[PATCH v14 6/9] powerpc/bpf: Write protect JIT code
Christophe Leroy
christophe.leroy at csgroup.eu
Mon May 17 16:39:07 AEST 2021
Le 17/05/2021 à 05:28, Jordan Niethe a écrit :
> Add the necessary call to bpf_jit_binary_lock_ro() to remove write and
> add exec permissions to the JIT image after it has finished being
> written.
>
> Without CONFIG_STRICT_MODULE_RWX the image will be writable and
> executable until the call to bpf_jit_binary_lock_ro().
And _with_ CONFIG_STRICT_MODULE_RWX what will happen ? It will be _writable_ but not _executable_ ?
>
> Reviewed-by: Christophe Leroy <christophe.leroy at csgroup.eu>
> Signed-off-by: Jordan Niethe <jniethe5 at gmail.com>
> ---
> v10: New to series
> v11: Remove CONFIG_STRICT_MODULE_RWX conditional
> ---
> arch/powerpc/net/bpf_jit_comp.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c
> index 6c8c268e4fe8..53aefee3fe70 100644
> --- a/arch/powerpc/net/bpf_jit_comp.c
> +++ b/arch/powerpc/net/bpf_jit_comp.c
> @@ -237,6 +237,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
> fp->jited_len = alloclen;
>
> bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE));
> + bpf_jit_binary_lock_ro(bpf_hdr);
> if (!fp->is_func || extra_pass) {
> bpf_prog_fill_jited_linfo(fp, addrs);
> out_addrs:
>
More information about the Linuxppc-dev
mailing list