Re: [PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-15 Thread Will Deacon
On Mon, Sep 15, 2014 at 02:52:40PM +0100, Daniel Borkmann wrote: > On 09/13/2014 06:32 AM, Z Lim wrote: > > On Fri, Sep 12, 2014 at 10:35 AM, Daniel Borkmann > > wrote: > >> This is the ARM64 variant for 314beb9bcab ("x86: bpf_jit_comp: secure bpf > >> jit against spraying attacks"). > >> > >>

Re: [PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-15 Thread Daniel Borkmann
On 09/13/2014 06:32 AM, Z Lim wrote: On Fri, Sep 12, 2014 at 10:35 AM, Daniel Borkmann wrote: This is the ARM64 variant for 314beb9bcab ("x86: bpf_jit_comp: secure bpf jit against spraying attacks"). Thanks to commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support") which added

Re: [PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-15 Thread Daniel Borkmann
On 09/13/2014 06:32 AM, Z Lim wrote: On Fri, Sep 12, 2014 at 10:35 AM, Daniel Borkmann dbork...@redhat.com wrote: This is the ARM64 variant for 314beb9bcab (x86: bpf_jit_comp: secure bpf jit against spraying attacks). Thanks to commit 11d91a770f1f (arm64: Add CONFIG_DEBUG_SET_MODULE_RONX

Re: [PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-15 Thread Will Deacon
On Mon, Sep 15, 2014 at 02:52:40PM +0100, Daniel Borkmann wrote: On 09/13/2014 06:32 AM, Z Lim wrote: On Fri, Sep 12, 2014 at 10:35 AM, Daniel Borkmann dbork...@redhat.com wrote: This is the ARM64 variant for 314beb9bcab (x86: bpf_jit_comp: secure bpf jit against spraying attacks).

Re: [PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-12 Thread Z Lim
On Fri, Sep 12, 2014 at 10:35 AM, Daniel Borkmann wrote: > This is the ARM64 variant for 314beb9bcab ("x86: bpf_jit_comp: secure bpf > jit against spraying attacks"). > > Thanks to commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX > support") which added necessary infrastructure, we

[PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-12 Thread Daniel Borkmann
This is the ARM64 variant for 314beb9bcab ("x86: bpf_jit_comp: secure bpf jit against spraying attacks"). Thanks to commit 11d91a770f1f ("arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support") which added necessary infrastructure, we can now implement RO marking of eBPF generated JIT image pages and

[PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-12 Thread Daniel Borkmann
This is the ARM64 variant for 314beb9bcab (x86: bpf_jit_comp: secure bpf jit against spraying attacks). Thanks to commit 11d91a770f1f (arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support) which added necessary infrastructure, we can now implement RO marking of eBPF generated JIT image pages and

Re: [PATCH arm64-next v2] net: bpf: arm64: address randomize and write protect JIT code

2014-09-12 Thread Z Lim
On Fri, Sep 12, 2014 at 10:35 AM, Daniel Borkmann dbork...@redhat.com wrote: This is the ARM64 variant for 314beb9bcab (x86: bpf_jit_comp: secure bpf jit against spraying attacks). Thanks to commit 11d91a770f1f (arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support) which added necessary