On Sat, Nov 14, 2015 at 01:26:53AM +0100, Daniel Borkmann wrote:
> During review I noticed that the icache range we're flushing should
> start at header already and not at ctx.image.
>
> Reason is that after 55309dd3d4cd ("net: bpf: arm: address randomize
> and write protect JIT code"), we also want to make sure to flush the
> random-sized trap in front of the start of the actual program (analogous
> to x86). No operational differences from user side.
>
> Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
> Tested-by: Nicolas Schichan <nschic...@freebox.fr>
> Cc: Alexei Starovoitov <a...@kernel.org>
> ---
> ( As arm32 fixes usually go via Dave's tree, targeting -net. )
>
> arch/arm/net/bpf_jit_32.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
> index 2f4b14c..591f9db 100644
> --- a/arch/arm/net/bpf_jit_32.c
> +++ b/arch/arm/net/bpf_jit_32.c
> @@ -1061,7 +1061,7 @@ void bpf_jit_compile(struct bpf_prog *fp)
> }
> build_epilogue(&ctx);
>
> - flush_icache_range((u32)ctx.target, (u32)(ctx.target + ctx.idx));
> + flush_icache_range((u32)header, (u32)(ctx.target + ctx.idx));
As with the arm64 patch, doesn't this prevent us from flushing the end
of the image? ctx.idx doesn't seem to take into account the header size.
Mark.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
