Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov :
On Thu, 1 May 2025 09:35:51 +0200 you wrote:
> This improves the expressiveness of unprivileged BPF by inserting
> speculation barriers instead of rejecting the programs.
>
> The approach was previously presented at LPC'24 [1] and RAID'24 [2].
>
> To mitigate the Spectre v1 (PHT) vulnerability, the kernel rejects
> potentially-dangerous unprivileged BPF programs as of
> commit 9183671af6db ("bpf: Fix leakage under speculation on mispredicted
> branches"). In [2], we have analyzed 364 object files from open source
> projects (Linux Samples and Selftests, BCC, Loxilb, Cilium, libbpf
> Examples, Parca, and Prevail) and found that this affects 31% to 54% of
> programs.
>
> [...]
Here is the summary with links:
- [bpf-next,v3,01/11] selftests/bpf: Fix caps for __xlated/jited_unpriv
https://git.kernel.org/bpf/bpf-next/c/cf15cdc0f0f3
- [bpf-next,v3,02/11] bpf: Move insn if/else into do_check_insn()
(no matching commit)
- [bpf-next,v3,03/11] bpf: Return -EFAULT on misconfigurations
(no matching commit)
- [bpf-next,v3,04/11] bpf: Return -EFAULT on internal errors
(no matching commit)
- [bpf-next,v3,05/11] bpf, arm64, powerpc: Add bpf_jit_bypass_spec_v1/v4()
(no matching commit)
- [bpf-next,v3,06/11] bpf, arm64, powerpc: Change nospec to include v1 barrier
(no matching commit)
- [bpf-next,v3,07/11] bpf: Rename sanitize_stack_spill to nospec_result
(no matching commit)
- [bpf-next,v3,08/11] bpf: Fall back to nospec for Spectre v1
(no matching commit)
- [bpf-next,v3,09/11] selftests/bpf: Add test for Spectre v1 mitigation
(no matching commit)
- [bpf-next,v3,10/11] bpf: Allow nospec-protected var-offset stack access
(no matching commit)
- [bpf-next,v3,11/11] bpf: Fall back to nospec for sanitization-failures
(no matching commit)
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
