Arm security updates as of 8th of January 2018
bpf: inhibit speculated out-of-bounds pointers
Under speculation, CPUs may mis-predict branches in bounds checks. Thus,
memory accesses under a bounds check may be speculated even if the
bounds check fails, providing a primitive for building a side channel.
The EBPF map code has a number of such bounds-checks accesses in
map_lookup_elem implementations. This patch modifies these to use the
nospec helpers to inhibit such side channels.
The JITted lookup_elem implementations remain potentially vulnerable,
and are disabled (with JITted code falling back to the C
Signed-off-by: Mark Rutland <firstname.lastname@example.org>
Signed-off-by: Will Deacon <email@example.com>
4 files changed