Hello:
This series was applied to bpf/bpf-next.git (master) by Alexei Starovoitov ast@kernel.org:
On Thu, 1 May 2025 09:35:51 +0200 you wrote:
This improves the expressiveness of unprivileged BPF by inserting speculation barriers instead of rejecting the programs.
The approach was previously presented at LPC'24 [1] and RAID'24 [2].
To mitigate the Spectre v1 (PHT) vulnerability, the kernel rejects potentially-dangerous unprivileged BPF programs as of commit 9183671af6db ("bpf: Fix leakage under speculation on mispredicted branches"). In [2], we have analyzed 364 object files from open source projects (Linux Samples and Selftests, BCC, Loxilb, Cilium, libbpf Examples, Parca, and Prevail) and found that this affects 31% to 54% of programs.
[...]
Here is the summary with links: - [bpf-next,v3,01/11] selftests/bpf: Fix caps for __xlated/jited_unpriv https://git.kernel.org/bpf/bpf-next/c/cf15cdc0f0f3 - [bpf-next,v3,02/11] bpf: Move insn if/else into do_check_insn() (no matching commit) - [bpf-next,v3,03/11] bpf: Return -EFAULT on misconfigurations (no matching commit) - [bpf-next,v3,04/11] bpf: Return -EFAULT on internal errors (no matching commit) - [bpf-next,v3,05/11] bpf, arm64, powerpc: Add bpf_jit_bypass_spec_v1/v4() (no matching commit) - [bpf-next,v3,06/11] bpf, arm64, powerpc: Change nospec to include v1 barrier (no matching commit) - [bpf-next,v3,07/11] bpf: Rename sanitize_stack_spill to nospec_result (no matching commit) - [bpf-next,v3,08/11] bpf: Fall back to nospec for Spectre v1 (no matching commit) - [bpf-next,v3,09/11] selftests/bpf: Add test for Spectre v1 mitigation (no matching commit) - [bpf-next,v3,10/11] bpf: Allow nospec-protected var-offset stack access (no matching commit) - [bpf-next,v3,11/11] bpf: Fall back to nospec for sanitization-failures (no matching commit)
You are awesome, thank you!