The disclosure of the Spectre class of hardware vulnerabilities created a lot of pain for kernel developers (and many others). That pain was especially acutely felt in the BPF community. While an attacker might have to painfully search the kernel code base for exploitable code, an attacker using BPF can simply write and load their own speculation gadgets, which is a much more efficient way of operating. The BPF community reacted by, among other things, disallowing the loading of programs that may include speculation gadgets. Luis Gerhorst would like to change that situation with this patch series that takes a more direct approach to the problem.
Spectre 类硬件漏洞的披露给内核开发者(以及许多其他人)带来了极大的痛苦。这种痛苦在 BPF 社区中尤为明显。攻击者在传统情况下可能需要艰难地在内核代码库中搜索可利用的代码,而使用 BPF 的攻击者则可以直接编写并加载他们自己的推测执行代码片段,这种方式高效得多。作为回应,BPF 社区采取了多项措施,其中之一就是禁止加载可能包含推测执行代码的程序。Luis Gerhorst 希望通过他的一系列补丁以更直接的方式来改变这种局面。
While the potential to enable speculative-execution attacks may be a concern for any BPF program, the problem is especially severe for unprivileged programs — those that can be loaded by ordinary users. Most program types require privilege but there are a couple of packet-filter program types that do not (though the unprivileged_bpf_disabled sysctl knob can disable those types too). Among the many defenses added to the BPF subsystem is this patch by Daniel Borkmann, which was merged for the 5.13 release in 2021. It causes the verifier to treat possible speculative paths (for Spectre variant 1 in particular) as real alter
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
