On 13/02/18 03:31, Ian Zimmerman wrote:
On 2018-02-13 03:13, Nikos Chantziaras wrote:
Apparently, and contrary to what people (me included) wrote here in
the past, BPF JIT is the secure option, and the interpreter is the
Do you have a reference for this? It sounds strange indeed.
"The BPF interpreter has been used as part of the spectre 2 attack
To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
option that removes interpreter from the kernel in favor of JIT-only mode."