| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 May 2019 16:09:43 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: Alexei Starovoitov <ast@...com>,
Daniel Borkmann <daniel@...earbox.net>,
netdev <netdev@...r.kernel.org>, bpf@...r.kernel.org
Subject: Re: Question about seccomp / bpf
On Wed, May 08, 2019 at 02:21:52PM -0700, Eric Dumazet wrote:
> Hi Alexei and Daniel
>
> I have a question about seccomp.
>
> It seems that after this patch, seccomp no longer needs a helper
> (seccomp_bpf_load())
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8
>
> Are we detecting that a particular JIT code needs to call at least one
> function from the kernel at all ?
Currently we don't track such things and trying very hard to avoid
any special cases for classic vs extended.
> If the filter contains self-contained code (no call, just inline
> code), then we could use any room in whole vmalloc space,
> not only from the modules (which is something like 2GB total on x86_64)
I believe there was an effort to make bpf progs and other executable things
to be everywhere too, but I lost the track of it.
It's not that hard to tweak x64 jit to emit 64-bit calls to helpers
when delta between call insn and a helper is more than 32-bit that fits
into call insn. iirc there was even such patch floating around.
but what motivated you question? do you see 2GB space being full?!
Powered by blists - more mailing lists