summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2013-05-17 16:37:03 +0000
committerDavid S. Miller <davem@davemloft.net>2013-05-19 23:55:41 -0700
commit314beb9bcabfd6b4542ccbced2402af2c6f6142a (patch)
treec73c7e79c25024f6865f8e349789ac62d66776b8 /security
parent3e59cb0ddfd2c59991f38e89352ad8a3c71b2374 (diff)
x86: bpf_jit_comp: secure bpf jit against spraying attacks
hpa bringed into my attention some security related issues with BPF JIT on x86. This patch makes sure the bpf generated code is marked read only, as other kernel text sections. It also splits the unused space (we vmalloc() and only use a fraction of the page) in two parts, so that the generated bpf code not starts at a known offset in the page, but a pseudo random one. Refs: http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html Reported-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions