This removes the following warning issued by checkpatch
WARNING: suspect code indent for conditional statements (8, 8)
+ } else
+ if (display->regwidth == 8 && display->buswidth == 9 && par->spi) {
Signed-off-by: Luis Gerhorst
Acked-by: Jonny Schaefer
Acked
The Linux kernel coding style states that braces should only be used
when necessary.
This fixes the checkpatch warning
WARNING: line over 80 characters
+ } else if (display->regwidth == 8 && display->buswidth == 9 &&
par->spi) {
introduced by patch #1.
Sig
Signed-off-by: Luis Gerhorst
Acked-by: Jonny Schaefer
Acked-by: Alexander Wuerstlein
---
drivers/staging/fbtft/fbtft-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/fbtft/fbtft-core.c
b/drivers/staging/fbtft/fbtft-core.c
index 34b1c81..566f89c
, that it requires us to introduce an output parameter for
the state.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 71 +--
1 file changed, 42 insertions(+), 29 deletions(-)
diff
, the same principle
should apply to smaller programs therefore include it even if the limit
stays at 8k for now. Most programs in "VeriFence: Lightweight and
Precise Spectre Defenses for Untrusted Linux Kernel
Extensions" (https://arxiv.org/pdf/2405.00078) only require a limit of
32k.
Sign
-access from using the result of the alu op speculatively. Therefore,
insert a nospec after the alu insn.
The latter requires us to modify the nospec_result patching code to work
not only for write-type insns.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan
nospec should be inserted (as comment) and modify the error message if
the nospec is able to mitigate a problem that previously shadowed
another problem.
Briefly went through all the occurrences of EPERM, EINVAL, and EACCESS
in the verifier in order to validate that catching them like this makes
sense.
Insert a nospec before the access to prevent it from ever using a index
that is subject to speculative scalar-confusion.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 15 ---
1 file changed, 8 insertions
complexity
of Spectre v1 verification.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
arch/arm64/net/bpf_jit_comp.c | 10 +-
include/linux/bpf.h | 14 +-
include/linux/bpf_verifier.h | 2 +-
kernel/bpf/verifier.c
h "*do_print_state = ",
and "goto process_bpf_exit" / fallthrough with "return process_bpf_exit()".
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 528 +++-
This prevents us from trying to recover from these on speculative paths
in the future.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf
Mark these cases as non-recoverable, even when they only occur during
speculative path verification.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 37 +++--
1 file changed, 19
ually emit arm64 barrier
* fix unexpected_load_success from test_progs for "bpf: Fall back to nospec for
sanitization-failures"
* use bpf-next as base commit
Luis Gerhorst (9):
bpf/arm64: Unset bypass_spec_v4() instead of ignoring BPF_NOSPEC
bpf: Refactor do_check() if/else into do_check_insn()
On 24/02/2025 21:47, Luis Gerhorst wrote:
> + } else if (error_recoverable_with_nospec(err) &&
> state->speculative)
> {
> + WARN_ON_ONCE(env->bypass_spec_v1);
> + WARN_ON_ONCE(env->cur_state != state);
> +
back to nospec directly for the remaining sanitization errs even if
we are not on a speculative path.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 85 ++-
.../selftests/bpf/progs
ate = " with "*do_print_state = "
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 426 ++
1 file changed, 224 insertions(+), 202 deletions(-)
diff --git a/kern
Mark these cases as non-recoverable to later prevent them from being
cought when they occur during speculative path verification.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 36
ec_v1() and _v4() according to
commit a6f6a95f2580 ("LoongArch, bpf: Fix jit to skip speculation
barrier opcode"). This is omitted here as I am unable to do any testing
for LoongArch.
Signed-off-by: Luis Gerhorst
Cc: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
arch/arm64/ne
This prevents us from trying to recover from these on speculative paths
in the future.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf
This is made to clarify that this flag will cause a nospec to be added
after this insn and can therefore be relied upon to reduce speculative
path analysis.
Signed-off-by: Luis Gerhorst
Cc: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
include/linux/bpf_verifier.h | 2 +-
kernel
F nospec) and
performance (only PowerPC) regressions
RFC: https://lore.kernel.org/bpf/20250224203619.594724-1-luis.gerho...@fau.de/
Luis Gerhorst (11):
bpf: Move insn if/else into do_check_insn()
bpf: Return -EFAULT on misconfigurations
bpf: Return -EFAULT on internal errors
bpf, arm64, pow
unexpected
conflicts between the insns when combined like this. Individual v1/v4
barriers were already emitted elsewhere.
[1]
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=29b74545531f6afbee9fc38c267524326dbfbedf
("MIPS: Add speculation_barrier support")
[2] https://github.com/kerne
efenses for Untrusted Linux Kernel Extensions")
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
include/linux/bpf_verifier.h | 1 +
kernel/bpf/verifier.c | 68 +--
.../selftests/bpf/prog
Insert a nospec before the access to prevent it from ever using an index
that is subject to speculative scalar-confusion.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 24
1 file changed, 12
Main reason is, that it will later allow us to fall back to a nospec for
certain errors in push_stack().
This changes the sanitization-case to returning -ENOMEM. However, this
is more fitting as -EFAULT would indicate a verifier-internal bug.
Signed-off-by: Luis Gerhorst
Acked-by: Henriette
")
Signed-off-by: Luis Gerhorst
Acked-by: Henriette Herzog
Cc: Maximilian Ott
Cc: Milan Stephan
---
kernel/bpf/verifier.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 03af82f52a02..49c7e2608ccd 100644
--- a/kernel
Eduard Zingerman writes:
> On Thu, 2025-03-13 at 18:21 +0100, Luis Gerhorst wrote:
>> +err = do_check_insn(env, insn, pop_log, &do_print_state, regs,
>> state,
>> +&prev_insn_idx);
>
> - `regs` remains declared in
Eduard Zingerman writes:
> Could you please point me to a location, where exact error code
> returned by updated push_stack() matters?
> I checked push_stack() callgraph (in the attachment), but can't find
> anything.
Only with the final patch 11 ("bpf: Fall back to nospec for spec path
verifica
Alexei Starovoitov writes:
> On Thu, Mar 13, 2025 at 10:57 AM Luis Gerhorst wrote:
>> With increased limits this allows applying mitigations to large BPF
>> progs such as the Parca Continuous Profiler's prog. However, this
>> requires a jump-seq limit of 256k. In an
Eduard Zingerman writes:
> I think it would be good to have some tests checking that nospec
> instructions are inserted in expected locations.
> Could you please take look at use of __xlated tag in e.g.
> tools/testing/selftests/bpf/progs/verifier_sdiv.c ?
That looks very promising, I will look i
30 matches
Mail list logo
