| 1 |
On Tuesday, 13 February 2018 02:18:33 GMT Nikos Chantziaras wrote: |
| 2 |
> On 13/02/18 03:31, Ian Zimmerman wrote: |
| 3 |
> > On 2018-02-13 03:13, Nikos Chantziaras wrote: |
| 4 |
> >> Apparently, and contrary to what people (me included) wrote here in |
| 5 |
> >> the past, BPF JIT is the secure option, and the interpreter is the |
| 6 |
> >> insecure one. |
| 7 |
> > |
| 8 |
> > Do you have a reference for this? It sounds strange indeed. |
| 9 |
> |
| 10 |
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i |
| 11 |
> d=290af86629b25ffd1ed6232c4e9107da031705cb |
| 12 |
> |
| 13 |
> "The BPF interpreter has been used as part of the spectre 2 attack |
| 14 |
> CVE-2017-5715. |
| 15 |
> [...] |
| 16 |
> To make attacker job harder introduce BPF_JIT_ALWAYS_ON config |
| 17 |
> option that removes interpreter from the kernel in favor of JIT-only mode." |
| 18 |
|
| 19 |
Thanks for sharing this Nikos. |
| 20 |
|
| 21 |
Perhaps I'm reading the referenced post wrong. If the BPF interpreter has |
| 22 |
been used for spectre2, then disabling CONFIG_BPF_SYSCALL does away with it |
| 23 |
altogether, rather than turning it on and then setting BPF_JIT_ALWAYS_ON to |
| 24 |
guard against its inherent vulnerability by using JIT-only mode? Is there |
| 25 |
some overriding benefit of having BPF enabled at all in the first place? |
| 26 |
|
| 27 |
PS. I don't remotely assume I properly understand the BPF mechanism, I just |
| 28 |
want to test my understanding above. |
| 29 |
-- |
| 30 |
Regards, |
| 31 |
Mick |
Archives