| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id:
<174681603001.3715348.12288999798860158953.git-patchwork-notify@kernel.org>
Date: Fri, 09 May 2025 18:40:30 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Luis Gerhorst <luis.gerhorst@....de>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, puranjay@...nel.org,
xukuohai@...weicloud.com, catalin.marinas@....com, will@...nel.org,
hbathini@...ux.ibm.com, christophe.leroy@...roup.eu, naveen@...nel.org,
maddy@...ux.ibm.com, mpe@...erman.id.au, npiggin@...il.com, mykolal@...com,
shuah@...nel.org, henriette.herzog@....de, skb99@...ux.ibm.com,
cupertino.miranda@...cle.com, mrpre@....com, m.shachnai@...il.com,
dimitar.kanaliev@...eground.com, shung-hsi.yu@...e.com, dxu@...uu.xyz,
bpf@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH bpf-next v3 00/11] bpf: Mitigate Spectre v1 using barriers
Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@...nel.org>:
On Thu, 1 May 2025 09:35:51 +0200 you wrote:
> This improves the expressiveness of unprivileged BPF by inserting
> speculation barriers instead of rejecting the programs.
>
> The approach was previously presented at LPC'24 [1] and RAID'24 [2].
>
> To mitigate the Spectre v1 (PHT) vulnerability, the kernel rejects
> potentially-dangerous unprivileged BPF programs as of
> commit 9183671af6db ("bpf: Fix leakage under speculation on mispredicted
> branches"). In [2], we have analyzed 364 object files from open source
> projects (Linux Samples and Selftests, BCC, Loxilb, Cilium, libbpf
> Examples, Parca, and Prevail) and found that this affects 31% to 54% of
> programs.
>
> [...]
Here is the summary with links:
- [bpf-next,v3,01/11] selftests/bpf: Fix caps for __xlated/jited_unpriv
https://git.kernel.org/bpf/bpf-next/c/cf15cdc0f0f3
- [bpf-next,v3,02/11] bpf: Move insn if/else into do_check_insn()
(no matching commit)
- [bpf-next,v3,03/11] bpf: Return -EFAULT on misconfigurations
(no matching commit)
- [bpf-next,v3,04/11] bpf: Return -EFAULT on internal errors
(no matching commit)
- [bpf-next,v3,05/11] bpf, arm64, powerpc: Add bpf_jit_bypass_spec_v1/v4()
(no matching commit)
- [bpf-next,v3,06/11] bpf, arm64, powerpc: Change nospec to include v1 barrier
(no matching commit)
- [bpf-next,v3,07/11] bpf: Rename sanitize_stack_spill to nospec_result
(no matching commit)
- [bpf-next,v3,08/11] bpf: Fall back to nospec for Spectre v1
(no matching commit)
- [bpf-next,v3,09/11] selftests/bpf: Add test for Spectre v1 mitigation
(no matching commit)
- [bpf-next,v3,10/11] bpf: Allow nospec-protected var-offset stack access
(no matching commit)
- [bpf-next,v3,11/11] bpf: Fall back to nospec for sanitization-failures
(no matching commit)
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists