mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 14:19:16 +00:00
Code Issues Releases Wiki Activity
linux-stable/lib
History
Alexei Starovoitov a3d6dd6a66 bpf: introduce BPF_JIT_ALWAYS_ON config 
[ upstream commit 290af86629 ]

The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715.

A quote from goolge project zero blog:
"At this point, it would normally be necessary to locate gadgets in
the host kernel code that can be used to actually leak data by reading
from an attacker-controlled location, shifting and masking the result
appropriately and then using the result of that as offset to an
attacker-controlled address for a load. But piecing gadgets together
and figuring out which ones work in a speculation context seems annoying.
So instead, we decided to use the eBPF interpreter, which is built into
the host kernel - while there is no legitimate way to invoke it from inside
a VM, the presence of the code in the host kernel's text section is sufficient
to make it usable for the attack, just like with ordinary ROP gadgets."

To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
option that removes interpreter from the kernel in favor of JIT-only mode.
So far eBPF JIT is supported by:
x64, arm64, arm32, sparc64, s390, powerpc64, mips64

The start of JITed program is randomized and code page is marked as read-only.
In addition "constant blinding" can be turned on with net.core.bpf_jit_harden

v2->v3:
- move __bpf_prog_ret0 under ifdef (Daniel)

v1->v2:
- fix init order, test_bpf and cBPF (Daniel's feedback)
- fix offloaded bpf (Jakub's feedback)
- add 'return 0' dummy in case something can invoke prog->bpf_func
- retarget bpf tree. For bpf-next the patch would need one extra hunk.
  It will be sent when the trees are merged back to net-next

