x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting

commit 44a3918c8245ab10c6c9719dd12e7a8d291980d8 upstream. With unprivileged eBPF enabled, eIBRS (without retpoline) is vulnerable to Spectre v2 BHB-based attacks. When both are enabled, print a warning message and report it in the 'spectre_v2' sysfs vulnerabilities file. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> [fllinden@amazon.com: backported to 4.14] Signed-off-by: Frank van der Linden <fllinden@amazon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Josh Poimboeuf <jpoimboe@redhat.com> 2022-02-18 11:49:08 -0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-03-11 10:13:28 +0100
commit: 383973dc1a9dfc7baf12652b9e75498bef16aed9 (patch)
tree: 2b81630c4c984078568afa2ee2030cc3ce4fc963 /kernel
parent: d2109c347ec237f6a4cf4d44336abdeeab82ec8f (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index c9a3e61c88f8..4258db3a6470 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -243,6 +243,11 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write,
 #endif
 
 #ifdef CONFIG_BPF_SYSCALL
+
+void __weak unpriv_ebpf_notify(int new_state)
+{
+}
+
 static int bpf_unpriv_handler(struct ctl_table *table, int write,
                              void *buffer, size_t *lenp, loff_t *ppos)
 {
@@ -260,6 +265,9 @@ static int bpf_unpriv_handler(struct ctl_table *table, int write,
 			return -EPERM;
 		*(int *)table->data = unpriv_enable;
 	}
+
+	unpriv_ebpf_notify(unpriv_enable);
+
 	return ret;
 }
 #endif
author	Josh Poimboeuf <jpoimboe@redhat.com>	2022-02-18 11:49:08 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-03-11 10:13:28 +0100
commit	383973dc1a9dfc7baf12652b9e75498bef16aed9 (patch)
tree	2b81630c4c984078568afa2ee2030cc3ce4fc963 /kernel
parent	d2109c347ec237f6a4cf4d44336abdeeab82ec8f (diff)