x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting

#include <linux/prctl.h>

#include <linux/sched/smt.h>

#include <linux/pgtable.h>

#include <linux/bpf.h>

#include <asm/spec-ctrl.h>

#include <asm/cmdline.h>

static inline const char *spectre_v2_module_string(void) { return ""; }

#endif

#define SPECTRE_V2_EIBRS_EBPF_MSG "WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!\n"

#ifdef CONFIG_BPF_SYSCALL

void unpriv_ebpf_notify(int new_state)

{

	if (spectre_v2_enabled == SPECTRE_V2_EIBRS && !new_state)

		pr_err(SPECTRE_V2_EIBRS_EBPF_MSG);

}

#endif

static inline bool match_option(const char *arg, int arglen, const char *opt)

{

	int len = strlen(opt);

		break;

	}

	if (mode == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled())

		pr_err(SPECTRE_V2_EIBRS_EBPF_MSG);

	if (spectre_v2_in_eibrs_mode(mode)) {

		/* Force it so VMEXIT will restore correctly */

		x86_spec_ctrl_base |= SPEC_CTRL_IBRS;

	return "";

}

static ssize_t spectre_v2_show_state(char *buf)

{

	if (spectre_v2_enabled == SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled())

		return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");

	return sprintf(buf, "%s%s%s%s%s%s\n",

		       spectre_v2_strings[spectre_v2_enabled],

		       ibpb_state(),

		       boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",

		       stibp_state(),

		       boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",

		       spectre_v2_module_string());

}

static ssize_t srbds_show_state(char *buf)

{

	return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]);

		return sprintf(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]);

	case X86_BUG_SPECTRE_V2:

		return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],

			       ibpb_state(),

			       boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",

			       stibp_state(),

			       boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "",

			       spectre_v2_module_string());

		return spectre_v2_show_state(buf);

	case X86_BUG_SPEC_STORE_BYPASS:

		return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);

int bpf_core_apply(struct bpf_core_ctx *ctx, const struct bpf_core_relo *relo,

		   int relo_idx, void *insn);

static inline bool unprivileged_ebpf_enabled(void)

{

	return !sysctl_unprivileged_bpf_disabled;

}

#else /* !CONFIG_BPF_SYSCALL */

static inline struct bpf_prog *bpf_prog_get(u32 ufd)

{

{

	return NULL;

}

static inline bool unprivileged_ebpf_enabled(void)

{

	return false;

}

#endif /* CONFIG_BPF_SYSCALL */

void __bpf_free_used_btfs(struct bpf_prog_aux *aux,

	return ret;

}

void __weak unpriv_ebpf_notify(int new_state)

{

}

static int bpf_unpriv_handler(struct ctl_table *table, int write,

			      void *buffer, size_t *lenp, loff_t *ppos)

{

			return -EPERM;

		*(int *)table->data = unpriv_enable;

	}

	unpriv_ebpf_notify(unpriv_enable);

	return ret;

}

#endif /* CONFIG_BPF_SYSCALL && CONFIG_SYSCTL */