diff options
| author | Ravi Bangoria <[email protected]> | 2021-10-12 12:30:54 +0000 |
|---|---|---|
| committer | Michael Ellerman <[email protected]> | 2021-11-25 00:25:32 +0000 |
| commit | 9c70c7147ffec31de67d33243570a533b29f9759 (patch) | |
| tree | 7c7e32383adc9ddce499014df4dd355d49f0bf3c /arch/powerpc/lib/code-patching.c | |
| parent | bpf ppc64: Add BPF_PROBE_MEM support for JIT (diff) | |
| download | kernel-9c70c7147ffec31de67d33243570a533b29f9759.tar.gz kernel-9c70c7147ffec31de67d33243570a533b29f9759.zip | |
bpf ppc64: Access only if addr is kernel address
On PPC64 with KUAP enabled, any kernel code which wants to
access userspace needs to be surrounded by disable-enable KUAP.
But that is not happening for BPF_PROBE_MEM load instruction.
So, when BPF program tries to access invalid userspace address,
page-fault handler considers it as bad KUAP fault:
Kernel attempted to read user page (d0000000) - exploit attempt? (uid: 0)
Considering the fact that PTR_TO_BTF_ID (which uses BPF_PROBE_MEM
mode) could either be a valid kernel pointer or NULL but should
never be a pointer to userspace address, execute BPF_PROBE_MEM load
only if addr is kernel address, otherwise set dst_reg=0 and move on.
This will catch NULL, valid or invalid userspace pointers. Only bad
kernel pointer will be handled by BPF exception table.
[Alexei suggested for x86]
Suggested-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Ravi Bangoria <[email protected]>
Signed-off-by: Hari Bathini <[email protected]>
Reviewed-by: Christophe Leroy <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'arch/powerpc/lib/code-patching.c')
0 files changed, 0 insertions, 0 deletions