git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	James Morse <james.morse@arm.com>
	Thu, 9 Dec 2021 15:13:24 +0000 (15:13 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 18 May 2025 06:24:10 +0000 (08:24 +0200)
commit	42a20cf51011788f04cf2adbcd7681f02bdb6c27
tree	bd6c4b623caf52423e9ce5eb7c0a39af307c5a9c	tree
parent	73591041a551cfe390861bf30067d3d2810b82ad	commit \| diff

arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs

commit 0dfefc2ea2f29ced2416017d7e5b1253a54c2735 upstream.

A malicious BPF program may manipulate the branch history to influence
what the hardware speculates will happen next.

On exit from a BPF program, emit the BHB mititgation sequence.

This is only applied for 'classic' cBPF programs that are loaded by
seccomp.

Signed-off-by: James Morse <james.morse@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/arm64/include/asm/spectre.h		diff \| blob \| blame \| history
arch/arm64/kernel/proton-pack.c		diff \| blob \| blame \| history
arch/arm64/net/bpf_jit_comp.c		diff \| blob \| blame \| history