Skip to content
Commit 55309dd3 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by David S. Miller
Browse files

net: bpf: arm: address randomize and write protect JIT code

This is the ARM variant for 314beb9b ("x86: bpf_jit_comp: secure bpf
jit against spraying attacks").

It is now possible to implement it due to commits 75374ad4 ("ARM: mm:
Define set_memory_* functions for ARM") and dca9aa92 ("ARM: add
DEBUG_SET_MODULE_RONX option to Kconfig") which added infrastructure for
this facility.

Thus, this patch makes sure the BPF generated JIT code is marked RO, as
other kernel text sections, and also lets the generated JIT code start
at a pseudo random offset instead on a page boundary. The holes are filled
with illegal instructions.

JIT tested on armv7hl with BPF test suite.

Reference: http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html


Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
Acked-by: default avatarMircea Gherzan <mgherzan@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 738cbe72
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment