From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <dave.hansen@intel.com>
Received: from mga06.intel.com ([134.134.136.31])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <dave.hansen@intel.com>)
	id 1fEMoE-00061f-LN
	for speck@linutronix.de; Fri, 04 May 2018 00:34:43 +0200
From: Dave Hansen <dave.hansen@intel.com>
Subject: [MODERATED] [PATCH 0/5] SSB extra 0
Date: Thu,  3 May 2018 15:29:43 -0700
Message-Id: <cover.1525383411.git.dave.hansen@intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
To: speck@linutronix.de
Cc: Dave Hansen <dave.hansen@intel.com>
List-ID: <speck.linutronix.de>

BPF is a potential source of gadgets that can be used for memory
diambiguation-based attacks.  To help mitigate these, we enable
the bit in SPEC_CTRL which enables the reduced (memory)
speculation mode on the processor when runing BPF code.

This is far from optimal: it does not opt-out of the mitigations
for BPF programs which are trusted or which are less likely to be
exploited, like those which have been offloaded.

It also uses a fixed (and stupid) algoritm for keeping the MSR
write traffic to a minimum.  Each time a CPU uses BPF, it does the
MSR write to enable the mitigation and then schedules some work
in 10ms to disable the mitigation.  It repeats this every 10ms if
the CPU keeps seeing BPF activity.  This can obviously be improved
on, but it is simple at the moment and _works_.

Dave Hansen (5):
  bpf: add enter/exit markers
  bpf: track entry to and exit from BFP code
  bpf: use reduced speculation mitigations
  x86, bugs: centralize SPEC_CTRL MSR mask generation
  x86: implement reduced speculation when running BPF

 arch/x86/Kconfig                 |  4 ++
 arch/x86/include/asm/rmspec.h    | 24 ++++++++++++
 arch/x86/include/asm/spec-ctrl.h |  3 ++
 arch/x86/kernel/cpu/bugs.c       | 81 ++++++++++++++++++++++++++++++++--------
 include/linux/bpf.h              |  2 +
 include/linux/filter.h           | 34 ++++++++++++++++-
 include/linux/nospec.h           | 11 ++++++
 kernel/bpf/sockmap.c             |  6 +++
 net/core/filter.c                | 65 ++++++++++++++++++++++++++++++++
 net/kcm/kcmsock.c                |  7 +++-
 10 files changed, 220 insertions(+), 17 deletions(-)
 create mode 100644 arch/x86/include/asm/rmspec.h

-- 
2.9.5