On 1/7/26 13:50, Alexei Starovoitov wrote:
> On Tue Jun 30, 2026 at 7:59 PM PDT, Leon Hwang wrote:
>> On 1/7/26 07:12, Alexei Starovoitov wrote:
>>> On Fri Jun 26, 2026 at 8:43 AM PDT, Leon Hwang wrote:
>> [...]
>>>
>>> I don't think we need such fallback in patch [3].
>>
>> Do you mean we can add the internal BPF_ADDR_PERCPU insn support to the
>> interpreter?
>
> No. See why CONFIG_BPF_JIT_ALWAYS_ON was introduced.
> The interpreter is a security hole.

Got it. The commit message of
290af86629b2 ("bpf: introduce BPF_JIT_ALWAYS_ON config") has explained
the security concern.

> It has to be _compiled out_ of the kernel.
> Hence all patches that improve fallback to interpreter are misguided.
> The interpreter has to be removed completely... sooner or later.

Will disallow interpreter fallback for the internal BPF_ADDR_PERCPU
insn.

Thanks,
Leon

Reply via email to