@@ -27,9 +27,9 @@
#include <linux/random.h>
#include <linux/moduleloader.h>
#include <linux/bpf.h>
-#include <linux/nospec.h>
#include <asm/unaligned.h>
+#include <asm/barrier.h>
/* Registers */
#define BPF_R0 regs[BPF_REG_0]
@@ -632,7 +632,7 @@ select_insn:
DST = IMM;
CONT;
LD_IMM_DW:
- barrier_nospec();
+ osb();
DST = (u64) (u32) insn[0].imm | ((u64) (u32) insn[1].imm) << 32;
insn++;
CONT;
@@ -847,7 +847,7 @@ out:
*(SIZE *)(unsigned long) (DST + insn->off) = IMM; \
CONT; \
LDX_MEM_##SIZEOP: \
- barrier_nospec(); \
+ osb(); \
DST = *(SIZE *)(unsigned long) (SRC + insn->off); \
CONT;
This reverts commit 5b9ee25974f7e54c94e8b2ef307d9830d714f490 which was part of an out-of-tree mitigation for CVE-2017-5753 (Spectre variant 1), in the BPF subsystem, that was available at the time of the coordinated release date. The Ubuntu kernel has since rebased on top of newer linux-stable releases and picked up commit b2157399cc98 ("bpf: prevent out-of-bounds speculation") which is upstream's mitigation of Spectre variant 1 in the BPF code. CVE-2017-5753 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> --- kernel/bpf/core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)