>From a glance on the BPF patches that deal with the speculative execution issues, I do not see any regard to direct packet access. I would presume a malicious user might access memory beyond PTR_TO_PACKET_END and leak the databy exploiting the speculative execution.
Am I wrong in my understanding? Is it one of the patches that is in progress? Thanks, Nadav Brenden Blanco via iovisor-dev <iovisor-dev@lists.iovisor.org> wrote: > Hi All, > > Thanks for attending today. Below you will find my notes from the call. > > Cheers, > Brenden > > === Status === > > Alexei: > - Security updates for BPF > - Patching uses of BPF for speculative execution > - variant 1, one more patch in progress > - variant 2, option to toggle off interpreter > > Yonghong: > - Fixes for bcc > - kernel fixes for get next key > - stack map iteration > - goal: keep consistent with hash map iteration > - issues for usdt, probe name overlap > > Brenden: > - Some work on CTF generation > > Daniel: > - Working on spectre patches and bugfixes > > JohnF: > - sockmap tx hook > - monitor sendmsg/sendpage > - sample improvements to ease development/debugging/benchmarking > > Jesper: > - xdp rx queue merged > - tracking followup fixes > - need to extend for memory return api > - todo: cpumap for generic xdp > - add cpumap support into suricata > - xdp_data_meta - want to combine skb->mark+cpumap to fine tune multicore > handling of packets > > > === Attendees === > Brenden Blanco > Alexander Duyck > Daniel Borkmann > Edwin Peer > Jakub Kicinski > Jesper Brouer > Jiong Wang > Quentin Monnet > Sandipan > Marco Leogrande > Mauricio Vasquez > Nic Viljoen > Andy Gospodarek > Maciej Fijalkowski > Yonghong Song > Rony Efraim > Alexei Starovoitov > Gordon Marler > John Fastabend > _______________________________________________ > iovisor-dev mailing list > iovisor-dev@lists.iovisor.org > https://lists.iovisor.org/mailman/listinfo/iovisor-dev _______________________________________________ iovisor-dev mailing list iovisor-dev@lists.iovisor.org https://lists.iovisor.org/mailman/listinfo/iovisor-dev
