Re: [PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on CONFIG_CPU_SPECTRE

From: Greg KH
Date: Thu Oct 28 2021 - 01:34:12 EST

Next message: Alexandre Ghiti: "Re: [PATCH 1/2] riscv: Fix asan-stack clang build"
Previous message: Stephen Rothwell: "linux-next: manual merge of the ftrace tree with Linus' tree"
In reply to: Pawan Gupta: "[PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on CONFIG_CPU_SPECTRE"
Next in thread: Pawan Gupta: "Re: [PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on CONFIG_CPU_SPECTRE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 27, 2021 at 06:35:44PM -0700, Pawan Gupta wrote:
> Disabling unprivileged BPF would help prevent unprivileged users from
> creating the conditions required for potential speculative execution
> side-channel attacks on affected hardware. A deep dive on such attacks
> and mitigation is available here [1].
>
> If an architecture selects CONFIG_CPU_SPECTRE, disable unprivileged BPF
> by default. An admin can enable this at runtime, if necessary.
>
> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
>
> [1] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf

This should go above the signed-off-by line, in the changelog text, not
below it, otherwise our tools get confused when trying to apply it.

thanks,

greg k-h

Next message: Alexandre Ghiti: "Re: [PATCH 1/2] riscv: Fix asan-stack clang build"
Previous message: Stephen Rothwell: "linux-next: manual merge of the ftrace tree with Linus' tree"
In reply to: Pawan Gupta: "[PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on CONFIG_CPU_SPECTRE"
Next in thread: Pawan Gupta: "Re: [PATCH ebpf v2 2/2] bpf: Make unprivileged bpf depend on CONFIG_CPU_SPECTRE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]