Sami Tolvanen ff5bf35998 ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI ...

With CONFIG_BPF_JIT, the kernel makes indirect calls to dynamically
generated code, which the compile-time Control-Flow Integrity (CFI)
checking cannot validate. This change adds basic sanity checking to
ensure we are jumping to a valid location, which narrows down the
attack surface on the stored pointer.

In addition, this change adds a weak arch_bpf_jit_check_func function,
which architectures that implement BPF JIT can override to perform
additional validation, such as verifying that the pointer points to
the correct memory region.

Bug: 145210207
Change-Id: I1a90c70cdcef25673a870d3c4f2586a829c0d32e
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

2019-11-27 12:49:12 -08:00

..

arraymap.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-06-17 20:20:36 -07:00

bpf_lru_list.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206

2019-05-30 11:29:53 -07:00

bpf_lru_list.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206

2019-05-30 11:29:53 -07:00

btf.c

bpf: Clean up indentation issue in BTF kflag processing

2019-09-26 17:09:18 +02:00

cgroup.c

bpf: Allow narrow loads of bpf_sysctl fields with offset > 0

2019-10-30 12:49:13 -07:00

core.c

ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI

2019-11-27 12:49:12 -08:00

cpumap.c

devmap/cpumap: Use flush list instead of bitmap

2019-06-29 01:31:08 +02:00

devmap.c

xdp: Handle device unregister for devmap_hash map type

2019-10-21 15:51:41 -07:00

disasm.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295

2019-06-05 17:36:38 +02:00

disasm.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295

2019-06-05 17:36:38 +02:00

hashtab.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-06-17 20:20:36 -07:00

helpers.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295

2019-06-05 17:36:38 +02:00

inode.c

vfs: Convert bpf to use the new mount API

2019-09-18 22:35:31 -04:00

local_storage.c

bpf: move memory size checks to bpf_map_charge_init()

2019-05-31 16:52:56 -07:00

lpm_trie.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-06-22 08:59:24 -04:00

Makefile

btf: expose BTF info through sysfs

2019-08-13 16:14:15 +02:00

map_in_map.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206

2019-05-30 11:29:53 -07:00

map_in_map.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206

2019-05-30 11:29:53 -07:00

offload.c

bpf, offload: Unlock on error in bpf_offload_dev_create()

2019-11-07 00:20:27 +01:00

percpu_freelist.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206

2019-05-30 11:29:53 -07:00

percpu_freelist.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206

2019-05-30 11:29:53 -07:00

queue_stack_maps.c

bpf: move memory size checks to bpf_map_charge_init()

2019-05-31 16:52:56 -07:00

reuseport_array.c

bpf: move memory size checks to bpf_map_charge_init()

2019-05-31 16:52:56 -07:00

stackmap.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-06-07 11:00:14 -07:00

syscall.c

bpf: Change size to u64 for bpf_map_{area_alloc, charge_init}()

2019-10-31 21:41:33 +01:00

sysfs_btf.c

btf: fix return value check in btf_vmlinux_init()

2019-08-15 22:18:17 -07:00

tnum.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

verifier.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

2019-09-16 16:02:03 +02:00

xskmap.c

bpf/xskmap: Return ERR_PTR for failure case instead of NULL.

2019-09-25 22:14:16 +02:00