Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel
From: Alexei Starovoitov
Date: Mon Jan 08 2018 - 11:13:22 EST
On Mon, Jan 08, 2018 at 02:42:13AM -0800, Paul Turner wrote:
>
> kernel->kernel independent of SMEP:
> While much harder to coordinate, facilities such as eBPF potentially
> allow exploitable return targets to be created.
> Generally speaking (particularly if eBPF has been disabled) the risk
> is _much_ lower here, since we can only return into kernel execution
> that was already occurring on another thread (which could e.g. likely
> be attacked there directly independent of RSB poisoning.)
we can remove bpf interpreter without losing features:
https://patchwork.ozlabs.org/patch/856694/
Ironically JIT is more secure than interpreter.