Considered doing:
  int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT;
but it seems better to land the patch as-is and in bpf-next remove
bpf_jit_enable global variable from all JITs, consolidate in one place
and remove this jit_init() function.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-01-31 12:55:56 +01:00
..
842 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2016-03-17 21:38:27 -07:00
fonts fonts: Add 6x10 font 2014-10-09 11:35:48 +03:00
lz4 lz4: fix bogus gcc warning 2017-09-02 07:07:54 +02:00
lzo lzo: check for length overrun in variable length encoding. 2014-09-28 11:08:01 +02:00
mpi lib/mpi: call cond_resched() from mpi_powm() loop 2017-11-30 08:39:01 +00:00
raid6 Merge tag 'md/4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2016-10-07 09:45:43 -07:00
reed_solomon
xz lib/xz: enable all filters by default in Kconfig 2014-06-04 16:54:18 -07:00
zlib_deflate zlib_deflate/deftree: remove bi_reverse() 2015-09-10 13:29:01 -07:00
zlib_inflate zlib: clean up some dead code 2014-08-06 18:01:24 -07:00
.gitignore
argv_split.c
asn1_decoder.c ASN.1: check for error from ASN1_OP_END__ACT actions 2017-12-14 09:28:12 +01:00
assoc_array.c assoc_array: Fix a buggy node-splitting case 2017-11-02 09:49:14 +01:00
atomic64.c locking/atomic: Implement atomic{,64,_long}_fetch_{add,sub,and,andnot,or,xor}{,_relaxed,_acquire,_release}() 2016-06-16 10:48:32 +02:00
atomic64_test.c atomic64: no need for CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE 2016-10-07 18:46:30 -07:00
audit.c syscalls: implement execveat() system call 2014-12-13 12:42:51 -08:00
bcd.c
bch.c
bitmap.c lib/bitmap.c: enhance bitmap syntax 2016-10-11 15:06:30 -07:00
bitrev.c ARM: 8187/1: add CONFIG_HAVE_ARCH_BITREVERSE to support rbit instruction 2014-12-22 16:43:06 +00:00
bsearch.c
btree.c treewide: Remove old email address 2015-11-23 09:44:58 +01:00
bug.c lib/bug.c: use common WARN helper 2016-03-17 15:09:34 -07:00
build_OID_registry
bust_spinlocks.c
chacha20.c random: replace non-blocking pool with a Chacha20-based CRNG 2016-07-03 00:57:23 -04:00
check_signature.c
checksum.c ipv4: Update parameters for csum_tcpudp_magic to their original types 2016-03-13 23:55:13 -04:00
clz_ctz.c
clz_tab.c
cmdline.c lib/cmdline.c: fix get_options() overflow while parsing ranges 2017-06-29 13:00:28 +02:00
compat_audit.c
cordic.c
cpu-notifier-error-inject.c fault-injection/cpu: Convert to hotplug state machine 2016-09-19 21:44:31 +02:00
cpu_rmap.c sched/topology: Rename topology_thread_cpumask() to topology_sibling_cpumask() 2015-05-27 15:22:15 +02:00
cpumask.c sched/fair, cpumask: Export for_each_cpu_wrap() 2017-07-21 07:42:23 +02:00
crc-ccitt.c
crc-itu-t.c lib: crc-itu-t.[ch] fix 0x0x prefix in integer constants 2015-05-26 15:26:43 +02:00
crc-t10dif.c lib: introduce crc_t10dif_update() 2015-05-30 22:42:24 -07:00
crc7.c lib/crc7: Shift crc7() output left 1 bit 2014-05-16 14:26:52 -04:00
crc8.c
crc16.c
crc32.c crc32: use ktime_get_ns() for measurement 2016-08-02 19:35:08 -04:00
crc32defs.h
ctype.c
debug_info.c kbuild: include core debug info when DEBUG_INFO_REDUCED 2015-06-11 15:08:32 +02:00
debug_locks.c
debugobjects.c lib/debugobjects: export for use in modules 2016-11-30 16:32:52 -08:00
dec_and_lock.c
decompress.c lib/decompress: set the compressor name to NULL on error 2015-07-17 16:39:54 -07:00
decompress_bunzip2.c lib/decompressors: use real out buf size for gunzip with kernel 2015-09-10 13:29:01 -07:00
decompress_inflate.c lib/decompressors: use real out buf size for gunzip with kernel 2015-09-10 13:29:01 -07:00
decompress_unlz4.c lib/decompressors: use real out buf size for gunzip with kernel 2015-09-10 13:29:01 -07:00
decompress_unlzma.c lib/decompress_unlzma: Do a NULL check for pointer 2015-09-10 13:29:01 -07:00
decompress_unlzo.c lib/decompressors: use real out buf size for gunzip with kernel 2015-09-10 13:29:01 -07:00
decompress_unxz.c lib/decompressors: use real out buf size for gunzip with kernel 2015-09-10 13:29:01 -07:00
devres.c devres: use to_pci_dev() 2016-02-07 23:17:59 -08:00
digsig.c lib/digsig: fix dereference of NULL user_key_payload 2017-10-27 10:38:08 +02:00
div64.c __div64_32(): make it overridable at compile time 2015-11-16 14:42:12 -05:00
dma-debug.c dmaengine updates for 4.8-rc1 2016-10-06 17:13:54 -07:00
dma-noop.c dma-mapping: use unsigned long for dma_attrs 2016-08-04 08:50:07 -04:00
dump_stack.c dump_stack: avoid potential deadlocks 2016-02-05 18:10:40 -08:00
dynamic_debug.c dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 2017-12-14 09:28:22 +01:00
