On Fri, Jan 13, 2017 at 10:40:01PM +0530, Naveen N. Rao wrote: > With bpf_jit_binary_alloc(), we allocate at a page granularity and fill > the rest of the space with illegal instructions to mitigate BPF spraying > attacks, while having the actual JIT'ed BPF program at a random location > within the allocated space. Under this scenario, it would be better to > flush the entire allocated buffer rather than just the part containing > the actual program. We already flush the buffer from start to the end of > the BPF program. Extend this to include the illegal instructions after > the BPF program. > > Signed-off-by: Naveen N. Rao <naveen.n....@linux.vnet.ibm.com>
Acked-by: Alexei Starovoitov <a...@kernel.org>
