diff options
| author | Josh Poimboeuf <jpoimboe@redhat.com> | 2022-02-18 11:49:08 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 10:13:28 +0100 |
| commit | 383973dc1a9dfc7baf12652b9e75498bef16aed9 (patch) | |
| tree | 2b81630c4c984078568afa2ee2030cc3ce4fc963 /include | |
| parent | d2109c347ec237f6a4cf4d44336abdeeab82ec8f (diff) | |
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
commit 44a3918c8245ab10c6c9719dd12e7a8d291980d8 upstream.
With unprivileged eBPF enabled, eIBRS (without retpoline) is vulnerable
to Spectre v2 BHB-based attacks.
When both are enabled, print a warning message and report it in the
'spectre_v2' sysfs vulnerabilities file.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
[fllinden@amazon.com: backported to 4.14]
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/bpf.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h index e9e87599338e..3aa05ea79ba1 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -337,6 +337,11 @@ static inline int bpf_map_attr_numa_node(const union bpf_attr *attr) attr->numa_node : NUMA_NO_NODE; } +static inline bool unprivileged_ebpf_enabled(void) +{ + return !sysctl_unprivileged_bpf_disabled; +} + #else static inline struct bpf_prog *bpf_prog_get(u32 ufd) { @@ -400,6 +405,12 @@ static inline void __dev_map_insert_ctx(struct bpf_map *map, u32 index) static inline void __dev_map_flush(struct bpf_map *map) { } + +static inline bool unprivileged_ebpf_enabled(void) +{ + return false; +} + #endif /* CONFIG_BPF_SYSCALL */ #if defined(CONFIG_STREAM_PARSER) && defined(CONFIG_BPF_SYSCALL) |