On Tue, Sep 19, 2023 at 01:39:44AM -0700, Alexei Starovoitov wrote: > On Tue, Sep 19, 2023 at 1:34 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Tue, Sep 19, 2023 at 08:26:28AM +0200, Daniel Borkmann wrote: > > > On 9/16/23 1:35 PM, Greg KH wrote: > > > > On Thu, Sep 14, 2023 at 08:51:32AM +0000, Luis Gerhorst wrote: > > > > > > 6.1-stable review patch. If anyone has any objections, please let me know. > > > > > > > > > > > > From: Yafang Shao <laoar.shao@xxxxxxxxx> > > > > > > > > > > > > commit d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 upstream. > > > > > > > > > > I unfortunately have objections, they are pending discussion at [1]. > > > > > > > > > > Same applies to the 6.4-stable review patch [2] and all other backports. > > > > > > > > > > [1] https://lore.kernel.org/bpf/20230913122827.91591-1-gerhorst@xxxxxxxxx/ > > > > > [2] https://lore.kernel.org/stable/20230911134709.834278248@xxxxxxxxxxxxxxxxxxx/ > > > > > > > > As this is in the tree already, and in Linus's tree, I'll wait to see > > > > if any changes are merged into Linus's tree for this before removing it > > > > from the stable trees. > > > > > > > > Let us know if there's a commit that resolves this and we will be glad > > > > to queue that up. > > > > > > Commit d75e30dddf73 ("bpf: Fix issue in verifying allow_ptr_leaks") is not > > > stable material. It's not really a "fix", but it will simply make direct > > > packet access available to applications without CAP_PERFMON - the latter > > > was required so far given Spectre v1. However, there is ongoing discussion [1] > > > that potentially not much useful information can be leaked out and therefore > > > lifting it may or may not be ok. If we queue this to stable and later figure > > > we need to revert the whole thing again because someone managed to come up > > > with a PoC in the meantime, then there's higher risk of breakage. > > > > Ick, ok, so just this one commit should be reverted? Or any others as > > well? > > I don't think revert is necessary. Just don't backport any further. Ok, thanks, it's not backported into any other kernels at the moment, so I'll not worry about this anymore :) greg k-h
