diff options
| author | Josh Poimboeuf <jpoimboe@redhat.com> | 2022-02-18 22:49:08 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 14:11:49 +0300 |
| commit | afc2d635b5e18e2b33116d8e121ee149882e33eb (patch) | |
| tree | 5cdac8f4b8abf5126dd04af123fae0cfc76c5f3d /include | |
| parent | 071e8b69d7808d96f388d7c5ed606e75fd3d518d (diff) | |
| download | linux-afc2d635b5e18e2b33116d8e121ee149882e33eb.tar.xz | |
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
commit 44a3918c8245ab10c6c9719dd12e7a8d291980d8 upstream.
With unprivileged eBPF enabled, eIBRS (without retpoline) is vulnerable
to Spectre v2 BHB-based attacks.
When both are enabled, print a warning message and report it in the
'spectre_v2' sysfs vulnerabilities file.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
[fllinden@amazon.com: backported to 5.10]
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/bpf.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h index e6ddf5a3beaf..ea3ff499e94a 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1485,6 +1485,12 @@ struct bpf_prog *bpf_prog_by_id(u32 id); struct bpf_link *bpf_link_by_id(u32 id); const struct bpf_func_proto *bpf_base_func_proto(enum bpf_func_id func_id); + +static inline bool unprivileged_ebpf_enabled(void) +{ + return !sysctl_unprivileged_bpf_disabled; +} + #else /* !CONFIG_BPF_SYSCALL */ static inline struct bpf_prog *bpf_prog_get(u32 ufd) { @@ -1679,6 +1685,12 @@ bpf_base_func_proto(enum bpf_func_id func_id) { return NULL; } + +static inline bool unprivileged_ebpf_enabled(void) +{ + return false; +} + #endif /* CONFIG_BPF_SYSCALL */ static inline struct bpf_prog *bpf_prog_get_type(u32 ufd, |