x86: bpf_jit_comp: secure bpf jit against spraying attacks - linux-dev - Linux kernel development work

diff options

author	Eric Dumazet <edumazet@google.com>	2013-05-17 16:37:03 +0000
committer	David S. Miller <davem@davemloft.net>	2013-05-19 23:55:41 -0700
commit	314beb9bcabfd6b4542ccbced2402af2c6f6142a (patch)
tree	c73c7e79c25024f6865f8e349789ac62d66776b8 /include
parent	tcp: remove bad timeout logic in fast recovery (diff)
download	linux-dev-314beb9bcabfd6b4542ccbced2402af2c6f6142a.tar.xz linux-dev-314beb9bcabfd6b4542ccbced2402af2c6f6142a.zip

x86: bpf_jit_comp: secure bpf jit against spraying attacks

hpa bringed into my attention some security related issues with BPF JIT on x86. This patch makes sure the bpf generated code is marked read only, as other kernel text sections. It also splits the unused space (we vmalloc() and only use a fraction of the page) in two parts, so that the generated bpf code not starts at a known offset in the page, but a pseudo random one. Refs: http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html Reported-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: