diff options
author | Josh Poimboeuf <jpoimboe@redhat.com> | 2022-02-18 11:49:08 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-03-11 10:15:11 +0100 |
commit | 995629e1d8e6751936c6e2b738f70b392b0461de (patch) | |
tree | fb1b077f5b07b3b5051d1d63a1c31a8d3af61006 /kernel | |
parent | 7af95ef3ec6248696300fce5c68f6c8c4f50e4a4 (diff) |
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
commit 44a3918c8245ab10c6c9719dd12e7a8d291980d8 upstream.
With unprivileged eBPF enabled, eIBRS (without retpoline) is vulnerable
to Spectre v2 BHB-based attacks.
When both are enabled, print a warning message and report it in the
'spectre_v2' sysfs vulnerabilities file.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
[fllinden@amazon.com: backported to 4.19]
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/sysctl.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 03af4a493aff..93a7bd4185d0 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -251,6 +251,11 @@ static int sysrq_sysctl_handler(struct ctl_table *table, int write, #endif #ifdef CONFIG_BPF_SYSCALL + +void __weak unpriv_ebpf_notify(int new_state) +{ +} + static int bpf_unpriv_handler(struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos) { @@ -268,6 +273,9 @@ static int bpf_unpriv_handler(struct ctl_table *table, int write, return -EPERM; *(int *)table->data = unpriv_enable; } + + unpriv_ebpf_notify(unpriv_enable); + return ret; } #endif |