Le 11/04/2021 à 13:09, Paul Menzel a écrit :
Dear Linux folks,
Related to * [CVE-2021-29154] Linux kernel incorrect computation of branch displacements in BPF JIT
compiler can be abused to execute arbitrary code in Kernel mode* [1], on the POWER8 system IBM
S822LC with self-built Linux 5.12.0-rc5+, I am unable to disable `bpf_jit_enable`.
$ /sbin/sysctl net.core.bpf_jit_enable
net.core.bpf_jit_enable = 1
$ sudo /sbin/sysctl -w net.core.bpf_jit_enable=0
sysctl: setting key "net.core.bpf_jit_enable": Invalid argument
It works on an x86 with Debian sid/unstable and Linux 5.10.26-1.
Maybe you have selected CONFIG_BPF_JIT_ALWAYS_ON in your self-built kernel ?
config BPF_JIT_ALWAYS_ON
bool "Permanently enable BPF JIT and remove BPF interpreter"
depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT
help
Enables BPF JIT and removes BPF interpreter to avoid
speculative execution of BPF instructions by the interpreter
Christophe
