filter: do not output bpf image address for security reason

Do not leak starting address of BPF JIT code for non root users, as it might help intruders to perform an attack. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Ben Hutchings <bhutchings@solarflare.com> Cc: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2013-05-17 16:57:37 +0000
committer: David S. Miller <davem@davemloft.net> 2013-05-19 23:56:41 -0700
commit: 164954454a4b1000eb022415654001cceb9259a7 (patch)
tree: 3160f99d7714bd5dbff453bcec1b2d1d8987bf97
parent: 314beb9bcabfd6b4542ccbced2402af2c6f6142a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h
index c050dcc322a4..56a6b7fbb3c6 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -58,10 +58,10 @@ extern void bpf_jit_free(struct sk_filter *fp);
 static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen,
 				u32 pass, void *image)
 {
-	pr_err("flen=%u proglen=%u pass=%u image=%p\n",
+	pr_err("flen=%u proglen=%u pass=%u image=%pK\n",
 	       flen, proglen, pass, image);
 	if (image)
-		print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_ADDRESS,
+		print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET,
 			       16, 1, image, proglen, false);
 }
 #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns)
author	Eric Dumazet <edumazet@google.com>	2013-05-17 16:57:37 +0000
committer	David S. Miller <davem@davemloft.net>	2013-05-19 23:56:41 -0700
commit	164954454a4b1000eb022415654001cceb9259a7 (patch)
tree	3160f99d7714bd5dbff453bcec1b2d1d8987bf97
parent	314beb9bcabfd6b4542ccbced2402af2c6f6142a (diff)