diff options
| author | Daniel Sneddon <[email protected]> | 2025-05-05 21:35:12 +0000 |
|---|---|---|
| committer | Dave Hansen <[email protected]> | 2025-05-06 15:18:32 +0000 |
| commit | d4e89d212d401672e9cdfe825d947ee3a9fbe3f5 (patch) | |
| tree | 33b398ce7e7f2c1feff1887b293305dd75cff755 /net/unix/af_unix.c | |
| parent | Linux 6.15-rc5 (diff) | |
| download | kernel-d4e89d212d401672e9cdfe825d947ee3a9fbe3f5.tar.gz kernel-d4e89d212d401672e9cdfe825d947ee3a9fbe3f5.zip | |
x86/bpf: Call branch history clearing sequence on exit
Classic BPF programs have been identified as potential vectors for
intra-mode Branch Target Injection (BTI) attacks. Classic BPF programs can
be run by unprivileged users. They allow unprivileged code to execute
inside the kernel. Attackers can use unprivileged cBPF to craft branch
history in kernel mode that can influence the target of indirect branches.
Introduce a branch history buffer (BHB) clearing sequence during the JIT
compilation of classic BPF programs. The clearing sequence is the same as
is used in previous mitigations to protect syscalls. Since eBPF programs
already have their own mitigations in place, only insert the call on
classic programs that aren't run by privileged users.
Signed-off-by: Daniel Sneddon <[email protected]>
Signed-off-by: Pawan Gupta <[email protected]>
Signed-off-by: Dave Hansen <[email protected]>
Acked-by: Daniel Borkmann <[email protected]>
Reviewed-by: Alexandre Chartre <[email protected]>
Diffstat (limited to 'net/unix/af_unix.c')
0 files changed, 0 insertions, 0 deletions