-
Elena Reshetova authored
CVE-2017-5753 CVE-2017-5715 This adds a generic memory barrier before LD_IMM_DW and LDX_MEM_B/H/W/DW eBPF instructions during eBPF program execution in order to prevent speculative execution on out of bound BFP_MAP array indexes. This way an arbitary kernel memory is not exposed through side channel attacks. For more details, please see this Google Project Zero report: tbd Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (cherry picked from commit 69cfcc33d4ec282f14e47f1705bf45117e557b69) Signed-off-by: Andy Whitcroft <apw@canonical.com>
ac92d827