mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-07 12:10:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

powerpc/bpf: Write protect JIT code

Browse source 
Add the necessary call to bpf_jit_binary_lock_ro() to remove write and
add exec permissions to the JIT image after it has finished being
written.

Without CONFIG_STRICT_MODULE_RWX the image will be writable and
executable until the call to bpf_jit_binary_lock_ro().

Signed-off-by: Jordan Niethe <jniethe5@gmail.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210609013431.9805-7-jniethe5@gmail.com
This commit is contained in:
Jordan Niethe 2021-06-09 11:34:28 +10:00 committed by Michael Ellerman
parent bc33cfdb0b
commit 62e3d4210a
1 changed files with 1 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

1
arch/powerpc/net/bpf_jit_comp.c
View file

@ -237,6 +237,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
fp->jited_len = alloclen; fp->jited_len = alloclen;
bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE)); bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE));
bpf_jit_binary_lock_ro(bpf_hdr);
if (!fp->is_func || extra_pass) { if (!fp->is_func || extra_pass) {
bpf_prog_fill_jited_linfo(fp, addrs); bpf_prog_fill_jited_linfo(fp, addrs);
out_addrs: out_addrs: