Commit c6a8735d authored Jun 07, 2025 by James Morse Committed by Greg Kroah-Hartman Jun 27, 2025

arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs



[ Upstream commit 0dfefc2e ]

A malicious BPF program may manipulate the branch history to influence
what the hardware speculates will happen next.

On exit from a BPF program, emit the BHB mititgation sequence.

This is only applied for 'classic' cBPF programs that are loaded by
seccomp.

Signed-off-by: James Morse <james.morse@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent d38941ee

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 6200a373
· Nov 05, 2025

mentioned in commit 6200a373

mentioned in commit 6200a3734e3bbb57c7c742eb66e0902d5a31bfce

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 29bf3aa7
· Nov 05, 2025

mentioned in commit 29bf3aa7

mentioned in commit 29bf3aa759afd81fc1461b4104f7d286ff2d376d

Toggle commit list

Please to comment