dynamic_queue_limits.c lib/dynamic_queue_limits.c: simplify includes 2015-02-12 18:54:15 -08:00
earlycpio.c lib/cpio: Make find_cpio_data()'s offset arg optional 2016-06-08 11:04:19 +02:00
extable.c extable: add support for relative extables to search and sort routines 2016-02-24 14:57:26 +00:00
fault-inject.c fault-inject: fix inverted interval/probability values in printk 2015-10-23 17:55:10 +09:00
fdt.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
find_bit.c lib: rename lib/find_next_bit.c to lib/find_bit.c 2015-04-17 09:03:54 -04:00
flex_array.c
flex_proportions.c lib+mm: fix few spelling mistakes 2016-02-15 11:18:23 +01:00
gcd.c lib/GCD.c: use binary GCD algorithm instead of Euclidean 2016-05-20 17:58:30 -07:00
gen_crc32table.c lib: crc32: constify crc32 lookup table 2015-02-13 21:21:35 -08:00
genalloc.c lib/genalloc.c: make the avail variable an atomic_long_t 2017-12-14 09:28:22 +01:00
glob.c lib/glob.c: add CONFIG_GLOB_SELFTEST 2014-08-06 18:01:25 -07:00
halfmd4.c lib/halfmd4.c: use rol32 inline function in the ROUND macro 2015-11-06 17:50:42 -08:00
hexdump.c lib/hexdump.c: truncate output in case of overflow 2015-11-06 17:50:42 -08:00
hweight.c x86/hweight: Get rid of the special calling convention 2016-06-08 15:01:02 +02:00
idr.c mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
inflate.c
int_sqrt.c
interval_tree.c lib/interval_tree.c: simplify includes 2015-02-12 18:54:15 -08:00
interval_tree_test.c
iomap.c
iomap_copy.c lib/iomap_copy.c: add __ioread32_copy() 2016-01-20 17:09:18 -08:00
iommu-common.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2015-11-05 16:34:48 -08:00
iommu-helper.c lib/iommu-helper: skip to next segment 2016-08-02 19:35:07 -04:00
ioremap.c x86, mm: support huge KVA mappings on x86 2015-04-14 16:49:04 -07:00
iov_iter.c new privimitive: iov_iter_revert() 2017-04-21 09:31:21 +02:00
irq_poll.c This adds a new gcc plugin named "latent_entropy". It is designed to 2016-10-15 10:03:15 -07:00
irq_regs.c
is_single_threaded.c lib/is_single_threaded.c: change current_is_single_threaded() to use for_each_thread() 2015-11-06 17:50:42 -08:00
jedec_ddr_data.c
kasprintf.c lib/kasprintf.c: add sanity check to kvasprintf 2016-01-16 11:17:27 -08:00
Kconfig Merge branch 'akpm' (patches from Andrew) 2016-10-07 21:38:00 -07:00
Kconfig.debug lib/Kconfig.debug: fix frv build failure 2017-08-11 08:49:36 -07:00
Kconfig.kasan mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB 2016-07-28 16:07:41 -07:00
Kconfig.kgdb kgdb: depends on VT 2016-05-23 17:04:14 -07:00
Kconfig.kmemcheck
Kconfig.ubsan ubsan: allow to disable the null sanitizer 2016-09-20 14:26:08 +02:00
kfifo.c kfifo: use BUG_ON 2014-08-08 15:57:25 -07:00
klist.c klist: fix starting point removed bug in klist iterators 2016-02-07 22:18:47 -08:00
kobject.c kobject: export kset_find_obj() for module use 2016-02-09 17:36:34 -08:00
kobject_uevent.c lib/kobject_uevent.c: remove redundant include 2015-02-12 18:54:15 -08:00
kstrtox.c lib/kstrtox.c: smaller _parse_integer() 2016-10-11 15:06:30 -07:00
kstrtox.h
lcm.c block: fix blk_stack_limits() regression due to lcm() change 2015-03-31 09:45:50 -06:00
libcrc32c.c crypto: Work around deallocated stack frame reference gcc bug on sparc. 2017-06-24 07:11:17 +02:00
list_debug.c list: kill list_force_poison() 2016-03-09 15:43:42 -08:00
list_sort.c lib/list_sort: use late_initcall to hook in self tests 2015-06-16 14:12:35 -04:00
llist.c lib/llist.c: fix data race in llist_del_first 2015-11-06 17:50:42 -08:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c locking/selftest: Fix output since KERN_CONT changes 2016-11-25 07:12:19 +01:00
lockref.c locking/lockref: Remove homebrew cmpxchg64_relaxed() macro definition 2015-08-12 11:59:04 +02:00
lru_cache.c lru_cache: Converted lc_seq_printf_status to return void 2015-11-25 09:22:02 -07:00
Makefile kcov: do not instrument lib/stackdepot.c 2016-10-11 15:06:32 -07:00
md5.c lib/md5.c: simplify include 2015-02-12 18:54:15 -08:00
memory-notifier-error-inject.c
memweight.c
net_utils.c mac_pton: Use bool not int return 2014-06-25 17:45:43 -07:00
netdev-notifier-error-inject.c net: Add support for CHANGEUPPER notifier error injection 2015-12-03 11:49:23 -05:00
nlattr.c libnl: fix help of _64bit functions 2016-04-23 20:13:24 -04:00
nmi_backtrace.c nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
nodemask.c include/linux/nodemask.h: create next_node_in() helper 2016-05-19 19:12:14 -07:00
notifier-error-inject.c
