| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250224203619.594724-1-luis.gerhorst@fau.de>
Date: Mon, 24 Feb 2025 21:36:10 +0100
From: Luis Gerhorst <luis.gerhorst@....de>
To: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Eduard Zingerman <eddyz87@...il.com>,
Song Liu <song@...nel.org>,
Yonghong Song <yonghong.song@...ux.dev>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>,
Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>,
Puranjay Mohan <puranjay@...nel.org>,
Xu Kuohai <xukuohai@...weicloud.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Mykola Lysenko <mykolal@...com>,
Shuah Khan <shuah@...nel.org>,
Luis Gerhorst <luis.gerhorst@....de>,
Henriette Herzog <henriette.herzog@....de>,
Cupertino Miranda <cupertino.miranda@...cle.com>,
Matan Shachnai <m.shachnai@...il.com>,
Dimitar Kanaliev <dimitar.kanaliev@...eground.com>,
Shung-Hsi Yu <shung-hsi.yu@...e.com>,
Daniel Xu <dxu@...uu.xyz>,
bpf@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: [RFC PATCH 0/9] bpf: Mitigate Spectre v1 using speculation barriers
This improves the expressiveness of unprivileged BPF by inserting
speculation barriers instead of rejcting the programs.
The approach was presented at LPC'24:
https://lpc.events/event/18/contributions/1954/ ("Mitigating
Spectre-PHT using Speculation Barriers in Linux eBPF")
and RAID'24:
https://arxiv.org/pdf/2405.00078 ("VeriFence: Lightweight and Precise
Spectre Defenses for Untrusted Linux Kernel Extensions")
Goal of this RFC is to get feedback on the approach and the structuring
into commits.
TODOs to be fixed for final version:
* actually emit arm64 barrier
* fix unexpected_load_success from test_progs for "bpf: Fall back to nospec for sanitization-failures"
* use bpf-next as base commit
Luis Gerhorst (9):
bpf/arm64: Unset bypass_spec_v4() instead of ignoring BPF_NOSPEC
bpf: Refactor do_check() if/else into do_check_insn()
bpf: Return EFAULT on misconfigurations
bpf: Return EFAULT on internal errors
bpf: Fall back to nospec if v1 verification fails
bpf: Allow nospec-protected var-offset stack access
bpf: Refactor push_stack to return error code
bpf: Fall back to nospec for sanitization-failures
bpf: Cut speculative path verification short
arch/arm64/net/bpf_jit_comp.c | 10 +-
include/linux/bpf.h | 14 +-
include/linux/bpf_verifier.h | 3 +-
kernel/bpf/core.c | 17 +-
kernel/bpf/verifier.c | 832 ++++++++++--------
.../selftests/bpf/progs/verifier_and.c | 3 +-
.../selftests/bpf/progs/verifier_bounds.c | 30 +-
.../selftests/bpf/progs/verifier_movsx.c | 6 +-
.../selftests/bpf/progs/verifier_unpriv.c | 3 +-
.../bpf/progs/verifier_value_ptr_arith.c | 11 +-
10 files changed, 520 insertions(+), 409 deletions(-)
base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6
--
2.48.1
Powered by blists - more mailing lists