mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-10 02:29:01 +00:00
Code Issues Releases Wiki Activity
No description
788644 commits 105 branches 5107 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Daniel Borkmann 43caa29c99 bpf: add bpf_jit_limit knob to restrict unpriv allocations 
commit ede95a63b5 upstream.

Rick reported that the BPF JIT could potentially fill the entire module
space with BPF programs from unprivileged users which would prevent later
attempts to load normal kernel modules or privileged BPF programs, for
example. If JIT was enabled but unsuccessful to generate the image, then
before commit 290af86629 ("bpf: introduce BPF_JIT_ALWAYS_ON config")
we would always fall back to the BPF interpreter. Nowadays in the case
where the CONFIG_BPF_JIT_ALWAYS_ON could be set, then the load will abort
with a failure since the BPF interpreter was compiled out.

Add a global limit and enforce it for unprivileged users such that in case
of BPF interpreter compiled out we fail once the limit has been reached
or we fall back to BPF interpreter earlier w/o using module mem if latter
was compiled in. In a next step, fair share among unprivileged users can
be resolved in particular for the case where we would fail hard once limit
is reached.

Fixes: 290af86629 ("bpf: introduce BPF_JIT_ALWAYS_ON config")
Fixes: 0a14842f5a ("net: filter: Just In Time compiler for x86-64")
Co-Developed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-31 06:46:03 -07:00
arch arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable 2019-05-31 06:46:01 -07:00
block bfq: update internal depth state when queue depth changes 2019-05-16 19:41:17 +02:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: ccm - fix incompatibility between "ccm" and "ccm_base" 2019-05-22 07:37:43 +02:00
Documentation bpf: add bpf_jit_limit knob to restrict unpriv allocations 2019-05-31 06:46:03 -07:00
drivers fbdev: fix divide error in fb_var_to_videomode 2019-05-31 06:46:03 -07:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs NFSv4.1 fix incorrect return value in copy_file_range 2019-05-31 06:46:03 -07:00
include bpf: add bpf_jit_limit knob to restrict unpriv allocations 2019-05-31 06:46:03 -07:00
init init: initialize jump labels before command line option parsing 2019-05-16 19:41:23 +02:00
ipc ipc/shm.c: use ERR_CAST() for shm_lock() error return 2018-10-05 16:32:04 -07:00
kernel bpf: add bpf_jit_limit knob to restrict unpriv allocations 2019-05-31 06:46:03 -07:00
lib sbitmap: fix improper use of smp_mb__before_atomic() 2019-05-31 06:46:00 -07:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm hugetlb: use same fault hash key for shared and private mappings 2019-05-22 07:37:40 +02:00
net bpf: add bpf_jit_limit knob to restrict unpriv allocations 2019-05-31 06:46:03 -07:00
samples samples: mei: use /dev/mei0 instead of /dev/mei 2019-02-15 08:10:11 +01:00
scripts fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock 2019-05-08 07:21:51 +02:00
security apparmorfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
sound ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug 2019-05-22 07:37:44 +02:00
tools Revert "selftests/bpf: skip verifier tests for unsupported program types" 2019-05-25 18:23:47 +02:00
usr initramfs: move gen_initramfs_list.sh from scripts/ to usr/ 2018-08-22 23:21:44 +09:00
virt KVM: arm/arm64: Ensure vcpu target is unset on reset failure 2019-05-25 18:23:44 +02:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS platform/x86: Add Intel AtomISP2 dummy / power-management driver 2019-04-20 09:16:02 +02:00
Makefile Linux 4.19.46 2019-05-25 18:23:48 +02:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.