Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752331AbeAEQiq (ORCPT + 1 other); Fri, 5 Jan 2018 11:38:46 -0500 Received: from mail-oi0-f67.google.com ([209.85.218.67]:34378 "EHLO mail-oi0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751991AbeAEQio (ORCPT ); Fri, 5 Jan 2018 11:38:44 -0500 X-Google-Smtp-Source: ACJfBosezMAJz6dt5+tMAkp9kXOzNWa+o0r8guCmu/bzgoDuH7SPYiRwFDZ7blgTZ1IVIJBgbVSvKOpBius5fhIOudU= MIME-Version: 1.0 In-Reply-To: <20180105145750.53294-5-mark.rutland@arm.com> References: <20180105145750.53294-1-mark.rutland@arm.com> <20180105145750.53294-5-mark.rutland@arm.com> From: Dan Williams Date: Fri, 5 Jan 2018 08:38:43 -0800 Message-ID: Subject: Re: [RFCv2 4/4] bpf: inhibit speculated out-of-bounds pointers To: Mark Rutland Cc: Linux Kernel Mailing List , linux-arch@vger.kernel.org, Elena Reshetova , Jonathan Corbet , Alan Cox , Peter Zijlstra , Will Deacon , Greg KH , Thomas Gleixner Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Fri, Jan 5, 2018 at 6:57 AM, Mark Rutland wrote: > Note: this patch is an *example* use of the nospec API. It is understood > that this is incomplete, etc. > > Under speculation, CPUs may mis-predict branches in bounds checks. Thus, > memory accesses under a bounds check may be speculated even if the > bounds check fails, providing a primitive for building a side channel. > > The EBPF map code has a number of such bounds-checks accesses in > map_lookup_elem implementations. This patch modifies these to use the > nospec helpers to inhibit such side channels. > > The JITted lookup_elem implementations remain potentially vulnerable, > and are disabled (with JITted code falling back to the C > implementations). Do we still need this given this patch from the bpf folks: https://patchwork.ozlabs.org/patch/855911/ ?