redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/arch/x86
History
Eric Dumazet 314beb9bca x86: bpf_jit_comp: secure bpf jit against spraying attacks 
hpa bringed into my attention some security related issues
with BPF JIT on x86.

This patch makes sure the bpf generated code is marked read only,
as other kernel text sections.

It also splits the unused space (we vmalloc() and only use a fraction of
the page) in two parts, so that the generated bpf code not starts at a
known offset in the page, but a pseudo random one.

Refs:
http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html

Reported-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-05-19 23:55:41 -07:00
..
boot Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-04-30 08:34:07 -07:00
configs x86: Default to ARCH=x86 to avoid overriding CONFIG_64BIT 2012-12-20 14:37:18 -08:00
crypto crypto: camellia - add AVX2/AES-NI/x86_64 assembler implementation of camellia cipher 2013-04-25 21:09:07 +08:00
ia32 unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE 2013-05-09 13:46:38 -04:00
include Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2013-05-11 15:23:17 -07:00
kernel Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-05-10 09:21:05 -07:00
kvm KVM: emulator: emulate SALC 2013-05-09 13:15:08 +03:00
lguest Merge branch 'x86-paravirt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-04-30 08:41:21 -07:00
lib Kconfig: consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 2013-04-30 17:04:09 -07:00
math-emu x86: Rename trap_no to trap_nr in thread_struct 2012-03-13 06:24:09 +01:00
mm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
net x86: bpf_jit_comp: secure bpf jit against spraying attacks 2013-05-19 23:55:41 -07:00
oprofile oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() 2012-10-15 14:38:24 +02:00
pci Bug-fixes: 2013-05-11 16:19:30 -07:00
platform Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
power x86, gdt, hibernate: Store/load GDT for hibernate path. 2013-05-02 11:27:35 -07:00
realmode x86, relocs: Refactor the relocs tool to merge 32- and 64-bit ELF 2013-04-16 16:02:58 -07:00
syscalls unify compat fanotify_mark(2), switch to COMPAT_SYSCALL_DEFINE 2013-05-09 13:46:38 -04:00
tools x86, relocs: Refactor the relocs tool to merge 32- and 64-bit ELF 2013-04-16 16:02:58 -07:00
um make SYSCALL_DEFINE<n>-generated wrappers do asmlinkage_protect 2013-03-03 22:58:33 -05:00
vdso timers/x86/hpet: Use HPET_COUNTER to specify the hpet counter in vread_hpet() 2013-02-15 12:13:18 +01:00
video x86: Use vga_default_device() when determining whether an fb is primary 2012-04-24 09:50:17 +01:00
xen Bug-fixes: 2013-05-11 16:19:30 -07:00
.gitignore
Kbuild x86, realmode: realmode.bin infrastructure 2012-05-08 11:41:48 -07:00
Kconfig Removal of GENERIC_GPIO for v3.10 2013-05-09 09:59:16 -07:00
Kconfig.cpu x86, 386 removal: Document Nx586 as a 386 and thus unsupported 2012-11-29 13:28:39 -08:00
Kconfig.debug Kconfig: consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 2013-04-30 17:04:09 -07:00
Makefile Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 19:12:03 -08:00
Makefile.um um: fix linker script generation 2012-04-09 13:59:00 -04:00
Makefile_32.cpu x86, 386 removal: Remove CONFIG_M386 from Kconfig 2012-11-29 13:23:01 -08:00