Attacking hardened Linux systems with kernel JIT spraying

There's no DOS happening here. The "spraying" part of this is just duplicating the BPF program as many times as possible in order to increase the likelihood of guessing a valid kernel address of the executable. Duplicating the JIT'd code is completely valid behavior.

Making sure JITs use bounded amounts of memory, don't generate infinite loops, etc. is pretty standard stuff.

From what I can tell, Renderscript is completely userspace. I would hope it doesn't allow for malicious generate GPU routines... That would be a pretty serious oversight.