On 9/16/23 1:35 PM, Greg KH wrote:
On Thu, Sep 14, 2023 at 08:51:32AM +0000, Luis Gerhorst wrote:6.1-stable review patch. If anyone has any objections, please let me know. From: Yafang Shao <laoar.shao@xxxxxxxxx> commit d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 upstream.I unfortunately have objections, they are pending discussion at [1]. Same applies to the 6.4-stable review patch [2] and all other backports. [1] https://lore.kernel.org/bpf/20230913122827.91591-1-gerhorst@xxxxxxxxx/ [2] https://lore.kernel.org/stable/20230911134709.834278248@xxxxxxxxxxxxxxxxxxx/As this is in the tree already, and in Linus's tree, I'll wait to see if any changes are merged into Linus's tree for this before removing it from the stable trees. Let us know if there's a commit that resolves this and we will be glad to queue that up.
Commit d75e30dddf73 ("bpf: Fix issue in verifying allow_ptr_leaks") is not
stable material. It's not really a "fix", but it will simply make direct
packet access available to applications without CAP_PERFMON - the latter
was required so far given Spectre v1. However, there is ongoing discussion [1]
that potentially not much useful information can be leaked out and therefore
lifting it may or may not be ok. If we queue this to stable and later figure
we need to revert the whole thing again because someone managed to come up
with a PoC in the meantime, then there's higher risk of breakage.
Thanks,
Daniel
