On 13/02/18 03:31, Ian Zimmerman wrote:
On 2018-02-13 03:13, Nikos Chantziaras wrote:

Apparently, and contrary to what people (me included) wrote here in
the past, BPF JIT is the secure option, and the interpreter is the
insecure one.

Do you have a reference for this?  It sounds strange indeed.

"The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715.
To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
option that removes interpreter from the kernel in favor of JIT-only mode."

Reply via email to