Arm security updates as of 8th of January 2018
bpf: inhibit speculated out-of-bounds pointers

Under speculation, CPUs may mis-predict branches in bounds checks. Thus,
memory accesses under a bounds check may be speculated even if the
bounds check fails, providing a primitive for building a side channel.

The EBPF map code has a number of such bounds-checks accesses in
map_lookup_elem implementations. This patch modifies these to use the
nospec helpers to inhibit such side channels.

The JITted lookup_elem implementations remain potentially vulnerable,
and are disabled (with JITted code falling back to the C

Signed-off-by: Mark Rutland <>
Signed-off-by: Will Deacon <>
4 files changed