Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1923499pxb;
        Thu, 28 Oct 2021 12:39:48 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwCLE5wdqg1hcaQVe6kBTy0DKHQCTjT5YDgHJ1plEPQ8bL6T5PTilyU/a07WrUCB1iK2vRf
X-Received: by 2002:a17:906:39b:: with SMTP id b27mr7732053eja.568.1635449987948;
        Thu, 28 Oct 2021 12:39:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1635449987; cv=none;
        d=google.com; s=arc-20160816;
        b=af0CMgm6JdnuqNaNMTqiBozHi3k7XUzNrYXaG0RqTrSZJK7pV+ScWmfAjOxYRSEmSc
         6n9UGCJ8k45vpsdixaMtdZAHRs5Dpq6yDzeRsbQ3ukDmRpSczzDd2oC1B1c/fW9w9zoA
         KwY5FWV6Q5MjfwtkBbeVccMk31IgsDpfjoo1gYUvFt//ZY54FJfIfbsv7SBf+1Qvsr6j
         1ALHJz7+nM3XxiCHhJdy8xm/utkj7OZVy3zOTfin3l898FeSFEmGglOK6ReskqZqdLTQ
         ZYbtbtXZcYVS0sH8TsLCiB1lY2xwFQ7lCvXJOXIbbTDVUx8hSdDdIiqjyp02oZ9JUjjD
         Rhxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=YiXWJSY/fNQJut2Cz+qB3BdxDWDJKO0pqgLfkht6r+0=;
        b=zaPCrRZIy/9y7H9ree4hWMjFcEyeJSzos8AezNdOncsADkwI+GSMXP1qJrMAskSNSe
         2b6qpbkHCQVcWsAmQLO4o1H/eqEDb2ZOmKqoBe2vfaJ9aVCL32vRpVFEi9iPoQmm9W4s
         MFMPtPPEMe95oxRCqkcsKocfg6C/+xQNGYPcQX0/ZNomDsIEBV+n2Z1HAyDWhUYC0/OU
         2oWyaJxRNgheMbRg/ziSA/nmFUnvSq1BOa01OmspcY5w9GJ/QzJuEb5cEvo+45hO8344
         FBuMy+GHKr94WDaMA8MfWE8/XZw6zyqp4g6daFhCda8U7/2NurbCcFSrVpKl1tGQ/S9c
         Dmmw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id qw18si6459532ejc.681.2021.10.28.12.39.23;
        Thu, 28 Oct 2021 12:39:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231229AbhJ1TjS (ORCPT <rfc822;m15259695263@gmail.com>
        + 99 others); Thu, 28 Oct 2021 15:39:18 -0400
Received: from mga03.intel.com ([134.134.136.65]:54081 "EHLO mga03.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S230293AbhJ1TjR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Oct 2021 15:39:17 -0400
X-IronPort-AV: E=McAfee;i="6200,9189,10151"; a="230450764"
X-IronPort-AV: E=Sophos;i="5.87,190,1631602800"; 
   d="scan'208";a="230450764"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2021 12:36:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.87,190,1631602800"; 
   d="scan'208";a="636321990"
Received: from gupta-dev2.jf.intel.com (HELO gupta-dev2.localdomain) ([10.54.74.119])
  by fmsmga001.fm.intel.com with ESMTP; 28 Oct 2021 12:36:38 -0700
Date:   Thu, 28 Oct 2021 12:38:56 -0700
From:   Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To:     Greg KH <gregkh@linuxfoundation.org>
Cc:     Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>, netdev@vger.kernel.org,
        bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
        antonio.gomez.iglesias@intel.com, tony.luck@intel.com,
        dave.hansen@linux.intel.com
Subject: Re: [PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on
 CONFIG_CPU_SPECTRE
Message-ID: <20211028193856.q6nuy6ugunkn42ui@gupta-dev2.localdomain>
References: <cover.1635383031.git.pawan.kumar.gupta@linux.intel.com>
 <882f5c31f48bac75ebaede2a0ec321ec67128229.1635383031.git.pawan.kumar.gupta@linux.intel.com>
 <YXo2SpgjcsDzsD9O@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Disposition: inline
In-Reply-To: <YXo2SpgjcsDzsD9O@kroah.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 28.10.2021 07:34, Greg KH wrote:
>On Wed, Oct 27, 2021 at 06:35:44PM -0700, Pawan Gupta wrote:
>> Disabling unprivileged BPF would help prevent unprivileged users from
>> creating the conditions required for potential speculative execution
>> side-channel attacks on affected hardware. A deep dive on such attacks
>> and mitigation is available here [1].
>>
>> If an architecture selects CONFIG_CPU_SPECTRE, disable unprivileged BPF
>> by default. An admin can enable this at runtime, if necessary.
>>
>> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
>>
>> [1] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
>
>This should go above the signed-off-by line, in the changelog text, not
>below it, otherwise our tools get confused when trying to apply it.

Thanks, I will fix it.