On Fri, 2017-01-13 at 17:10:01 UTC, "Naveen N. Rao" wrote: > With bpf_jit_binary_alloc(), we allocate at a page granularity and fill > the rest of the space with illegal instructions to mitigate BPF spraying > attacks, while having the actual JIT'ed BPF program at a random location > within the allocated space. Under this scenario, it would be better to > flush the entire allocated buffer rather than just the part containing > the actual program. We already flush the buffer from start to the end of > the BPF program. Extend this to include the illegal instructions after > the BPF program. > > Signed-off-by: Naveen N. Rao <naveen.n....@linux.vnet.ibm.com> > Acked-by: Alexei Starovoitov <a...@kernel.org> > Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/10528b9c45cfb9e8f45217ef2f5ef8 cheers
