Gentoo Archives: gentoo-user

From: Nikos Chantziaras <realnc@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: some spectre v1 code in 4.15.2
Date: Tue, 13 Feb 2018 02:18:47
Message-Id: p5tho9$kr4$1@blaine.gmane.org
In Reply to: [gentoo-user] Re: some spectre v1 code in 4.15.2 by Ian Zimmerman
1 On 13/02/18 03:31, Ian Zimmerman wrote:
2 > On 2018-02-13 03:13, Nikos Chantziaras wrote:
3 >
4 >> Apparently, and contrary to what people (me included) wrote here in
5 >> the past, BPF JIT is the secure option, and the interpreter is the
6 >> insecure one.
7 >
8 > Do you have a reference for this? It sounds strange indeed.
9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=290af86629b25ffd1ed6232c4e9107da031705cb
10
11 "The BPF interpreter has been used as part of the spectre 2 attack
12 CVE-2017-5715.
13 [...]
14 To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
15 option that removes interpreter from the kernel in favor of JIT-only mode."

Replies

Subject Author
Re: [gentoo-user] Re: some spectre v1 code in 4.15.2 Mick <michaelkintzios@×××××.com>