Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 89aed473c58e013afc1f2fda0c1b52ea75902f64
commit89aed473c58e013afc1f2fda0c1b52ea75902f64[log] [tgz]
authorSami Tolvanen <samitolvanen@google.com>Wed Sep 04 14:08:16 2019 -0700
committerMaciej Żenczykowski <maze@google.com>Tue Oct 08 09:21:03 2019 -0700
tree73db3bbac9811b1da1eba0a2ec6825b9a7c8d9e6
parentccddca0ef3eb930ab5e176542a165fbd4aa4c9a7 [diff]
ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI

With CONFIG_BPF_JIT, the kernel makes indirect calls to dynamically
generated code, which the compile-time Control-Flow Integrity (CFI)
checking cannot validate. This change adds basic sanity checking to
ensure we are jumping to a valid location, which narrows down the
attack surface on the stored pointer.

In addition, this change adds a weak arch_bpf_jit_check_func function,
which architectures that implement BPF JIT can override to perform
additional validation, such as verifying that the pointer points to
the correct memory region.

Bug: 140377409
Change-Id: I8ebac6637ab6bd9db44716b1c742add267298669
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
(cherry picked from commit 9a11e8da573b3bac500e3636b99c61c6dc01ebc7)
3 files changed
tree: 73db3bbac9811b1da1eba0a2ec6825b9a7c8d9e6
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. build.config.cuttlefish.aarch64
  31. build.config.cuttlefish.x86_64
  32. COPYING
  33. CREDITS
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README