
6. **Simplifies code**: Removes problematic conditional logic
7. **Architecture-isolated**: Only affects PowerPC 32-bit (book3s32,
   nohash/8xx)
8. **Low regression risk**: Change is well-understood and tested
9. **No dependencies**: `PAGE_KERNEL_X` and `CONFIG_STRICT_KERNEL_RWX`
   exist in all modern stable kernels
10. **Already backported**: Commit 27e9cfa74706c shows this was already
    picked for stable by Sasha Levin with `[ Upstream commit
    9316512b717f6 ]`

#### **Stable Kernel Rules Compliance:**

- ✅ Fixes important bug (boot failure)
- ✅ Does not introduce new features
- ✅ Does not make architectural changes (actually simplifies
  architecture)
- ✅ Minimal risk of regression
- ✅ Confined to PowerPC subsystem
- ✅ Clear, well-documented change

**Recommendation**: This commit is an ideal candidate for stable
backporting and addresses the exact type of critical bug that stable
trees are meant to fix.

 arch/powerpc/include/asm/pgtable.h | 12 ------------
 arch/powerpc/mm/book3s32/mmu.c     |  4 ++--
 arch/powerpc/mm/pgtable_32.c       |  2 +-
 3 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h
index 93d77ad5a92fa..d8f944a5a0378 100644
--- a/arch/powerpc/include/asm/pgtable.h
+++ b/arch/powerpc/include/asm/pgtable.h
@@ -20,18 +20,6 @@ struct mm_struct;
 #include <asm/nohash/pgtable.h>
 #endif /* !CONFIG_PPC_BOOK3S */
 
-/*
- * Protection used for kernel text. We want the debuggers to be able to
- * set breakpoints anywhere, so don't write protect the kernel text
- * on platforms where such control is possible.
- */
-#if defined(CONFIG_KGDB) || defined(CONFIG_XMON) || defined(CONFIG_BDI_SWITCH) || \
-	defined(CONFIG_KPROBES) || defined(CONFIG_DYNAMIC_FTRACE)
-#define PAGE_KERNEL_TEXT	PAGE_KERNEL_X
-#else
-#define PAGE_KERNEL_TEXT	PAGE_KERNEL_ROX
-#endif
-
 /* Make modules code happy. We don't set RO yet */
 #define PAGE_KERNEL_EXEC	PAGE_KERNEL_X
 
diff --git a/arch/powerpc/mm/book3s32/mmu.c b/arch/powerpc/mm/book3s32/mmu.c
index be9c4106e22f0..c42ecdf94e48c 100644
--- a/arch/powerpc/mm/book3s32/mmu.c
+++ b/arch/powerpc/mm/book3s32/mmu.c
@@ -204,7 +204,7 @@ int mmu_mark_initmem_nx(void)
 
 	for (i = 0; i < nb - 1 && base < top;) {
 		size = bat_block_size(base, top);
-		setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT);
+		setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_X);
 		base += size;
 	}
 	if (base < top) {
@@ -215,7 +215,7 @@ int mmu_mark_initmem_nx(void)
 				pr_warn("Some RW data is getting mapped X. "
 					"Adjust CONFIG_DATA_SHIFT to avoid that.\n");
 		}
-		setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT);
+		setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_X);
 		base += size;
 	}
 	for (; i < nb; i++)
diff --git a/arch/powerpc/mm/pgtable_32.c b/arch/powerpc/mm/pgtable_32.c
index 15276068f657d..0c9ef705803e9 100644
--- a/arch/powerpc/mm/pgtable_32.c
+++ b/arch/powerpc/mm/pgtable_32.c
@@ -104,7 +104,7 @@ static void __init __mapin_ram_chunk(unsigned long offset, unsigned long top)
 	p = memstart_addr + s;
 	for (; s < top; s += PAGE_SIZE) {
 		ktext = core_kernel_text(v);
-		map_kernel_page(v, p, ktext ? PAGE_KERNEL_TEXT : PAGE_KERNEL);
+		map_kernel_page(v, p, ktext ? PAGE_KERNEL_X : PAGE_KERNEL);
 		v += PAGE_SIZE;
 		p += PAGE_SIZE;
 	}
-- 
2.51.0