bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()

set_memory_rox() can fail, leaving memory unprotected. Check return and bail out when bpf_jit_binary_lock_ro() returns an error. Link: https://github.com/KSPP/linux/issues/7 Signed-off-by: Christophe Leroy <[email protected]> Cc: [email protected] <[email protected]> Reviewed-by: Kees Cook <[email protected]> Reviewed-by: Puranjay Mohan <[email protected]> Reviewed-by: Ilya Leoshkevich <[email protected]> # s390x Acked-by: Tiezhu Yang <[email protected]> # LoongArch Reviewed-by: Johan Almbladh <[email protected]> # MIPS Part Message-ID: <036b6393f23a2032ce75a1c92220b2afcb798d5d.1709850515.git.christophe.leroy@csgroup.eu> Signed-off-by: Alexei Starovoitov <[email protected]>
author: Christophe Leroy <[email protected]> 2024-03-08 06:38:08 +0100
committer: Alexei Starovoitov <[email protected]> 2024-03-14 19:28:52 -0700
commit: e60adf513275c3a38e5cb67f7fd12387e43a3ff5 (patch)
tree: f154a2a436cb986c45b30f5090aca12218d43a2c /arch/s390/net/bpf_jit_comp.c
parent: 7d2cc63eca0c993c99d18893214abf8f85d566d8 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index b418333bb086..e613eebfd349 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -2111,7 +2111,11 @@ skip_init_ctx:
 		print_fn_code(jit.prg_buf, jit.size_prg);
 	}
 	if (!fp->is_func || extra_pass) {
-		bpf_jit_binary_lock_ro(header);
+		if (bpf_jit_binary_lock_ro(header)) {
+			bpf_jit_binary_free(header);
+			fp = orig_fp;
+			goto free_addrs;
+		}
 	} else {
 		jit_data->header = header;
 		jit_data->ctx = jit;
author	Christophe Leroy <[email protected]>	2024-03-08 06:38:08 +0100
committer	Alexei Starovoitov <[email protected]>	2024-03-14 19:28:52 -0700
commit	e60adf513275c3a38e5cb67f7fd12387e43a3ff5 (patch)
tree	f154a2a436cb986c45b30f5090aca12218d43a2c /arch/s390/net/bpf_jit_comp.c
parent	7d2cc63eca0c993c99d18893214abf8f85d566d8 (diff)