On Fri, 2018-01-12 at 17:17 +0100, Jiri Slaby wrote: > From: Alexei Starovoitov <ast@xxxxxxxxxx> > > commit b2157399cc9898260d6031c5bfe45fe137c1fbe7 upstream. > > Under speculation, CPUs may mis-predict branches in bounds checks. Thus, > memory accesses under a bounds check may be speculated even if the > bounds check fails, providing a primitive for building a side channel. > Make sure to also backport https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id= bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1