Add a new Kconfig option CONFIG_BPF_JIT_KASAN that automatically enables generic KASAN (Kernel Address SANitizer) memory access checks for JIT-compiled BPF programs as well, when both KASAN_GENERIC and JIT compiler are enabled. This new Kconfig is not a user selectable one: it is either automatically enabled if KASAN is enabled on a compatible platform, or disabled. When enabled, the JIT compiler will emit shadow memory checks before memory loads and stores to detect use-after-free or out-of-bounds accesses at runtime. The option is gated behind HAVE_EBPF_JIT_KASAN, as it needs proper arch-specific implementation.
As KASAN instrumentation for eBPF program will depend on the info that can be accessed during each instruction verification, there may be instructions that will be instrumented even if they don't really need to (eg: global subprograms that access caller stack memory passed as argument). To make sure that those additional checks do not trigger any crash, make sure that VMAP_STACK is enabled so that programs stack has shadow memory allocated. Signed-off-by: Alexis Lothoré (eBPF Foundation) <[email protected]> --- Changes in v2: - add dependency on kasan for vmalloc and vmalloc'ed stack --- kernel/bpf/Kconfig | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig index eb3de35734f0..a8e004f88b92 100644 --- a/kernel/bpf/Kconfig +++ b/kernel/bpf/Kconfig @@ -17,6 +17,10 @@ config HAVE_CBPF_JIT config HAVE_EBPF_JIT bool +# KASAN support for JIT compiler +config HAVE_EBPF_JIT_KASAN + bool + # Used by archs to tell that they want the BPF JIT compiler enabled by # default for kernels that were compiled with BPF JIT support. config ARCH_WANT_DEFAULT_BPF_JIT @@ -101,4 +105,9 @@ config BPF_LSM If you are unsure how to answer this question, answer N. +config BPF_JIT_KASAN + bool + depends on HAVE_EBPF_JIT_KASAN + default y if BPF_JIT && KASAN_GENERIC && KASAN_VMALLOC && VMAP_STACK + endmenu # "BPF subsystem" -- 2.54.0
