Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 314beb9bcabfd6b4542ccbced2402af2c6f6142a
commit314beb9bcabfd6b4542ccbced2402af2c6f6142a[log] [tgz]
authorEric Dumazet <edumazet@google.com>Fri May 17 16:37:03 2013 +0000
committerDavid S. Miller <davem@davemloft.net>Sun May 19 23:55:41 2013 -0700
treec73c7e79c25024f6865f8e349789ac62d66776b8
parent3e59cb0ddfd2c59991f38e89352ad8a3c71b2374 [diff]
x86: bpf_jit_comp: secure bpf jit against spraying attacks

hpa bringed into my attention some security related issues
with BPF JIT on x86.

This patch makes sure the bpf generated code is marked read only,
as other kernel text sections.

It also splits the unused space (we vmalloc() and only use a fraction of
the page) in two parts, so that the generated bpf code not starts at a
known offset in the page, but a pseudo random one.

Refs:
http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html

Reported-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: c73c7e79c25024f6865f8e349789ac62d66776b8
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS