Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1774145pxb; Thu, 28 Oct 2021 09:46:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxIyyaEhYPi1rCY+v8taXN9NhwVNmw44M5ViNPIw/WaMM1LStJCn+8tm/7+TsIeFEoMoUPd X-Received: by 2002:a17:902:c443:b0:13f:5507:bdc7 with SMTP id m3-20020a170902c44300b0013f5507bdc7mr4974343plm.50.1635439602516; Thu, 28 Oct 2021 09:46:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635439602; cv=none; d=google.com; s=arc-20160816; b=GTkwvBPaGuRJrgWsEcSwCc3C0mte2eV522YH+95K3JWvv1s03NH9HMtY78UAvVV0B2 IxM5QupOIOKsFTiz0TjAkCA7w3Wq62VdJ+xj5vGQO4ZuAft6loy2aNB/pLdEbB66ps3w iRon/+vG0PR29fORQ33QRSSWaTA3Wh9wn70fR4bbB9fe3TcOQ2SDEHfYm+WyYdC3xy5T qIZiqt/gl8UeY6EBog0Dtb7kEVXijBtq12nYM1GdeGN0hkNCft75mY4v8NzL/3sSTSr3 erU3KJ6wKcTAnZIZ5NxMeBDaysQ0xle2KyJmgqPaC5bQOtzOGsEoV79d8n7Abn/5wA7c F87w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6OejLqIUyfFtAHs2p2xmwN7w0aIS3KfjYrTDvAIz41U=; b=XeFhywup+p51fpZ/XVZvoQGtmShmakKTMgSrbQBU05VNYIfOPfKn0LJQ24fDLAS/Lz 7EfcNyOSeeECPwnG8N+4SmIyJF2CjWlRlw/XpytXmdE1+mh2467724TuHfSqG5/+z+Up YoxVqJDfVJkW9XCJ/nXueOsa+FrPsY/9yI+2IXsdGRM7Jy377OKAeNdu0aQfTT8FyydN u1sNFwj8imoVU/cHOft8Z5mTaviG7Pfww9U67WN+fwBSNI5GZ6osqEM1GmgEHkvqxSgr p/mW1ZSERWQIyuDY7jSKy7yQuniX+WpZJITJY+EvhOn1Q8DzuJaxiAPAvMu6EEgL6zOF QVqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oYsQujqu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c21si4172830pls.149.2021.10.28.09.46.29; Thu, 28 Oct 2021 09:46:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=oYsQujqu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230367AbhJ1QrO (ORCPT + 99 others); Thu, 28 Oct 2021 12:47:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:57554 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230248AbhJ1QrM (ORCPT ); Thu, 28 Oct 2021 12:47:12 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4E63D610CF; Thu, 28 Oct 2021 16:44:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635439484; bh=2D513u3iMnBxIdPsGPCHooAjqpmHDe+3f0GBU3JGh3A=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=oYsQujquaZ7SSzH30NiEEYdeNyJO4DDq1x8gTTr3ENbRIFYsRDucetesNWYTM7AO+ A25L39UTJEbJdzU+QufCl5Qd/34YzGm9oV3PQGA/Wx2JKHFlcw6xOklEo9y5oaLHUg cZH4qZPli1T01qvOM4aAcpq6otiGKbrOHK5QpV2s= Date: Thu, 28 Oct 2021 18:44:42 +0200 From: Greg KH To: Mark Rutland Cc: Pawan Gupta , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, antonio.gomez.iglesias@intel.com, tony.luck@intel.com, dave.hansen@linux.intel.com Subject: Re: [PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on CONFIG_CPU_SPECTRE Message-ID: References: <882f5c31f48bac75ebaede2a0ec321ec67128229.1635383031.git.pawan.kumar.gupta@linux.intel.com> <20211028135751.GA41384@lakrids.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211028135751.GA41384@lakrids.cambridge.arm.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 28, 2021 at 02:57:51PM +0100, Mark Rutland wrote: > On Wed, Oct 27, 2021 at 06:35:44PM -0700, Pawan Gupta wrote: > > Disabling unprivileged BPF would help prevent unprivileged users from > > creating the conditions required for potential speculative execution > > side-channel attacks on affected hardware. A deep dive on such attacks > > and mitigation is available here [1]. > > > > If an architecture selects CONFIG_CPU_SPECTRE, disable unprivileged BPF > > by default. An admin can enable this at runtime, if necessary. > > > > Signed-off-by: Pawan Gupta > > > > [1] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf > > --- > > kernel/bpf/Kconfig | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig > > index a82d6de86522..510a5a73f9a2 100644 > > --- a/kernel/bpf/Kconfig > > +++ b/kernel/bpf/Kconfig > > @@ -64,6 +64,7 @@ config BPF_JIT_DEFAULT_ON > > > > config BPF_UNPRIV_DEFAULT_OFF > > bool "Disable unprivileged BPF by default" > > + default y if CPU_SPECTRE > > Why can't this just be "default y"? Because not all arches are broken. > This series makes that the case on x86, and if SW is going to have to > deal with that we may as well do that everywhere, and say that on all > architectures we leave it to the sysadmin or kernel builder to optin to > permitting unprivileged BPF. > > If we can change the default for x86 I see no reason we can't change > this globally, and we avoid tying this to CPU_SPECTRE specifically. No, this is a spectre-like issue only, if you have hardware that does not have these types of issues, why wouldn't this be ok to be disabled? thanks, greg k-h