Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c10baf76 authored by Sami Tolvanen's avatar Sami Tolvanen
Browse files

ANDROID: arm64: bpf: implement arch_bpf_jit_check_func 



Implement arch_bpf_jit_check_func to check that pointers to jited BPF
functions are correctly aligned and point to the BPF JIT region. This
narrows down the attack surface on the stored pointer.

Bug: 140377409
Change-Id: I10c448eda6a8b0bf4c16ee591fc65974696216b9
Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
parent 9a11e8da

arch/arm64/net/bpf_jit_comp.c

+22 −0
Original line number Diff line number Diff line
@@ -949,3 +949,25 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) 
					   tmp : orig_prog);

	return prog;

}



#ifdef CONFIG_CFI_CLANG

bool arch_bpf_jit_check_func(const struct bpf_prog *prog)

{

	const uintptr_t func = (const uintptr_t)prog->bpf_func;



	/*

	 * bpf_func must be correctly aligned and within the correct region.

	 * module_alloc places JIT code in the module region, unless

	 * ARM64_MODULE_PLTS is enabled, in which case we might end up using

	 * the vmalloc region too.

	 */

	if (unlikely(!IS_ALIGNED(func, sizeof(u32))))

		return false;



	if (IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) &&

			is_vmalloc_addr(prog->bpf_func))

		return true;



	return (func >= MODULES_VADDR && func < MODULES_END);

}

#endif