diff options
| author |  Christophe Leroy <christophe.leroy@csgroup.eu>
| 2024-03-16 08:35:41 +0100 |
|---|---|---|
| committer |  Martin KaFai Lau <martin.lau@kernel.org>
| 2024-03-18 14:18:47 -0700 |
| commit | c733239f8f530872a1f80d8c45dcafbaff368737 (patch) | |
| tree | bd2fb53ca8a95c663a415f5b8a5479b338cfa7fd /net/bpf | |
| parent | bpf: Remove arch_unprotect_bpf_trampoline() (diff) | |
| download | linux-c733239f8f530872a1f80d8c45dcafbaff368737.tar.gz linux-c733239f8f530872a1f80d8c45dcafbaff368737.tar.bz2 linux-c733239f8f530872a1f80d8c45dcafbaff368737.zip | |
bpf: Check return from set_memory_rox()
arch_protect_bpf_trampoline() and alloc_new_pack() call
set_memory_rox() which can fail, leading to unprotected memory.
Take into account return from set_memory_rox() function and add
__must_check flag to arch_protect_bpf_trampoline().
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/fe1c163c83767fde5cab31d209a4a6be3ddb3a73.1710574353.git.christophe.leroy@csgroup.eu
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Diffstat (limited to 'net/bpf')
| -rw-r--r-- | net/bpf/bpf_dummy_struct_ops.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bpf/bpf_dummy_struct_ops.c b/net/bpf/bpf_dummy_struct_ops.c index de33dc1b0daa..25b75844891a 100644 --- a/net/bpf/bpf_dummy_struct_ops.c +++ b/net/bpf/bpf_dummy_struct_ops.c @@ -133,7 +133,9 @@ int bpf_struct_ops_test_run(struct bpf_prog *prog, const union bpf_attr *kattr, if (err < 0) goto out; - arch_protect_bpf_trampoline(image, PAGE_SIZE); + err = arch_protect_bpf_trampoline(image, PAGE_SIZE); + if (err) + goto out; prog_ret = dummy_ops_call_op(image, args); err = dummy_ops_copy_args(args); |