From: | Nikos Chantziaras <realnc@×××××.com> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | [gentoo-user] Re: some spectre v1 code in 4.15.2 | ||
Date: | Tue, 13 Feb 2018 02:18:47 | ||
Message-Id: | p5tho9$kr4$1@blaine.gmane.org | ||
In Reply to: | [gentoo-user] Re: some spectre v1 code in 4.15.2 by Ian Zimmerman |
1 | On 13/02/18 03:31, Ian Zimmerman wrote: |
2 | > On 2018-02-13 03:13, Nikos Chantziaras wrote: |
3 | > |
4 | >> Apparently, and contrary to what people (me included) wrote here in |
5 | >> the past, BPF JIT is the secure option, and the interpreter is the |
6 | >> insecure one. |
7 | > |
8 | > Do you have a reference for this? It sounds strange indeed. |
9 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=290af86629b25ffd1ed6232c4e9107da031705cb |
10 | |
11 | "The BPF interpreter has been used as part of the spectre 2 attack |
12 | CVE-2017-5715. |
13 | [...] |
14 | To make attacker job harder introduce BPF_JIT_ALWAYS_ON config |
15 | option that removes interpreter from the kernel in favor of JIT-only mode." |
Subject | Author |
---|---|
Re: [gentoo-user] Re: some spectre v1 code in 4.15.2 | Mick <michaelkintzios@×××××.com> |