diff options
| author | Pawan Gupta <pawan.kumar.gupta@linux.intel.com> | 2021-10-29 12:43:54 -0700 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2021-11-01 17:06:47 +0100 |
| commit | 8a03e56b253e9691c90bc52ca199323d71b96204 (patch) | |
| tree | 5c4bdf42553fc742175e01f490a591088cf75468 /tools/perf/scripts/python/export-to-postgresql.py | |
| parent | f48ad69097fe79d1de13c4d8fef556d4c11c5e68 (diff) | |
bpf: Disallow unprivileged bpf by default
Disabling unprivileged BPF would help prevent unprivileged users from
creating certain conditions required for potential speculative execution
side-channel attacks on unmitigated affected hardware.
A deep dive on such attacks and current mitigations is available here [0].
Sync with what many distros are currently applying already, and disable
unprivileged BPF by default. An admin can enable this at runtime, if
necessary, as described in 08389d888287 ("bpf: Add kconfig knob for
disabling unpriv bpf by default").
[0] "BPF and Spectre: Mitigating transient execution attacks", Daniel Borkmann, eBPF Summit '21
https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/bpf/0ace9ce3f97656d5f62d11093ad7ee81190c3c25.1635535215.git.pawan.kumar.gupta@linux.intel.com
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions