pull-request: bpf 2018-01-09

Tue, 09 Jan 2018 14:03:59 -0800 

Hi David,

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) Prevent out-of-bounds speculation in BPF maps by masking the
   index after bounds checks in order to fix spectre v1, and
   add an option BPF_JIT_ALWAYS_ON into Kconfig that allows for
   removing the BPF interpreter from the kernel in favor of
   JIT-only mode to make spectre v2 harder, from Alexei.

2) Remove false sharing of map refcount with max_entries which
   was used in spectre v1, from Daniel.

3) Add a missing NULL psock check in sockmap in order to fix
   a race, from John.

4) Fix test_align BPF selftest case since a recent change in
   verifier rejects the bit-wise arithmetic on pointers
   earlier but test_align update was missing, from Alexei.

Please consider pulling these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git

Thanks a lot!

----------------------------------------------------------------

The following changes since commit 5133550296d43236439494aa955bfb765a89f615:

  sh_eth: fix SH7757 GEther initialization (2018-01-05 13:59:18 -0500)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git 

for you to fetch changes up to 290af86629b25ffd1ed6232c4e9107da031705cb:

  bpf: introduce BPF_JIT_ALWAYS_ON config (2018-01-09 22:25:26 +0100)

----------------------------------------------------------------
Alexei Starovoitov (3):
      selftests/bpf: fix test_align
      bpf: prevent out-of-bounds speculation
      bpf: introduce BPF_JIT_ALWAYS_ON config

Daniel Borkmann (1):
      bpf: avoid false sharing of map refcount with max_entries

John Fastabend (1):
      bpf: sockmap missing NULL psock check

 include/linux/bpf.h                      | 26 ++++++++++++------
 init/Kconfig                             |  7 +++++
 kernel/bpf/arraymap.c                    | 47 ++++++++++++++++++++++++--------
 kernel/bpf/core.c                        | 19 +++++++++++++
 kernel/bpf/sockmap.c                     | 11 ++++++--
 kernel/bpf/verifier.c                    | 36 ++++++++++++++++++++++++
 lib/test_bpf.c                           | 11 +++++---
 net/core/filter.c                        |  6 ++--
 net/core/sysctl_net_core.c               |  6 ++++
 net/socket.c                             |  9 ++++++
 tools/testing/selftests/bpf/test_align.c | 22 +--------------
 11 files changed, 150 insertions(+), 50 deletions(-)

Reply via email to