[PATCH bpf-next] bpf: Make trampolines W^X

Peter Zijlstra peterz at infradead.org
Tue Jan 7 09:11:32 UTC 2020


On Mon, Jan 06, 2020 at 02:13:18PM -0800, Alexei Starovoitov wrote:
> On Sun, Jan 05, 2020 at 10:33:54AM +0900, Andy Lutomirski wrote:
> > 
> > >> On Jan 4, 2020, at 8:03 PM, Justin Capella <justincapella at gmail.com> wrote:
> > > 
> > > I'm rather ignorant about this topic but it would make sense to check prior to making executable from a security standpoint wouldn't it? (In support of the (set_memory_ro + set_memory_x)
> > > 
> > 
> > Maybe, depends if it’s structured in a way that’s actually helpful from a security perspective.
> > 
> > It doesn’t help that set_memory_x and friends are not optimized at all. These functions are very, very, very slow and adversely affect all CPUs.
> 
> That was one of the reason it wasn't done in the first.
> Also ftrace trampoline break w^x as well.

Didn't I fix that?



More information about the Linux-security-module-archive mailing list