Skip to content

Commit 58c9a50

Browse files
author
James Morse
committed
arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting
The mitigations for Spectre-BHB are only applied when an exception is taken from user-space. The mitigation status is reported via the spectre_v2 sysfs vulnerabilities file. When unprivileged eBPF is enabled the mitigation in the exception vectors can be avoided by an eBPF program. When unprivileged eBPF is enabled, print a warning and report vulnerable via the sysfs vulnerabilities file. Acked-by: Catalin Marinas <[email protected]> Signed-off-by: James Morse <[email protected]>
1 parent 228a26b commit 58c9a50

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

arch/arm64/kernel/proton-pack.c

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
*/
1919

2020
#include <linux/arm-smccc.h>
21+
#include <linux/bpf.h>
2122
#include <linux/cpu.h>
2223
#include <linux/device.h>
2324
#include <linux/nospec.h>
@@ -111,6 +112,15 @@ static const char *get_bhb_affected_string(enum mitigation_state bhb_state)
111112
}
112113
}
113114

115+
static bool _unprivileged_ebpf_enabled(void)
116+
{
117+
#ifdef CONFIG_BPF_SYSCALL
118+
return !sysctl_unprivileged_bpf_disabled;
119+
#else
120+
return false;
121+
#endif
122+
}
123+
114124
ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
115125
char *buf)
116126
{
@@ -130,6 +140,9 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
130140
v2_str = "CSV2";
131141
fallthrough;
132142
case SPECTRE_MITIGATED:
143+
if (bhb_state == SPECTRE_MITIGATED && _unprivileged_ebpf_enabled())
144+
return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");
145+
133146
return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str);
134147
case SPECTRE_VULNERABLE:
135148
fallthrough;
@@ -1125,3 +1138,16 @@ void __init spectre_bhb_patch_clearbhb(struct alt_instr *alt,
11251138
*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
11261139
*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
11271140
}
1141+
1142+
#ifdef CONFIG_BPF_SYSCALL
1143+
#define EBPF_WARN "Unprivileged eBPF is enabled, data leaks possible via Spectre v2 BHB attacks!\n"
1144+
void unpriv_ebpf_notify(int new_state)
1145+
{
1146+
if (spectre_v2_state == SPECTRE_VULNERABLE ||
1147+
spectre_bhb_state != SPECTRE_MITIGATED)
1148+
return;
1149+
1150+
if (!new_state)
1151+
pr_err("WARNING: %s", EBPF_WARN);
1152+
}
1153+
#endif

0 commit comments

Comments
 (0)