From 691513d264f1e259a09a3a0e4f1f4f737154ad6d Mon Sep 17 00:00:00 2001
From: Luis Gerhorst <gerhorst@cs.fau.de>
Date: Thu, 21 Dec 2023 14:36:03 +0100
Subject: [PATCH] [DRAFT] bpf: Insert marked spec_v1 instructions

---
 kernel/bpf/verifier.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1505eafadf2d..520daa13a307 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -17631,6 +17631,37 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
 	for (i = 0; i < insn_cnt; i++, insn++) {
 		bpf_convert_ctx_access_t convert_ctx_access;
 
+		if (env->insn_aux_data[i + delta].nospec_v1) {
+			/* TODO: Check that previous instruction is not already
+			 * a nospec. Or even better, insert the lfence only at
+			 * the beginning of the basic block. */
+			struct bpf_insn patch[] = {
+				BPF_ST_NOSPEC_V1(),
+				*insn,
+			};
+			cnt = ARRAY_SIZE(patch);
+			new_prog = bpf_patch_insn_data(env, i + delta, patch, cnt);
+			if (!new_prog)
+				return -ENOMEM;
+			delta    += cnt - 1;
+			env->prog = new_prog;
+			insn      = new_prog->insnsi + i + delta;
+		}
+
+		if (env->insn_aux_data[i + delta].nospec_v1_result) {
+			struct bpf_insn patch[] = {
+				*insn,
+				BPF_ST_NOSPEC_V1(),
+			};
+			cnt = ARRAY_SIZE(patch);
+			new_prog = bpf_patch_insn_data(env, i + delta, patch, cnt);
+			if (!new_prog)
+				return -ENOMEM;
+			delta    += cnt - 1;
+			env->prog = new_prog;
+			insn      = new_prog->insnsi + i + delta;
+		}
+
 		if (insn->code == (BPF_LDX | BPF_MEM | BPF_B) ||
 		    insn->code == (BPF_LDX | BPF_MEM | BPF_H) ||
 		    insn->code == (BPF_LDX | BPF_MEM | BPF_W) ||
-- 
GitLab