linux/kernel/bpf at af86ca4e3088fe5eacf2f7e58c01fa68ca067672 - linux - MSD Gitea: Git with a cup of tea

leandrof/linux

Files

History

Alexei Starovoitov af86ca4e30 bpf: Prevent memory disambiguation attack

Detect code patterns where malicious 'speculative store bypass' can be used
and sanitize such patterns.

 39: (bf) r3 = r10
 40: (07) r3 += -216
 41: (79) r8 = *(u64 *)(r7 +0)   // slow read
 42: (7a) *(u64 *)(r10 -72) = 0  // verifier inserts this instruction
 43: (7b) *(u64 *)(r8 +0) = r3   // this store becomes slow due to r8
 44: (79) r1 = *(u64 *)(r6 +0)   // cpu speculatively executes this load
 45: (71) r2 = *(u8 *)(r1 +0)    // speculatively arbitrary 'load byte'
                                 // is now sanitized

Above code after x86 JIT becomes:
 e5: mov    %rbp,%rdx
 e8: add    $0xffffffffffffff28,%rdx
 ef: mov    0x0(%r13),%r14
 f3: movq   $0x0,-0x48(%rbp)
 fb: mov    %rdx,0x0(%r14)
 ff: mov    0x0(%rbx),%rdi
103: movzbq 0x0(%rdi),%rsi

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

2018-05-19 20:44:24 +02:00

..

arraymap.c

bpf: add schedule points in percpu arrays management

2018-02-22 21:27:06 +01:00

bpf_lru_list.c

bpf: lru: Lower the PERCPU_NR_SCANS from 16 to 4

2017-04-17 13:55:52 -04:00

bpf_lru_list.h

bpf: Only set node->ref = 1 if it has not been set

2017-09-01 09:57:39 -07:00

cgroup.c

bpf: Hooks for sys_bind

2018-03-31 02:15:18 +02:00

core.c

bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog

2018-04-11 01:01:40 +02:00

cpumap.c

bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()

2018-02-14 15:34:27 +01:00

devmap.c

bpf: add helper for copying attrs to struct bpf_map

2018-01-14 23:36:29 +01:00

disasm.c

bpf: Remove struct bpf_verifier_env argument from print_bpf_insn

2018-03-23 17:38:57 +01:00

disasm.h

bpf: Remove struct bpf_verifier_env argument from print_bpf_insn

2018-03-23 17:38:57 +01:00

hashtab.c

bpf: add helper for copying attrs to struct bpf_map

2018-01-14 23:36:29 +01:00

helpers.c

bpf: rename ARG_PTR_TO_STACK

2017-01-09 16:56:27 -05:00

inode.c

bpf: comment why dots in filenames under BPF virtual FS are not allowed

2018-03-09 10:30:30 +01:00

lpm_trie.c

bpf: fix rcu lockdep warning for lpm_trie map_free callback

2018-02-22 21:29:12 +01:00

Makefile

bpf: only build sockmap with CONFIG_INET

2018-01-04 19:01:14 +01:00

map_in_map.c

bpf: Add syscall lookup support for fd array and htab

2017-06-29 13:13:25 -04:00

map_in_map.h

bpf: Add syscall lookup support for fd array and htab

2017-06-29 13:13:25 -04:00

offload.c

bpf: offload: report device information about offloaded maps

2018-01-18 22:54:25 +01:00

percpu_freelist.c

bpf: fix lockdep splat

2017-11-15 19:46:32 +09:00

percpu_freelist.h

bpf: introduce percpu_freelist

2016-03-08 15:28:31 -05:00

sockmap.c

bpf: sockmap remove dead check

2018-04-20 22:09:51 +02:00

stackmap.c

bpf: extend stackmap to save binary_build_id+offset instead of address

2018-03-15 01:09:28 +01:00

syscall.c

kernel/bpf/syscall: fix warning defined but not used

2018-04-04 11:08:36 +02:00

tnum.c

bpf/verifier: track signed and unsigned min/max values

2017-08-08 17:51:34 -07:00

verifier.c

bpf: Prevent memory disambiguation attack

2018-05-19 20:44:24 +02:00