notifier-error-inject.h
of-reconfig-notifier-error-inject.c
oid_registry.c
once.c once: make helper generic for calling functions once 2015-10-08 05:26:36 -07:00
parser.c
pci_iomap.c libnvdimm for 4.3: 2015-09-08 14:35:59 -07:00
percpu-refcount.c percpu-refcount: init ->confirm_switch member properly 2016-08-11 13:52:23 -04:00
percpu_counter.c percpu_counter: update debugobjects fixup callbacks return type 2016-05-19 19:12:14 -07:00
percpu_ida.c mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM 2015-11-06 17:50:42 -08:00
percpu_test.c
plist.c lib/plist.c: remove redundant include 2015-02-12 18:54:16 -08:00
pm-notifier-error-inject.c
radix-tree.c Revert "radix tree test suite: fix compilation" 2016-12-09 10:41:42 -08:00
random32.c This adds a new gcc plugin named "latent_entropy". It is designed to 2016-10-15 10:03:15 -07:00
ratelimit.c lib/ratelimit.c: use deferred printk() version 2017-10-12 11:51:19 +02:00
rational.c
rbtree.c Introduce rb_replace_node_rcu() 2016-07-06 10:51:14 +01:00
rbtree_test.c
reciprocal_div.c
rhashtable.c rhashtable: Add rhlist interface 2016-09-20 04:43:36 -04:00
sbitmap.c sbitmap: initialize weight to zero 2016-09-19 08:19:40 -06:00
scatterlist.c scatterlist: fix a typo in comment block of sg_miter_stop() 2016-02-08 10:15:17 -08:00
seq_buf.c tracing: Use seq_buf_used() in seq_buf_to_user() instead of len 2015-12-23 14:27:20 -05:00
sg_pool.c lib: scatterlist: move SG pool code from SCSI driver to lib/sg_pool.c 2016-04-15 16:53:14 -04:00
sg_split.c lib: scatterlist: add sg splitting function 2015-08-24 14:28:01 -06:00
sha1.c lib: EXPORT_SYMBOL sha_init 2015-03-23 22:12:08 -04:00
show_mem.c lib/show_mem.c: correct reserved memory calculation 2015-09-08 15:35:28 -07:00
smp_processor_id.c
sort.c lib/sort: Add 64 bit swap function 2015-06-25 17:00:40 -07:00
stackdepot.c lib/stackdepot: export save/fetch stack for drivers 2016-11-11 08:12:37 -08:00
stmp_device.c lib/stmp_device.c: replace module.h include 2015-02-12 18:54:16 -08:00
string.c lib: move strtobool() to kstrtobool() 2016-03-17 15:09:34 -07:00
string_helpers.c string_helpers: add kstrdup_quotable_file 2016-04-21 10:47:26 +10:00
strncpy_from_user.c lib: harden strncpy_from_user 2016-10-11 15:06:30 -07:00
strnlen_user.c unsafe_[get|put]_user: change interface to use a error target label 2016-08-08 13:02:01 -07:00
swiotlb.c swiotlb: ensure that page-sized mappings are page-aligned 2017-07-05 14:40:26 +02:00
syscall.c lib/syscall: Clear return values when no stack 2017-04-08 09:30:35 +02:00
test-kstrtox.c kstrto*: accept "-0" for signed conversion 2015-09-10 13:29:01 -07:00
test-string_helpers.c lib/test-string_helpers.c: fix and improve string_get_size() tests 2016-02-03 08:28:43 -08:00
test_bitmap.c test_bitmap: unit tests for lib/bitmap.c 2016-02-19 22:54:09 -05:00
test_bpf.c bpf: introduce BPF_JIT_ALWAYS_ON config 2018-01-31 12:55:56 +01:00
test_firmware.c test: firmware_class: add asynchronous request trigger 2016-01-07 13:44:22 -07:00
test_hash.c lib/test_hash.c: fix warning in preprocessor symbol evaluation 2016-09-01 17:52:01 -07:00
test_hexdump.c test_hexdump: print statistics at the end 2016-01-20 17:09:18 -08:00
test_kasan.c kasan: support use-after-scope detection 2016-11-30 16:32:52 -08:00
test_module.c
test_printf.c mm, printk: introduce new format string for flags 2016-03-15 16:55:16 -07:00
test_rhashtable.c rhashtable-test: Fix max_size parameter description 2016-08-08 12:52:42 -07:00
test_static_key_base.c locking/static_keys: Provide a selftest 2015-08-03 11:51:12 +02:00
test_static_keys.c locking/static_keys: Avoid nested functions 2016-02-09 10:27:29 +01:00
test_user_copy.c usercopy: Adjust tests to deal with SMAP/PAN 2017-06-14 15:06:05 +02:00
test_uuid.c lib/uuid: add a test module 2016-05-30 15:26:57 -07:00
textsearch.c lib/textsearch.c: remove textsearch_put reference from comments 2014-10-14 02:18:14 +02:00
timerqueue.c timerqueue: Let timerqueue_add/del return information 2015-04-22 17:06:49 +02:00
ts_bm.c
ts_fsm.c
ts_kmp.c
ubsan.c UBSAN: fix typo in format string 2016-08-02 17:31:41 -04:00
ubsan.h UBSAN: run-time undefined behavior sanity checker 2016-01-20 17:09:18 -08:00
ucs2_string.c lib/ucs2_string: Speed up ucs2_utf8size() 2016-09-09 16:08:46 +01:00
uuid.c lib/uuid.c: use correct offset in uuid parser 2016-05-30 15:26:57 -07:00
vsprintf.c lib/uuid.c: introduce a few more generic helpers 2016-05-20 17:58:30 -07:00
win_minmax.c lib/win_minmax: windowed min or max estimator 2016-09-21 00:22:59 -04:00