Linux Kernel's BPF Fixed Up Against Spectre Vulnerability Bypass

phoronix

Administrator

Join Date: Jan 2007

Posts: 64848
- Share
- Tweet
#1

Linux Kernel's BPF Fixed Up Against Spectre Vulnerability Bypass

24 June 2021, 09:10 AM

Phoronix: Linux Kernel's BPF Fixed Up Against Spectre Vulnerability Bypass

With the latest mainline Git kernel as well as the newest stable point releases as of Wednesday, a Spectre issue with the kernel's BPF subsystem has been addressed...

Linux Kernel's BPF Fixed Up Against Spectre Vulnerability Bypass - Phoronix

https://www.phoronix.com/scan.php?page=news_item&px=Linux-BPF-Spectre-33624

Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
Tags: None

Likes 1
Developer12

Senior Member

Join Date: Dec 2019

Posts: 1237
- Share
- Tweet
#2

24 June 2021, 10:58 AM

How in the world did they manage to address this? They're handing control to the BPF program, thus the verifier step, so it's not like it's practical to insert fences everywhere.

Do they turn on IBRS and just leave it on or something? Does this only work for kernel-generated BPF programs? Does the verifier attempt to anticipate potential speculation and reject programs with potential issues? (wow that's a lot of false positives)
Comment

Announcement