Re: [PATCH] ebpf: verify the output of the JIT

2017-04-06 Thread Alexei Starovoitov
On Tue, Apr 04, 2017 at 09:45:36PM -0600, Tycho Andersen wrote: > Hi Kees, > > On Tue, Apr 04, 2017 at 03:17:57PM -0700, Kees Cook wrote: > > On Tue, Apr 4, 2017 at 3:08 PM, Tycho Andersen wrote: > > > The goal of this patch is to protect the JIT against an attacker with a > >

Re: [PATCH] ebpf: verify the output of the JIT

2017-04-06 Thread Alexei Starovoitov
On Tue, Apr 04, 2017 at 09:45:36PM -0600, Tycho Andersen wrote: > Hi Kees, > > On Tue, Apr 04, 2017 at 03:17:57PM -0700, Kees Cook wrote: > > On Tue, Apr 4, 2017 at 3:08 PM, Tycho Andersen wrote: > > > The goal of this patch is to protect the JIT against an attacker with a > > > write-in-memory

Re: [PATCH] ebpf: verify the output of the JIT

2017-04-05 Thread kbuild test robot
Hi Tycho, [auto build test WARNING on net/master] [also build test WARNING on v4.11-rc5 next-20170405] [cannot apply to tip/x86/core] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

Re: [PATCH] ebpf: verify the output of the JIT

2017-04-05 Thread kbuild test robot
Hi Tycho, [auto build test WARNING on net/master] [also build test WARNING on v4.11-rc5 next-20170405] [cannot apply to tip/x86/core] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

Re: [PATCH] ebpf: verify the output of the JIT

2017-04-04 Thread Tycho Andersen
Hi Kees, On Tue, Apr 04, 2017 at 03:17:57PM -0700, Kees Cook wrote: > On Tue, Apr 4, 2017 at 3:08 PM, Tycho Andersen wrote: > > The goal of this patch is to protect the JIT against an attacker with a > > write-in-memory primitive. The JIT allocates a buffer which will

Re: [PATCH] ebpf: verify the output of the JIT

2017-04-04 Thread Tycho Andersen
Hi Kees, On Tue, Apr 04, 2017 at 03:17:57PM -0700, Kees Cook wrote: > On Tue, Apr 4, 2017 at 3:08 PM, Tycho Andersen wrote: > > The goal of this patch is to protect the JIT against an attacker with a > > write-in-memory primitive. The JIT allocates a buffer which will eventually > > be marked

Re: [PATCH] ebpf: verify the output of the JIT

2017-04-04 Thread Kees Cook
On Tue, Apr 4, 2017 at 3:08 PM, Tycho Andersen wrote: > The goal of this patch is to protect the JIT against an attacker with a > write-in-memory primitive. The JIT allocates a buffer which will eventually > be marked +x, so we need to make sure that what was written to this

Re: [PATCH] ebpf: verify the output of the JIT

2017-04-04 Thread Kees Cook
On Tue, Apr 4, 2017 at 3:08 PM, Tycho Andersen wrote: > The goal of this patch is to protect the JIT against an attacker with a > write-in-memory primitive. The JIT allocates a buffer which will eventually > be marked +x, so we need to make sure that what was written to this buffer > is what was

[PATCH] ebpf: verify the output of the JIT

2017-04-04 Thread Tycho Andersen
The goal of this patch is to protect the JIT against an attacker with a write-in-memory primitive. The JIT allocates a buffer which will eventually be marked +x, so we need to make sure that what was written to this buffer is what was intended. We acheive this by building a hash of the

[PATCH] ebpf: verify the output of the JIT

2017-04-04 Thread Tycho Andersen
The goal of this patch is to protect the JIT against an attacker with a write-in-memory primitive. The JIT allocates a buffer which will eventually be marked +x, so we need to make sure that what was written to this buffer is what was intended. We acheive this by building a hash of the