Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks

From: Eric Dumazet
Date: Mon May 20 2013 - 10:26:41 EST

Next message: Paul E. McKenney: "[PATCH tip/core/rcu 5/6] rcu: Merge adjacent identical ifdefs"
Previous message: Rob Clark: "Re: [RFC] drm: i2c: add irq handler for tda998x slave encoder"
In reply to: Florian Westphal: "Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks"
Next in thread: David Laight: "RE: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit against spraying attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2013-05-20 at 16:19 +0200, Florian Westphal wrote:

> What about emitting additional instructions at random locations in the
> generated code itself?
>
> Eg., after every instruction, have random chance to insert
> 'xor $0xcc,%al; xor $0xcc,%al', etc?

This will be the latest thing I'll do.

Frankly, whole point of BPF JIT is speed.

If we have slow code, just use the interpretor instead.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul E. McKenney: "[PATCH tip/core/rcu 5/6] rcu: Merge adjacent identical ifdefs"
Previous message: Rob Clark: "Re: [RFC] drm: i2c: add irq handler for tda998x slave encoder"
In reply to: Florian Westphal: "Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks"
Next in thread: David Laight: "RE: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit against spraying attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]