moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bpf: disable CFI in dispatcher functions

Browse Source 
BPF dispatcher functions are patched at runtime to perform direct
instead of indirect calls. Disable CFI for the dispatcher functions to
avoid conflicts.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210408182843.1754385-9-samitolvanen@google.com
This commit is contained in:
Sami Tolvanen
2021-04-08 11:28:33 -07:00
committed by Kees Cook
parent 8b8e6b5d3b
commit 9f5b400998
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/linux/bpf.h
View File

@@ -650,7 +650,7 @@ struct bpf_dispatcher {
struct bpf_ksym ksym; struct bpf_ksym ksym;
}; };
static __always_inline unsigned int bpf_dispatcher_nop_func( static __always_inline __nocfi unsigned int bpf_dispatcher_nop_func(
const void *ctx, const void *ctx,
const struct bpf_insn *insnsi, const struct bpf_insn *insnsi,
unsigned int (*bpf_func)(const void *, unsigned int (*bpf_func)(const void *,
@@ -678,7 +678,7 @@ void bpf_trampoline_put(struct bpf_trampoline *tr);
} }
#define DEFINE_BPF_DISPATCHER(name) \ #define DEFINE_BPF_DISPATCHER(name) \
noinline unsigned int bpf_dispatcher_##name##_func( \ noinline __nocfi unsigned int bpf_dispatcher_##name##_func( \
const void *ctx, \ const void *ctx, \
const struct bpf_insn *insnsi, \ const struct bpf_insn *insnsi, \
unsigned int (*bpf_func)(const void *, \ unsigned int (*bpf_func)(const void *, \