Hello:
This series was applied to bpf/bpf-next.git (master) by Alexei Starovoitov ast@kernel.org:
On Tue, 3 Jun 2025 22:57:51 +0200 you wrote:
This improves the expressiveness of unprivileged BPF by inserting speculation barriers instead of rejecting the programs.
The approach was previously presented at LPC'24 [1] and RAID'24 [2].
To mitigate the Spectre v1 (PHT) vulnerability, the kernel rejects potentially-dangerous unprivileged BPF programs as of commit 9183671af6db ("bpf: Fix leakage under speculation on mispredicted branches"). In [2], we have analyzed 364 object files from open source projects (Linux Samples and Selftests, BCC, Loxilb, Cilium, libbpf Examples, Parca, and Prevail) and found that this affects 31% to 54% of programs.
[...]
Here is the summary with links: - [bpf-next,v4,1/9] bpf: Move insn if/else into do_check_insn() https://git.kernel.org/bpf/bpf-next/c/8b7df50fd40d - [bpf-next,v4,2/9] bpf: Return -EFAULT on misconfigurations https://git.kernel.org/bpf/bpf-next/c/fd508bde5d64 - [bpf-next,v4,3/9] bpf: Return -EFAULT on internal errors https://git.kernel.org/bpf/bpf-next/c/6b84d7895d78 - [bpf-next,v4,4/9] bpf, arm64, powerpc: Add bpf_jit_bypass_spec_v1/v4() https://git.kernel.org/bpf/bpf-next/c/03c68a0f8c68 - [bpf-next,v4,5/9] bpf, arm64, powerpc: Change nospec to include v1 barrier https://git.kernel.org/bpf/bpf-next/c/dff883d9e93a - [bpf-next,v4,6/9] bpf: Rename sanitize_stack_spill to nospec_result https://git.kernel.org/bpf/bpf-next/c/9124a4508007 - [bpf-next,v4,7/9] bpf: Fall back to nospec for Spectre v1 https://git.kernel.org/bpf/bpf-next/c/d6f1c85f2253 - [bpf-next,v4,8/9] selftests/bpf: Add test for Spectre v1 mitigation https://git.kernel.org/bpf/bpf-next/c/4a8765d9a527 - [bpf-next,v4,9/9] bpf: Fall back to nospec for sanitization-failures (no matching commit)
You are awesome, thank you!