Message ID | 20210506023449.3568630-6-jniethe5@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | powerpc: Further Strict RWX support | expand |
Related | show |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | success | Successfully applied on branch powerpc/merge (7619d98e5041d5c25aba5428704dba6121237a9a) |
snowpatch_ozlabs/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 7 lines checked |
snowpatch_ozlabs/needsstable | success | Patch has no Fixes tags |
Le 06/05/2021 à 04:34, Jordan Niethe a écrit : > Add the necessary call to bpf_jit_binary_lock_ro() to remove write and > add exec permissions to the JIT image after it has finished being > written. > > Without CONFIG_STRICT_MODULE_RWX the image will be writable and > executable until the call to bpf_jit_binary_lock_ro(). > > Signed-off-by: Jordan Niethe <jniethe5@gmail.com> Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu> > --- > v10: New to series > v11: Remove CONFIG_STRICT_MODULE_RWX conditional > --- > arch/powerpc/net/bpf_jit_comp.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c > index 6c8c268e4fe8..53aefee3fe70 100644 > --- a/arch/powerpc/net/bpf_jit_comp.c > +++ b/arch/powerpc/net/bpf_jit_comp.c > @@ -237,6 +237,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) > fp->jited_len = alloclen; > > bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE)); > + bpf_jit_binary_lock_ro(bpf_hdr); > if (!fp->is_func || extra_pass) { > bpf_prog_fill_jited_linfo(fp, addrs); > out_addrs: >
diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index 6c8c268e4fe8..53aefee3fe70 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c @@ -237,6 +237,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) fp->jited_len = alloclen; bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE)); + bpf_jit_binary_lock_ro(bpf_hdr); if (!fp->is_func || extra_pass) { bpf_prog_fill_jited_linfo(fp, addrs); out_addrs:
Add the necessary call to bpf_jit_binary_lock_ro() to remove write and add exec permissions to the JIT image after it has finished being written. Without CONFIG_STRICT_MODULE_RWX the image will be writable and executable until the call to bpf_jit_binary_lock_ro(). Signed-off-by: Jordan Niethe <jniethe5@gmail.com> --- v10: New to series v11: Remove CONFIG_STRICT_MODULE_RWX conditional --- arch/powerpc/net/bpf_jit_comp.c | 1 + 1 file changed, 1 insertion(+)