Commit 673b19e5 authored May 05, 2025 by Daniel Sneddon Committed by Greg Kroah-Hartman May 18, 2025

x86/bpf: Call branch history clearing sequence on exit

commit d4e89d21 upstream.

Classic BPF programs have been identified as potential vectors for
intra-mode Branch Target Injection (BTI) attacks. Classic BPF programs can
be run by unprivileged users. They allow unprivileged code to execute
inside the kernel. Attackers can use unprivileged cBPF to craft branch
history in kernel mode that can influence the target of indirect branches.

Introduce a branch history buffer (BHB) clearing sequence during the JIT
compilation of classic BPF programs. The clearing sequence is the same as
is used in previous mitigations to protect syscalls. Since eBPF programs
already have their own mitigations in place, only insert the call on
classic programs that aren't run by privileged users.

Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 2edc296e

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 25a456b5
· Nov 05, 2025

mentioned in commit 25a456b5

mentioned in commit 25a456b541bbd2d159a29c5978b6ed288999429c

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit fa1f78be
· Nov 05, 2025

mentioned in commit fa1f78be

mentioned in commit fa1f78bed39010aae7d9babe527d1b9886554a0a

Toggle commit list

Please to comment