• Daniel Borkmann's avatar
    bpf: Introduce BPF nospec instruction for mitigating Spectre v4 · f5e81d11
    Daniel Borkmann authored
    In case of JITs, each of the JIT backends compiles the BPF nospec instruction
    /either/ to a machine instruction which emits a speculation barrier /or/ to
    /no/ machine instruction in case the underlying architecture is not affected
    by Speculative Store Bypass or has different mitigations in place already.
    
    This covers both x86 and (implicitly) arm64: In case of x86, we use 'lfence'
    instruction for mitigation. In case of arm64, we rely on the firmware mitigation
    as controlled via the ssbd kernel parameter. Whenever the mitigation is enabled,
    it works for all of the kernel code with no need to provide any additional
    instructions here (hence only comment in arm64 JIT). Other archs can follow
    as needed. The BPF nospec instruction is specifically targeting Spectre v4
    since i) we don't use a serialization barrier for the Spectre v1 case, and
    ii) mitigation instructions for v1 and v4 might be different on some archs.
    
    The BPF nospec is required for a future commit, where the BPF verifier does
    annotate intermediate BPF programs with speculation barriers.
    Co-developed-by: default avatarPiotr Krysiuk <piotras@gmail.com>
    Co-developed-by: default avatarBenedict Schlueter <benedict.schlueter@rub.de>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: default avatarPiotr Krysiuk <piotras@gmail.com>
    Signed-off-by: default avatarBenedict Schlueter <benedict.schlueter@rub.de>
    Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
    f5e81d11
ebpf_jit.c 51.8 KB