diff options
author | Jordan Niethe <jniethe5@gmail.com> | 2021-06-09 11:34:28 +1000 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2021-06-21 21:13:21 +1000 |
commit | 62e3d4210ac9c35783d0e8fc306df4239c540a79 (patch) | |
tree | 4cf3f9961c53c4a2b09f96c7840e3542f1b1a0cd /arch/powerpc/net | |
parent | bc33cfdb0bb84d9e4b125a617a437c29ddcac4d9 (diff) | |
download | lwn-62e3d4210ac9c35783d0e8fc306df4239c540a79.tar.gz lwn-62e3d4210ac9c35783d0e8fc306df4239c540a79.zip |
powerpc/bpf: Write protect JIT code
Add the necessary call to bpf_jit_binary_lock_ro() to remove write and
add exec permissions to the JIT image after it has finished being
written.
Without CONFIG_STRICT_MODULE_RWX the image will be writable and
executable until the call to bpf_jit_binary_lock_ro().
Signed-off-by: Jordan Niethe <jniethe5@gmail.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210609013431.9805-7-jniethe5@gmail.com
Diffstat (limited to 'arch/powerpc/net')
-rw-r--r-- | arch/powerpc/net/bpf_jit_comp.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index 6c8c268e4fe8..53aefee3fe70 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c @@ -237,6 +237,7 @@ skip_codegen_passes: fp->jited_len = alloclen; bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE)); + bpf_jit_binary_lock_ro(bpf_hdr); if (!fp->is_func || extra_pass) { bpf_prog_fill_jited_linfo(fp, addrs); out_addrs: |