| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| From: Sami Tolvanen <samitolvanen@google.com> |
| Date: Wed, 4 Sep 2019 14:56:40 -0700 |
| Subject: ANDROID: arm64: bpf: implement arch_bpf_jit_check_func |
| |
| Implement arch_bpf_jit_check_func to check that pointers to jited BPF |
| functions are correctly aligned and point to the BPF JIT region. This |
| narrows down the attack surface on the stored pointer. |
| |
| Bug: 145210207 |
| Change-Id: I1c2c9365662437f9a4178b873859576028468ea6 |
| Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
| --- |
| arch/arm64/net/bpf_jit_comp.c | 11 +++++++++++ |
| 1 file changed, 11 insertions(+) |
| |
| diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c |
| index cdc79de0c794..0aa97d634866 100644 |
| --- a/arch/arm64/net/bpf_jit_comp.c |
| +++ b/arch/arm64/net/bpf_jit_comp.c |
| @@ -976,3 +976,14 @@ void bpf_jit_free_exec(void *addr) |
| { |
| return vfree(addr); |
| } |
| + |
| +#ifdef CONFIG_CFI_CLANG |
| +bool arch_bpf_jit_check_func(const struct bpf_prog *prog) |
| +{ |
| + const uintptr_t func = (const uintptr_t)prog->bpf_func; |
| + |
| + /* bpf_func must be correctly aligned and within the BPF JIT region */ |
| + return (func >= BPF_JIT_REGION_START && func < BPF_JIT_REGION_END && |
| + IS_ALIGNED(func, sizeof(u32))); |
| +} |
| +#endif |
