]> git.baikalelectronics.ru Git - kernel.git/commit
net: bpf: arm: address randomize and write protect JIT code
authorDaniel Borkmann <dborkman@redhat.com>
Mon, 8 Sep 2014 06:04:48 +0000 (08:04 +0200)
committerDavid S. Miller <davem@davemloft.net>
Tue, 9 Sep 2014 23:58:56 +0000 (16:58 -0700)
commit3e9588df24cb0e0a613b03093dd3d4ba59fd256f
treeb1e5f70c1930fe58e534ef5371835b56b7bf3519
parent165b11be4a47a1ae4f1891d39fc75c68e503f3b4
net: bpf: arm: address randomize and write protect JIT code

This is the ARM variant for dc28aa385fa ("x86: bpf_jit_comp: secure bpf
jit against spraying attacks").

It is now possible to implement it due to commits 96fcd9db74dd ("ARM: mm:
Define set_memory_* functions for ARM") and c2d0a35ca40f ("ARM: add
DEBUG_SET_MODULE_RONX option to Kconfig") which added infrastructure for
this facility.

Thus, this patch makes sure the BPF generated JIT code is marked RO, as
other kernel text sections, and also lets the generated JIT code start
at a pseudo random offset instead on a page boundary. The holes are filled
with illegal instructions.

JIT tested on armv7hl with BPF test suite.

Reference: http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Mircea Gherzan <mgherzan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
arch/arm/net/bpf_jit_32.c