lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190205225103.28296-5-rick.p.edgecombe@intel.com>
Date:   Tue,  5 Feb 2019 14:51:03 -0800
From:   Rick Edgecombe <rick.p.edgecombe@...el.com>
To:     daniel@...earbox.net, ast@...com
Cc:     netdev@...r.kernel.org, ard.biesheuvel@...aro.org,
        dave.hansen@...el.com, kristen@...ux.intel.com,
        Rick Edgecombe <rick.p.edgecombe@...el.com>
Subject: [RFC PATCH 4/4] bpf, x64: Enable unprivlidged jit in vmalloc

This enables unprivlidged JIT allocations to be made in vmalloc space
when the bpf jit limit is exceeded.

The logic is we use module space unless it is full or we are not
CAP_SYS_ADMIN and bpf_jit_limit is exceeded, in which case we use vmalloc
space. So vmalloc is only used when either the insertion would fail, or
BPF would fallback to the interpreter.

In the case of using vmalloc, it is not charged against bpf_jit_limit.

Cc: Daniel Borkmann <daniel@...earbox.net>
Cc: Alexei Starovoitov <ast@...com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@...el.com>
---
 arch/x86/net/bpf_jit_comp.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index c9781d471e31..66d2b32a1db1 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -1118,6 +1118,38 @@ struct x64_jit_data {
 	struct jit_context ctx;
 };
 
+void *bpf_jit_alloc_exec(unsigned long size)
+{
+	void *ret;
+	u32 pages = size / PAGE_SIZE;
+
+	/*
+	 * The logic is we use module space unless it is full or we are not
+	 * CAP_SYS_ADMIN and bpf_jit_limit is exceeded, in which case we use
+	 * vmalloc space.
+	 */
+	if (bpf_jit_charge_modmem(pages))
+		return vmalloc_exec(size);
+
+	ret = module_alloc(size);
+
+	if (!ret) {
+		bpf_jit_uncharge_modmem(pages);
+		/* If module space is full, try vmalloc */
+		return vmalloc_exec(size);
+	}
+
+	return ret;
+}
+
+void bpf_jit_free_exec(void *addr)
+{
+	if (is_vmalloc_addr(addr))
+		vfree(addr);
+	else
+		module_memfree(addr);
+}
+
 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
 {
 	struct bpf_binary_header *header = NULL;
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