net: bpf: consolidate JIT binary allocator

Introduced in commit 314beb9bcabf ("x86: bpf_jit_comp: secure bpf jit against spraying attacks") and later on replicated in aa2d2c73c21f ("s390/bpf,jit: address randomize and write protect jit code") for s390 architecture, write protection for BPF JIT images got added and a random start address of the JIT code, so that it's not on a page boundary anymore. Since both use a very similar allocator for the BPF binary header, we can consolidate this code into the BPF core as it's mostly JIT independant anyway. This will also allow for future archs that support DEBUG_SET_MODULE_RONX to just reuse instead of reimplementing it. JIT tested on x86_64 and s390x with BPF test suite. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Daniel Borkmann <dborkman@redhat.com> 2014-09-08 02:04:47 -0400
committer: David S. Miller <davem@davemloft.net> 2014-09-09 19:58:56 -0400
commit: 738cbe72adc5c8f2016c4c68aa5162631d4f27e1 (patch)
tree: 4c207c0a763ea8998dddda89a7a1d9eb98866b60 /kernel/bpf
parent: ca777eff51f7fbaebd954e645d8ecb781a906b4a (diff)
1 files changed, 39 insertions, 0 deletions
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 2c2bfaacce66..8ee520f0ec70 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -20,9 +20,12 @@
 * Andi Kleen - Fix a few bad bugs and races.
 * Kris Katterjohn - Added many additional checks in bpf_check_classic()
 */
 #include <linux/filter.h>
 #include <linux/skbuff.h>
 #include <linux/vmalloc.h>
+#include <linux/random.h>
+#include <linux/moduleloader.h>
 #include <asm/unaligned.h>
 /* Registers */
@@ -125,6 +128,42 @@ void __bpf_prog_free(struct bpf_prog *fp)
 }
 EXPORT_SYMBOL_GPL(__bpf_prog_free);
+struct bpf_binary_header *
+bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
+                     unsigned int alignment,
+                     bpf_jit_fill_hole_t bpf_fill_ill_insns)
+{
+        struct bpf_binary_header *hdr;
+        unsigned int size, hole, start;
+        /* Most of BPF filters are really small, but if some of them
+         * fill a page, allow at least 128 extra bytes to insert a
+         * random section of illegal instructions.
+         */
+        size = round_up(proglen + sizeof(*hdr) + 128, PAGE_SIZE);
+        hdr = module_alloc(size);
+        if (hdr == NULL)
+                return NULL;
+        /* Fill space with illegal/arch-dep instructions. */
+        bpf_fill_ill_insns(hdr, size);
+        hdr->pages = size / PAGE_SIZE;
+        hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)),
+                     PAGE_SIZE - sizeof(*hdr));
+        start = (prandom_u32() % hole) & ~(alignment - 1);
+        /* Leave a random number of instructions before BPF code. */
+        *image_ptr = &hdr->image[start];
+        return hdr;
+}
+void bpf_jit_binary_free(struct bpf_binary_header *hdr)
+{
+        module_free(NULL, hdr);
+}
 /* Base function for offset calculation. Needs to go into .text section,
 * therefore keeping it non-static as well; will also be used by JITs
 * anyway later on, so do not let the compiler omit it.
author	Daniel Borkmann <dborkman@redhat.com>	2014-09-08 02:04:47 -0400
committer	David S. Miller <davem@davemloft.net>	2014-09-09 19:58:56 -0400
commit	738cbe72adc5c8f2016c4c68aa5162631d4f27e1 (patch)
tree	4c207c0a763ea8998dddda89a7a1d9eb98866b60 /kernel/bpf
parent	ca777eff51f7fbaebd954e645d8ecb781a906b4a (diff)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 2c2bfaacce66..8ee520f0ec70 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c
@@ -20,9 +20,12 @@
20	* Andi Kleen - Fix a few bad bugs and races.	20	* Andi Kleen - Fix a few bad bugs and races.
21	* Kris Katterjohn - Added many additional checks in bpf_check_classic()	21	* Kris Katterjohn - Added many additional checks in bpf_check_classic()
22	*/	22	*/
		23
23	#include <linux/filter.h>	24	#include <linux/filter.h>
24	#include <linux/skbuff.h>	25	#include <linux/skbuff.h>
25	#include <linux/vmalloc.h>	26	#include <linux/vmalloc.h>
		27	#include <linux/random.h>
		28	#include <linux/moduleloader.h>
26	#include <asm/unaligned.h>	29	#include <asm/unaligned.h>
27		30
28	/* Registers */	31	/* Registers */
@@ -125,6 +128,42 @@ void __bpf_prog_free(struct bpf_prog *fp)
125	}	128	}
126	EXPORT_SYMBOL_GPL(__bpf_prog_free);	129	EXPORT_SYMBOL_GPL(__bpf_prog_free);
127		130
		131	struct bpf_binary_header *
		132	bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
		133	unsigned int alignment,
		134	bpf_jit_fill_hole_t bpf_fill_ill_insns)
		135	{
		136	struct bpf_binary_header *hdr;
		137	unsigned int size, hole, start;
		138
		139	/* Most of BPF filters are really small, but if some of them
		140	* fill a page, allow at least 128 extra bytes to insert a
		141	* random section of illegal instructions.
		142	*/
		143	size = round_up(proglen + sizeof(*hdr) + 128, PAGE_SIZE);
		144	hdr = module_alloc(size);
		145	if (hdr == NULL)
		146	return NULL;
		147
		148	/* Fill space with illegal/arch-dep instructions. */
		149	bpf_fill_ill_insns(hdr, size);
		150
		151	hdr->pages = size / PAGE_SIZE;
		152	hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)),
		153	PAGE_SIZE - sizeof(*hdr));
		154	start = (prandom_u32() % hole) & ~(alignment - 1);
		155
		156	/* Leave a random number of instructions before BPF code. */
		157	*image_ptr = &hdr->image[start];
		158
		159	return hdr;
		160	}
		161
		162	void bpf_jit_binary_free(struct bpf_binary_header *hdr)
		163	{
		164	module_free(NULL, hdr);
		165	}
		166
128	/* Base function for offset calculation. Needs to go into .text section,	167	/* Base function for offset calculation. Needs to go into .text section,
129	* therefore keeping it non-static as well; will also be used by JITs	168	* therefore keeping it non-static as well; will also be used by JITs
130	* anyway later on, so do not let the compiler omit it.	169	* anyway later on, so do not let the compiler omit it.