Skip to content
  • Daniel Borkmann's avatar
    net: bpf: consolidate JIT binary allocator · 738cbe72
    Daniel Borkmann authored
    Introduced in commit 314beb9b ("x86: bpf_jit_comp: secure bpf jit
    against spraying attacks") and later on replicated in aa2d2c73
    ("s390/bpf,jit: address randomize and write protect jit code") for
    s390 architecture, write protection for BPF JIT images got added and
    a random start address of the JIT code, so that it's not on a page
    boundary anymore.
    Since both use a very similar allocator for the BPF binary header,
    we can consolidate this code into the BPF core as it's mostly JIT
    independant anyway.
    This will also allow for future archs that support DEBUG_SET_MODULE_RONX
    to just reuse instead of reimplementing it.
    JIT tested on x86_64 and s390x with BPF test suite.
    Signed-off-by: default avatarDaniel Borkmann <>
    Acked-by: default avatarAlexei Starovoitov <>
    Cc: Eric Dumazet <>
    Cc: Heiko Carstens <>
    Cc: Martin Schwidefsky <>
    Signed-off-by: default avatarDavid S. Miller <>