From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Borkmann Subject: pull-request: bpf 2018-01-09 Date: Tue, 9 Jan 2018 23:03:21 +0100 Message-ID: <20180109220321.9973-1-daniel@iogearbox.net> Cc: daniel@iogearbox.net, ast@kernel.org, netdev@vger.kernel.org To: davem@davemloft.net Return-path: Received: from www62.your-server.de ([213.133.104.62]:57187 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753312AbeAIWDX (ORCPT ); Tue, 9 Jan 2018 17:03:23 -0500 Sender: netdev-owner@vger.kernel.org List-ID: Hi David, The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Prevent out-of-bounds speculation in BPF maps by masking the index after bounds checks in order to fix spectre v1, and add an option BPF_JIT_ALWAYS_ON into Kconfig that allows for removing the BPF interpreter from the kernel in favor of JIT-only mode to make spectre v2 harder, from Alexei. 2) Remove false sharing of map refcount with max_entries which was used in spectre v1, from Daniel. 3) Add a missing NULL psock check in sockmap in order to fix a race, from John. 4) Fix test_align BPF selftest case since a recent change in verifier rejects the bit-wise arithmetic on pointers earlier but test_align update was missing, from Alexei. Please consider pulling these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git Thanks a lot! ---------------------------------------------------------------- The following changes since commit 5133550296d43236439494aa955bfb765a89f615: sh_eth: fix SH7757 GEther initialization (2018-01-05 13:59:18 -0500) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git for you to fetch changes up to 290af86629b25ffd1ed6232c4e9107da031705cb: bpf: introduce BPF_JIT_ALWAYS_ON config (2018-01-09 22:25:26 +0100) ---------------------------------------------------------------- Alexei Starovoitov (3): selftests/bpf: fix test_align bpf: prevent out-of-bounds speculation bpf: introduce BPF_JIT_ALWAYS_ON config Daniel Borkmann (1): bpf: avoid false sharing of map refcount with max_entries John Fastabend (1): bpf: sockmap missing NULL psock check include/linux/bpf.h | 26 ++++++++++++------ init/Kconfig | 7 +++++ kernel/bpf/arraymap.c | 47 ++++++++++++++++++++++++-------- kernel/bpf/core.c | 19 +++++++++++++ kernel/bpf/sockmap.c | 11 ++++++-- kernel/bpf/verifier.c | 36 ++++++++++++++++++++++++ lib/test_bpf.c | 11 +++++--- net/core/filter.c | 6 ++-- net/core/sysctl_net_core.c | 6 ++++ net/socket.c | 9 ++++++ tools/testing/selftests/bpf/test_align.c | 22 +-------------- 11 files changed, 150 insertions(+), 50 deletions(-)