diff options
author | Josh Poimboeuf <jpoimboe@redhat.com> | 2022-02-18 22:49:08 +0300 |
---|---|---|
committer | Borislav Petkov <bp@suse.de> | 2022-02-21 12:21:47 +0300 |
commit | 44a3918c8245ab10c6c9719dd12e7a8d291980d8 (patch) | |
tree | 1dacbf59f0672a0cfeea601cf1b338d9ed74bc80 /include/linux | |
parent | 5ad3eb1132453b9795ce5fd4572b1c18b292cca9 (diff) | |
download | linux-44a3918c8245ab10c6c9719dd12e7a8d291980d8.tar.xz |
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
With unprivileged eBPF enabled, eIBRS (without retpoline) is vulnerable
to Spectre v2 BHB-based attacks.
When both are enabled, print a warning message and report it in the
'spectre_v2' sysfs vulnerabilities file.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/bpf.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h index fa517ae604ad..1f56806d8eb9 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1793,6 +1793,11 @@ struct bpf_core_ctx { int bpf_core_apply(struct bpf_core_ctx *ctx, const struct bpf_core_relo *relo, int relo_idx, void *insn); +static inline bool unprivileged_ebpf_enabled(void) +{ + return !sysctl_unprivileged_bpf_disabled; +} + #else /* !CONFIG_BPF_SYSCALL */ static inline struct bpf_prog *bpf_prog_get(u32 ufd) { @@ -2012,6 +2017,12 @@ bpf_jit_find_kfunc_model(const struct bpf_prog *prog, { return NULL; } + +static inline bool unprivileged_ebpf_enabled(void) +{ + return false; +} + #endif /* CONFIG_BPF_SYSCALL */ void __bpf_free_used_btfs(struct bpf_prog_aux *aux, |