Commits
Sami Tolvanen committed ff5bf35998c
ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI With CONFIG_BPF_JIT, the kernel makes indirect calls to dynamically generated code, which the compile-time Control-Flow Integrity (CFI) checking cannot validate. This change adds basic sanity checking to ensure we are jumping to a valid location, which narrows down the attack surface on the stored pointer. In addition, this change adds a weak arch_bpf_jit_check_func function, which architectures that implement BPF JIT can override to perform additional validation, such as verifying that the pointer points to the correct memory region. Bug: 145210207 Change-Id: I1a90c70cdcef25673a870d3c4f2586a829c0d32e Signed-off-by: Sami Tolvanen <samitolvanen@google.com>