From: Florian Westphal <fw@strlen.de>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit against spraying attacks
Date: Mon, 20 May 2013 16:19:41 +0200 [thread overview]
Message-ID: <20130520141941.GA16412@breakpoint.cc> (raw)
In-Reply-To: <1368844623.3301.142.camel@edumazet-glaptop>
Eric Dumazet <eric.dumazet@gmail.com> wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> hpa bringed into my attention some security related issues
> with BPF JIT on x86.
>
> This patch makes sure the bpf generated code is marked read only,
> as other kernel text sections.
>
> It also splits the unused space (we vmalloc() and only use a fraction of
> the page) in two parts, so that the generated bpf code not starts at a
> known offset in the page, but a pseudo random one.
>
> Refs:
> http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
What about emitting additional instructions at random locations in the
generated code itself?
Eg., after every instruction, have random chance to insert
'xor $0xcc,%al; xor $0xcc,%al', etc?
next prev parent reply other threads:[~2013-05-20 14:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-18 2:37 [PATCH net-next] x86: bpf_jit_comp: secure bpf jit against spraying attacks Eric Dumazet
2013-05-19 17:02 ` Daniel Borkmann
2013-05-20 6:55 ` David Miller
2013-05-20 6:56 ` David Miller
2013-05-20 8:51 ` David Laight
2013-05-20 8:51 ` David Laight
2013-05-20 9:50 ` Daniel Borkmann
2013-05-20 13:52 ` Eric Dumazet
2013-05-20 13:34 ` Eric Dumazet
2013-05-20 14:19 ` Florian Westphal [this message]
2013-05-20 14:26 ` Eric Dumazet
2013-05-20 14:35 ` David Laight
2013-05-20 14:35 ` David Laight
2013-05-24 17:23 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130520141941.GA16412@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.