]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6834bd7) | patch
bpf: prevent speculative execution in eBPF interpreter
authorElena Reshetova <elena.reshetova@intel.com>
Mon, 4 Sep 2017 10:11:44 +0000 (13:11 +0300)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Thu, 11 Jan 2018 18:49:41 +0000 (19:49 +0100)
commitdd13f73106c260dea7a689d33d1457639af820aa
treebb7c312ee77afffca366ae29a470d504f82fac27tree
parent6834bd7e6159da957a6c01deebf16132a694bc23commit | diff
bpf: prevent speculative execution in eBPF interpreter

CVE-2017-5753
CVE-2017-5715

This adds a generic memory barrier before LD_IMM_DW and
LDX_MEM_B/H/W/DW eBPF instructions during eBPF program
execution in order to prevent speculative execution on out
of bound BFP_MAP array indexes. This way an arbitary kernel
memory is not exposed through side channel attacks.

For more details, please see this Google Project Zero report: tbd

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
kernel/bpf/core.c diff | blob | blame | history
Ubuntu Artful kernel mirror