Re: [PATCH bpf-next v3 00/11] bpf: Mitigate Spectre v1 using barriers
From: Alexei Starovoitov <hidden>
Date: 2025-05-09 18:43:13
Also in:
bpf, linux-arm-kernel, linux-kselftest, lkml
From: Alexei Starovoitov <hidden>
Date: 2025-05-09 18:43:13
Also in:
bpf, linux-arm-kernel, linux-kselftest, lkml
On Fri, May 9, 2025 at 11:39 AM [off-list ref] wrote:
Hello: This series was applied to bpf/bpf-next.git (master) by Alexei Starovoitov [off-list ref]: On Thu, 1 May 2025 09:35:51 +0200 you wrote:quoted
This improves the expressiveness of unprivileged BPF by inserting speculation barriers instead of rejecting the programs. The approach was previously presented at LPC'24 [1] and RAID'24 [2]. To mitigate the Spectre v1 (PHT) vulnerability, the kernel rejects potentially-dangerous unprivileged BPF programs as of commit 9183671af6db ("bpf: Fix leakage under speculation on mispredicted branches"). In [2], we have analyzed 364 object files from open source projects (Linux Samples and Selftests, BCC, Loxilb, Cilium, libbpf Examples, Parca, and Prevail) and found that this affects 31% to 54% of programs. [...]Here is the summary with links: - [bpf-next,v3,01/11] selftests/bpf: Fix caps for __xlated/jited_unpriv https://git.kernel.org/bpf/bpf-next/c/cf15cdc0f0f3 - [bpf-next,v3,02/11] bpf: Move insn if/else into do_check_insn() (no matching commit)
Applied the first patch only. Waiting for respin of the rest.