On 9/19/23 10:39 AM, Alexei Starovoitov wrote:
On Tue, Sep 19, 2023 at 1:34 AM Greg KH gregkh@linuxfoundation.org wrote:
On Tue, Sep 19, 2023 at 08:26:28AM +0200, Daniel Borkmann wrote:
On 9/16/23 1:35 PM, Greg KH wrote:
On Thu, Sep 14, 2023 at 08:51:32AM +0000, Luis Gerhorst wrote:
6.1-stable review patch. If anyone has any objections, please let me know.
From: Yafang Shao laoar.shao@gmail.com
commit d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 upstream.
I unfortunately have objections, they are pending discussion at [1].
Same applies to the 6.4-stable review patch [2] and all other backports.
[1] https://lore.kernel.org/bpf/20230913122827.91591-1-gerhorst@amazon.de/ [2] https://lore.kernel.org/stable/20230911134709.834278248@linuxfoundation.org/
As this is in the tree already, and in Linus's tree, I'll wait to see if any changes are merged into Linus's tree for this before removing it from the stable trees.
Let us know if there's a commit that resolves this and we will be glad to queue that up.
Commit d75e30dddf73 ("bpf: Fix issue in verifying allow_ptr_leaks") is not stable material. It's not really a "fix", but it will simply make direct packet access available to applications without CAP_PERFMON - the latter was required so far given Spectre v1. However, there is ongoing discussion [1] that potentially not much useful information can be leaked out and therefore lifting it may or may not be ok. If we queue this to stable and later figure we need to revert the whole thing again because someone managed to come up with a PoC in the meantime, then there's higher risk of breakage.
Ick, ok, so just this one commit should be reverted? Or any others as well?
I don't think revert is necessary. Just don't backport any further.
Yeah agree lets not backport further.