From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Yafang Shao <laoar.shao@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, bpf <bpf@vger.kernel.org>,
Luis Gerhorst <gerhorst@cs.fau.de>
Subject: Re: [PATCH bpf-next] bpf: Inherit system settings for CPU security mitigations
Date: Thu, 19 Oct 2023 17:42:46 -0700 [thread overview]
Message-ID: <CAADnVQKUBJqg+hHtbLeeC2jhoJAWqnmRAzXW3hmUCNSV9kx4sQ@mail.gmail.com> (raw)
In-Reply-To: <20231005084123.1338-1-laoar.shao@gmail.com>
On Thu, Oct 5, 2023 at 1:41 AM Yafang Shao <laoar.shao@gmail.com> wrote:
>
> Currently, there exists a system-wide setting related to CPU security
> mitigations, denoted as 'mitigations='. When set to 'mitigations=off', it
> deactivates all optional CPU mitigations. Therefore, if we implement a
> system-wide 'mitigations=off' setting, it should inherently bypass Spectre
> v1 and Spectre v4 in the BPF subsystem.
>
> Please note that there is also a 'nospectre_v1' setting on x86 and ppc
> architectures, though it is not currently exported. For the time being,
> let's disregard it.
>
> This idea emerged during our discussion about potential Spectre v1 attacks
> with Luis[1].
>
> [1]. https://lore.kernel.org/bpf/b4fc15f7-b204-767e-ebb9-fdb4233961fb@iogearbox.net/
>
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Cc: Luis Gerhorst <gerhorst@cs.fau.de>
> ---
> include/linux/bpf.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index a82efd34b741..61bde4520f5c 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -2164,12 +2164,12 @@ static inline bool bpf_allow_uninit_stack(void)
>
> static inline bool bpf_bypass_spec_v1(void)
> {
> - return perfmon_capable();
> + return perfmon_capable() || cpu_mitigations_off();
> }
>
> static inline bool bpf_bypass_spec_v4(void)
> {
> - return perfmon_capable();
> + return perfmon_capable() || cpu_mitigations_off();
> }
Yafang,
this patch breaks several
test_progs -t verifier
tests when system is booted with mitigations=off command line.
Please follow up with a patch to fix this.
As you noticed cpu_mitigations_off() is not quite right here.
The system might have booted without that command line, but
spec_v1 and spec_v4 mitigations are turned off.
Unfortunately there is no good way to check that atm.
Have you seen this patch set ?
https://lore.kernel.org/all/20231019181158.1982205-1-leitao@debian.org/
Please take a look at it and comment if you think it will help.
In the meantime please fix test_progs -t verifier
Thanks
next prev parent reply other threads:[~2023-10-20 0:43 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-05 8:41 [PATCH bpf-next] bpf: Inherit system settings for CPU security mitigations Yafang Shao
2023-10-05 17:24 ` Stanislav Fomichev
2023-10-05 18:01 ` Song Liu
2023-10-05 23:30 ` KP Singh
2023-10-06 16:55 ` Daniel Borkmann
2023-10-06 18:20 ` patchwork-bot+netdevbpf
2023-10-11 22:53 ` Andrii Nakryiko
2023-10-12 2:29 ` Yafang Shao
2023-10-12 4:42 ` Andrii Nakryiko
2023-10-20 0:42 ` Alexei Starovoitov [this message]
2023-10-20 2:35 ` Yafang Shao
2023-10-22 9:26 ` [PATCH bpf-next] selftests/bpf: Fix selftests broken by mitigations=off Yafang Shao
2023-10-22 9:49 ` [PATCH v2 " Yafang Shao
2023-10-22 10:05 ` Yafang Shao
2023-10-25 3:11 ` [PATCH v3 " Yafang Shao
2023-10-25 4:56 ` Yonghong Song
2023-10-26 13:46 ` Daniel Borkmann
2023-10-26 16:54 ` Yonghong Song
2023-10-26 13:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAADnVQKUBJqg+hHtbLeeC2jhoJAWqnmRAzXW3hmUCNSV9kx4sQ@mail.gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=gerhorst@cs.fau.de \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=laoar.shao@gmail.com \
--cc=martin.lau@linux.dev \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).