git.baikalelectronics.ru Git - kernel.git/commit

author	Daniel Borkmann <dborkman@redhat.com>
	Mon, 8 Sep 2014 06:04:48 +0000 (08:04 +0200)
committer	David S. Miller <davem@davemloft.net>
	Tue, 9 Sep 2014 23:58:56 +0000 (16:58 -0700)
commit	65d9210e77202660f9aebf6e8b3efa78377870b7
tree	b1e5f70c1930fe58e534ef5371835b56b7bf3519	tree \| snapshot
parent	cf8a51ffc8f0d0d067373d5646c61b77a0c049cf	commit \| diff

net: bpf: arm: address randomize and write protect JIT code

This is the ARM variant for 51d1d536b5a ("x86: bpf_jit_comp: secure bpf
jit against spraying attacks").

It is now possible to implement it due to commits 93275052c89d ("ARM: mm:
Define set_memory_* functions for ARM") and 581270a40e8b ("ARM: add
DEBUG_SET_MODULE_RONX option to Kconfig") which added infrastructure for
this facility.

Thus, this patch makes sure the BPF generated JIT code is marked RO, as
other kernel text sections, and also lets the generated JIT code start
at a pseudo random offset instead on a page boundary. The holes are filled
with illegal instructions.

JIT tested on armv7hl with BPF test suite.

Reference: http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Mircea Gherzan <mgherzan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>