xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

riscv: bpf: Avoid breaking W^X

Browse Source 
[ Upstream commit fc8504765ec5e812135b8ccafca7101069a0c6d8 ]

We allocate Non-executable pages, then call bpf_jit_binary_lock_ro()
to enable executable permission after mapping them read-only. This is
to prepare for STRICT_MODULE_RWX in following patch.

Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Stable-dep-of: c56fb2aab235 ("riscv, bpf: Fix inconsistent JIT image generation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Jisheng Zhang
2021-03-30 02:25:21 +08:00
committed by Greg Kroah-Hartman
parent 7c61643798
commit eb3d1d84f3
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
arch/riscv/net/bpf_jit_core.c
View File

@@ -153,6 +153,7 @@ skip_init_ctx:
bpf_flush_icache(jit_data->header, ctx->insns + ctx->ninsns); bpf_flush_icache(jit_data->header, ctx->insns + ctx->ninsns);
if (!prog->is_func || extra_pass) { if (!prog->is_func || extra_pass) {
bpf_jit_binary_lock_ro(jit_data->header);
out_offset: out_offset:
kfree(ctx->offset); kfree(ctx->offset);
kfree(jit_data); kfree(jit_data);
@@ -170,7 +171,7 @@ void *bpf_jit_alloc_exec(unsigned long size)
{ {
return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START, return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START,
BPF_JIT_REGION_END, GFP_KERNEL, BPF_JIT_REGION_END, GFP_KERNEL,
PAGE_KERNEL_EXEC, 0, NUMA_NO_NODE, PAGE_KERNEL, 0, NUMA_NO_NODE,
__builtin_return_address(0)); __builtin_return_address(0));
} }