On Tuesday, 13 February 2018 02:18:33 GMT Nikos Chantziaras wrote:
> On 13/02/18 03:31, Ian Zimmerman wrote:
> > On 2018-02-13 03:13, Nikos Chantziaras wrote:
> >> Apparently, and contrary to what people (me included) wrote here in
> >> the past, BPF JIT is the secure option, and the interpreter is the
> >> insecure one.
> > 
> > Do you have a reference for this?  It sounds strange indeed.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i
> d=290af86629b25ffd1ed6232c4e9107da031705cb
> "The BPF interpreter has been used as part of the spectre 2 attack
> CVE-2017-5715.
> [...]
> To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
> option that removes interpreter from the kernel in favor of JIT-only mode."

Thanks for sharing this Nikos.

Perhaps I'm reading the referenced post wrong.  If the BPF interpreter has 
been used for spectre2, then disabling CONFIG_BPF_SYSCALL does away with it 
altogether, rather than turning it on and then setting BPF_JIT_ALWAYS_ON to 
guard against its inherent vulnerability by using JIT-only mode?  Is there 
some overriding benefit of having BPF enabled at all in the first place?

PS. I don't remotely assume I properly understand the BPF mechanism, I just 
want to test my understanding above.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to