From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Cyrus-Session-Id: sloti22d1t05-1417449-1516788658-2-11043611865969091750 X-Sieve: CMU Sieve 3.0 X-Spam-known-sender: no X-Spam-score: 0.0 X-Spam-hits: BAYES_00 -1.9, HEADER_FROM_DIFFERENT_DOMAINS 0.25, ME_NOAUTH 0.01, RCVD_IN_DNSWL_HI -5, T_RP_MATCHES_RCVD -0.01, LANGUAGES en, BAYES_USED global, SA_VERSION 3.4.0 X-Spam-source: IP='209.132.180.67', Host='vger.kernel.org', Country='US', FromHeader='net', MailFrom='org' X-Spam-charsets: plain='utf-8' X-Resolved-to: greg@kroah.com X-Delivered-to: greg@kroah.com X-Mail-from: stable-owner@vger.kernel.org ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=arctest; t=1516788658; b=UHYiufn47rU/npTKR1n7pqN8vLm+FUATYhpWdQfJj3lH0LN DesVP0KLMFR2jUbwDFitnqGceIGWXQOdrPGyFQ1+8eQRTkt+B2Zm3zkY6+kvI1cG Z/ZaGgq5hhJE3LlZncYWD/0I1AJz1pC7WIKtUmHj4Z7MAjgC1pJ2EC3SdOUxNpKp vQIrPkwZciy0M2D0kl07xxBK1z9EbQyZmCbO7cXR+fw63NDHARlCFYlfv6225gDt ZIU25jubYTZEy5SFm4wOFGqWoR1NW3RFCxE4vtivwYpg3XxhaD3Uk7q3ILyzwGVM BTBnpkDfqjgCa1Zsej776nJZ2+S3ykplMghuxkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=subject:to:cc:references:from:message-id :date:mime-version:in-reply-to:content-type :content-transfer-encoding:sender:list-id; s=arctest; t= 1516788658; bh=v9axa3CBLM1nnBOMDRk2XIg0AAMlyQJEV4dVX5Maa94=; b=I KGwzypVKuFh0ymE7BqYpA2uU/BkBVKp5iQfQCBvAPDVc9Um+rS+Dc0FJ/h9nI2lE y6uV3U67ReKIiWJxA+vO0HMNktUyyU2Ldckv6l9N8Clp5uwcOTi3AZ907H00y1Vc T67+ZSkh5A6b7F+uIAWNpVSrME1nR/O7ZhcvlZh3k0V63Pxn61VDXOJZPX6VKVjp Cme55NnKwNxh7nQ8kMa9E6VbGDwfY1zvMiOf1LZOA9pNhOM7QM1gWUs2Kfdatujm bWQqmdOzaTT1Lus+Kcyn/om3qNlmqwlUop6UvpPLj1pjb+d7vW1WlRpnlPBSN2B7 PDEeQe4gw2BNvfNSHRT/g== ARC-Authentication-Results: i=1; mx4.messagingengine.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none (p=none,has-list-id=yes,d=none) header.from=iogearbox.net; iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org); spf=none smtp.mailfrom=stable-owner@vger.kernel.org smtp.helo=vger.kernel.org; x-aligned-from=fail; x-ptr=pass x-ptr-helo=vger.kernel.org x-ptr-lookup=vger.kernel.org; x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=iogearbox.net header.result=pass header_is_org_domain=yes Authentication-Results: mx4.messagingengine.com; arc=none (no signatures found); dkim=none (no signatures found); dmarc=none (p=none,has-list-id=yes,d=none) header.from=iogearbox.net; iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org); spf=none smtp.mailfrom=stable-owner@vger.kernel.org smtp.helo=vger.kernel.org; x-aligned-from=fail; x-ptr=pass x-ptr-helo=vger.kernel.org x-ptr-lookup=vger.kernel.org; x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=iogearbox.net header.result=pass header_is_org_domain=yes Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932836AbeAXKK5 (ORCPT ); Wed, 24 Jan 2018 05:10:57 -0500 Received: from www62.your-server.de ([213.133.104.62]:50766 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932833AbeAXKKz (ORCPT ); Wed, 24 Jan 2018 05:10:55 -0500 Subject: Re: [PATCH v3 bpf] bpf: introduce BPF_JIT_ALWAYS_ON config To: David Woodhouse , Alexei Starovoitov , davem@davemloft.net Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@fb.com, "stable@vger.kernel.org" , "dave.hansen@linux.intel.com" References: <20180109180429.1115005-1-ast@kernel.org> <606bf504-a39f-288d-11cd-56888ecbc165@iogearbox.net> <1516788431.13558.109.camel@infradead.org> From: Daniel Borkmann Message-ID: Date: Wed, 24 Jan 2018 11:10:50 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <1516788431.13558.109.camel@infradead.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Authenticated-Sender: daniel@iogearbox.net Sender: stable-owner@vger.kernel.org X-Mailing-List: stable@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On 01/24/2018 11:07 AM, David Woodhouse wrote: > On Tue, 2018-01-09 at 22:39 +0100, Daniel Borkmann wrote: >> On 01/09/2018 07:04 PM, Alexei Starovoitov wrote: >>> >>> The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715. >>> >>> A quote from goolge project zero blog: >>> "At this point, it would normally be necessary to locate gadgets in >>> the host kernel code that can be used to actually leak data by reading >>> from an attacker-controlled location, shifting and masking the result >>> appropriately and then using the result of that as offset to an >>> attacker-controlled address for a load. But piecing gadgets together >>> and figuring out which ones work in a speculation context seems annoying. >>> So instead, we decided to use the eBPF interpreter, which is built into >>> the host kernel - while there is no legitimate way to invoke it from inside >>> a VM, the presence of the code in the host kernel's text section is sufficient >>> to make it usable for the attack, just like with ordinary ROP gadgets." >>> >>> To make attacker job harder introduce BPF_JIT_ALWAYS_ON config >>> option that removes interpreter from the kernel in favor of JIT-only mode. >>> So far eBPF JIT is supported by: >>> x64, arm64, arm32, sparc64, s390, powerpc64, mips64 >>> >>> The start of JITed program is randomized and code page is marked as read-only. >>> In addition "constant blinding" can be turned on with net.core.bpf_jit_harden >>> >>> v2->v3: >>> - move __bpf_prog_ret0 under ifdef (Daniel) >>> >>> v1->v2: >>> - fix init order, test_bpf and cBPF (Daniel's feedback) >>> - fix offloaded bpf (Jakub's feedback) >>> - add 'return 0' dummy in case something can invoke prog->bpf_func >>> - retarget bpf tree. For bpf-next the patch would need one extra hunk. >>>   It will be sent when the trees are merged back to net-next >>> >>> Considered doing: >>>   int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT; >>> but it seems better to land the patch as-is and in bpf-next remove >>> bpf_jit_enable global variable from all JITs, consolidate in one place >>> and remove this jit_init() function. >>> >>> Signed-off-by: Alexei Starovoitov >> >> Applied to bpf tree, thanks Alexei! > > For stable too? Yes, this will go into stable as well; batch of backports will come Thurs/Fri.