Disabling unprivileged BPF would help prevent unprivileged users from creating the conditions required for potential speculative execution side-channel attacks on affected hardware. A deep dive on such attacks and mitigation is available here [1]. If an architecture selects CONFIG_CPU_SPECTRE, disable unprivileged BPF by default. An admin can enable this at runtime, if necessary. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx> [1] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf --- kernel/bpf/Kconfig | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig index a82d6de86522..510a5a73f9a2 100644 --- a/kernel/bpf/Kconfig +++ b/kernel/bpf/Kconfig @@ -64,6 +64,7 @@ config BPF_JIT_DEFAULT_ON config BPF_UNPRIV_DEFAULT_OFF bool "Disable unprivileged BPF by default" + default y if CPU_SPECTRE depends on BPF_SYSCALL help Disables unprivileged BPF by default by setting the corresponding @@ -72,6 +73,10 @@ config BPF_UNPRIV_DEFAULT_OFF disable it by setting it to 1 (from which no other transition to 0 is possible anymore). + Unprivileged BPF can be used to exploit potential speculative + execution side-channel vulnerabilities on affected hardware. If you + are concerned about it, answer Y. + source "kernel/bpf/preload/Kconfig" config BPF_LSM -- 2.31.1
