> -----Original Message----- > From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> > Sent: Wednesday, January 3, 2024 2:48 PM > To: Maxwell Bland <mbland@xxxxxxxxxxxx> > Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>; bpf@xxxxxxxxxxxxxxx; Andrew > Wheeler <awheeler@xxxxxxxxxxxx>; Sammy BS2 Que | 阙斌生 > <quebs2@xxxxxxxxxxxx>; di_jin@xxxxxxxxx > Subject: [External] Re: [PATCH 1/2] Adding BPF NX > > On Wed, Jan 3, 2024 at 11:16 AM Maxwell Bland <mbland@xxxxxxxxxxxx> > wrote: > > > > From: Tenut <tenut@Niobium> > > Subject: [PATCH 1/2] Adding BPF NX > > > > Reserve a memory region for BPF program, and check for it in the > interpreter. This simulate the effect of non-executable memory for BPF > execution. > > Hi Maxwell, > > interesting ideas in these two patches. > Coding style is not kernel, so if you want to upstream them you need to > follow the patch submission process more closely. > > Also checking that you're aware that the interpreter is not secure in general. > Secure systems must use CONFIG_BPF_JIT_ALWAYS_ON. > Adding extra checks to interpreter helps a bit, but you should really remove > the interpreter. Thanks Alexei, it looks like my email client ruined the formatting. I will use git send-email in the future. I was not aware! I see the interpreter is affected by Spectre, creating a double-edged sword. We have the interpreter disabled. Jin et al.'s patches and the approach need reworking. Without going into too much detail, I will see what I can do. Regards and thanks again, Maxwell Bland
