From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mga11.intel.com ([192.55.52.93]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fJSUI-0003lb-CA for speck@linutronix.de; Fri, 18 May 2018 01:39:10 +0200 Date: Thu, 17 May 2018 16:39:07 -0700 From: Andi Kleen Subject: [MODERATED] Re: Generic eBPF hardening Message-ID: <20180517233907.GD4486@tassilo.jf.intel.com> References: <20180517222233.xk3favfebt4wiiid@ast-mbp> <20180517225448.GC4486@tassilo.jf.intel.com> <20180517232115.mwmns6w6t32mjeze@ast-mbp> MIME-Version: 1.0 In-Reply-To: <20180517232115.mwmns6w6t32mjeze@ast-mbp> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: > I disagree with 'cheap' assessment. > The main use case for unprivileged bpf is so_reuseport and socket filters. > It's critical path of networking receive side. > Adding lfence after every program won't be cheap. I don't think we need any lfence at all. It makes no difference for stack reuse. All we need is stack clear for the locations that are script controlled. That should be quite cheap. Register clearing would be nice, and should be also cheap. -Andi