On Wed, Jan 3, 2024 at 11:16 AM Maxwell Bland <mbland@xxxxxxxxxxxx> wrote: > > From: Tenut <tenut@Niobium> > Subject: [PATCH 1/2] Adding BPF NX > > Reserve a memory region for BPF program, and check for it in the interpreter. This simulate the effect of non-executable memory for BPF execution. Hi Maxwell, interesting ideas in these two patches. Coding style is not kernel, so if you want to upstream them you need to follow the patch submission process more closely. Also checking that you're aware that the interpreter is not secure in general. Secure systems must use CONFIG_BPF_JIT_ALWAYS_ON. Adding extra checks to interpreter helps a bit, but you should really remove the interpreter.
