bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Yafang Shao <laoar.shao@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	 John Fastabend <john.fastabend@gmail.com>,
	Andrii Nakryiko <andrii@kernel.org>,
	 Martin KaFai Lau <martin.lau@linux.dev>,
	Song Liu <song@kernel.org>,
	 Yonghong Song <yonghong.song@linux.dev>,
	KP Singh <kpsingh@kernel.org>,
	 Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>,  bpf <bpf@vger.kernel.org>,
	Luis Gerhorst <gerhorst@cs.fau.de>
Subject: Re: [PATCH bpf-next] bpf: Inherit system settings for CPU security mitigations
Date: Thu, 19 Oct 2023 17:42:46 -0700	[thread overview]
Message-ID: <CAADnVQKUBJqg+hHtbLeeC2jhoJAWqnmRAzXW3hmUCNSV9kx4sQ@mail.gmail.com> (raw)
In-Reply-To: <20231005084123.1338-1-laoar.shao@gmail.com>

On Thu, Oct 5, 2023 at 1:41 AM Yafang Shao <laoar.shao@gmail.com> wrote:
>
> Currently, there exists a system-wide setting related to CPU security
> mitigations, denoted as 'mitigations='. When set to 'mitigations=off', it
> deactivates all optional CPU mitigations. Therefore, if we implement a
> system-wide 'mitigations=off' setting, it should inherently bypass Spectre
> v1 and Spectre v4 in the BPF subsystem.
>
> Please note that there is also a 'nospectre_v1' setting on x86 and ppc
> architectures, though it is not currently exported. For the time being,
> let's disregard it.
>
> This idea emerged during our discussion about potential Spectre v1 attacks
> with Luis[1].
>
> [1]. https://lore.kernel.org/bpf/b4fc15f7-b204-767e-ebb9-fdb4233961fb@iogearbox.net/
>
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Cc: Luis Gerhorst <gerhorst@cs.fau.de>
> ---
>  include/linux/bpf.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index a82efd34b741..61bde4520f5c 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -2164,12 +2164,12 @@ static inline bool bpf_allow_uninit_stack(void)
>
>  static inline bool bpf_bypass_spec_v1(void)
>  {
> -       return perfmon_capable();
> +       return perfmon_capable() || cpu_mitigations_off();
>  }
>
>  static inline bool bpf_bypass_spec_v4(void)
>  {
> -       return perfmon_capable();
> +       return perfmon_capable() || cpu_mitigations_off();
>  }

Yafang,

this patch breaks several
test_progs -t verifier

tests when system is booted with mitigations=off command line.

Please follow up with a patch to fix this.

As you noticed cpu_mitigations_off() is not quite right here.
The system might have booted without that command line, but
spec_v1 and spec_v4 mitigations are turned off.
Unfortunately there is no good way to check that atm.
Have you seen this patch set ?
https://lore.kernel.org/all/20231019181158.1982205-1-leitao@debian.org/
Please take a look at it and comment if you think it will help.

In the meantime please fix test_progs -t verifier

Thanks

  parent reply	other threads:[~2023-10-20  0:43 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-05  8:41 [PATCH bpf-next] bpf: Inherit system settings for CPU security mitigations Yafang Shao
2023-10-05 17:24 ` Stanislav Fomichev
2023-10-05 18:01 ` Song Liu
2023-10-05 23:30   ` KP Singh
2023-10-06 16:55     ` Daniel Borkmann
2023-10-06 18:20 ` patchwork-bot+netdevbpf
2023-10-11 22:53 ` Andrii Nakryiko
2023-10-12  2:29   ` Yafang Shao
2023-10-12  4:42     ` Andrii Nakryiko
2023-10-20  0:42 ` Alexei Starovoitov [this message]
2023-10-20  2:35   ` Yafang Shao
2023-10-22  9:26   ` [PATCH bpf-next] selftests/bpf: Fix selftests broken by mitigations=off Yafang Shao
2023-10-22  9:49     ` [PATCH v2 " Yafang Shao
2023-10-22 10:05       ` Yafang Shao
2023-10-25  3:11   ` [PATCH v3 " Yafang Shao
2023-10-25  4:56     ` Yonghong Song
2023-10-26 13:46       ` Daniel Borkmann
2023-10-26 16:54         ` Yonghong Song
2023-10-26 13:50     ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAADnVQKUBJqg+hHtbLeeC2jhoJAWqnmRAzXW3hmUCNSV9kx4sQ@mail.gmail.com \
    --to=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=gerhorst@cs.fau.de \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=laoar.shao@gmail.com \
    --cc=martin.lau@linux.dev \
    --cc=sdf@google.com \
    --cc=song@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).