Thread (30 messages) 30 messages, 6 authors, 2025-05-19

Re: [PATCH bpf-next v3 00/11] bpf: Mitigate Spectre v1 using barriers

From: Alexei Starovoitov <hidden>
Date: 2025-05-09 18:43:13
Also in: bpf, linux-arm-kernel, linux-kselftest, lkml

On Fri, May 9, 2025 at 11:39 AM [off-list ref] wrote:
Hello:

This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov [off-list ref]:

On Thu,  1 May 2025 09:35:51 +0200 you wrote:
quoted
This improves the expressiveness of unprivileged BPF by inserting
speculation barriers instead of rejecting the programs.

The approach was previously presented at LPC'24 [1] and RAID'24 [2].

To mitigate the Spectre v1 (PHT) vulnerability, the kernel rejects
potentially-dangerous unprivileged BPF programs as of
commit 9183671af6db ("bpf: Fix leakage under speculation on mispredicted
branches"). In [2], we have analyzed 364 object files from open source
projects (Linux Samples and Selftests, BCC, Loxilb, Cilium, libbpf
Examples, Parca, and Prevail) and found that this affects 31% to 54% of
programs.

[...]
Here is the summary with links:
  - [bpf-next,v3,01/11] selftests/bpf: Fix caps for __xlated/jited_unpriv
    https://git.kernel.org/bpf/bpf-next/c/cf15cdc0f0f3
  - [bpf-next,v3,02/11] bpf: Move insn if/else into do_check_insn()
    (no matching commit)
Applied the first patch only.
Waiting for respin of the rest.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help