bpf: Inherit system settings for CPU security mitigations - kernel

diff options

author	Yafang Shao <[email protected]>	2023-10-05 08:41:23 +0000
committer	Daniel Borkmann <[email protected]>	2023-10-06 18:16:44 +0000
commit	bc5bc309db45a7ab218ce8259ba9bc7659be61ca (patch)
tree	658e32196afca145b29b0c268385fd2a57046df1 /tools/testing/selftests/bpf/prog_tests/sockmap_basic.c
parent	bpf: Fix the comment for bpf_restore_data_end() (diff)
download	kernel-bc5bc309db45a7ab218ce8259ba9bc7659be61ca.tar.gz kernel-bc5bc309db45a7ab218ce8259ba9bc7659be61ca.zip

bpf: Inherit system settings for CPU security mitigations

Currently, there exists a system-wide setting related to CPU security mitigations, denoted as 'mitigations='. When set to 'mitigations=off', it deactivates all optional CPU mitigations. Therefore, if we implement a system-wide 'mitigations=off' setting, it should inherently bypass Spectre v1 and Spectre v4 in the BPF subsystem. Please note that there is also a more specific 'nospectre_v1' setting on x86 and ppc architectures, though it is not currently exported. For the time being, let's disregard more fine-grained options. This idea emerged during our discussion about potential Spectre v1 attacks with Luis [0]. [0] https://lore.kernel.org/bpf/[email protected] Signed-off-by: Yafang Shao <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Stanislav Fomichev <[email protected]> Acked-by: Song Liu <[email protected]> Acked-by: KP Singh <[email protected]> Cc: Luis Gerhorst <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]

Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/sockmap_basic.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: