On Fri, Jan 5, 2024 at 8:58 AM Maxwell Bland <mbland@xxxxxxxxxxxx> wrote: > > > With the inclusion of Peter's CFI patches and the adaption of these to ARM, there's already strong progress towards security for BPF's JIT. If the mixing executable code with data issue gets fixed too, then it will soon become possible to treat BPF JIT programs like any other part of the .text section, which seems like a huge win, since BPF then gets all or many of the fruits of standard .text section security. FYI kCFI + BPF fixes for x86 have landed in Linus's tree today. Somebody needs to do the work for arm64 JIT. Since bpf core pieces are ready it will be a bit easier.