Article 73TT7 [$] No hardware memory isolation for BPF programs

[$] No hardware memory isolation for BPF programs

by
daroc
from LWN.net on (#73TT7)

On February12, Yeoreum Yun posted asuggestionfor an improvement to the security of the kernel's BPF implementation: usememory protection keys to prevent unauthorized access to memory by BPFprograms.Yun wanted to put the topic on the list for discussion at the LinuxStorage, Filesystem, Memory Management, and BPF Summit in May, but thelack of engagement makes that unlikely. They also have a patch set implementingsome of the proposed changes, but has not yet shared that with the mailing list.Yun's proposal does not seem likely to be accepted in itscurrent form, but the kernel hasadded hardware-based hardening options in thepast, sometimes after substantial discussion.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments