Commit afe18b25 authored Apr 27, 2022 by Russell King (Oracle) Committed by Zheng Zengkai Apr 27, 2022

ARM: include unprivileged BPF status in Spectre V2 reporting

stable inclusion
from stable-v5.10.105
commit 302754d023a06171113e8fb20c7b2a18ebf9088f
category: bugfix
bugzilla: 186460 https://gitee.com/src-openeuler/kernel/issues/I53MHA
CVE: CVE-2022-23960

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=302754d023a0



--------------------------------

commit 25875aa7 upstream.

The mitigations for Spectre-BHB are only applied when an exception
is taken, but when unprivileged BPF is enabled, userspace can
load BPF programs that can be used to exploit the problem.

When unprivileged BPF is enabled, report the vulnerable status via
the spectre_v2 sysfs file.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Chen Jiahao <chenjiahao16@huawei.com>
Reviewed-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>

parent a371a70b

arch/arm/kernel/spectre.c

+13 −0

Original line number	Diff line number	Diff line
		// SPDX-License-Identifier: GPL-2.0-only
		#include <linux/bpf.h>
		#include <linux/cpu.h>
		#include <linux/device.h>

		#include <asm/spectre.h>

		static bool _unprivileged_ebpf_enabled(void)
		{
		#ifdef CONFIG_BPF_SYSCALL
		return !sysctl_unprivileged_bpf_disabled;
		#else
		return false;
		#endif
		}

		ssize_t cpu_show_spectre_v1(struct device dev, struct device_attribute attr,
		char *buf)
		{
		@@ -31,6 +41,9 @@ ssize_t cpu_show_spectre_v2(struct device dev, struct device_attribute attr,
		if (spectre_v2_state != SPECTRE_MITIGATED)
		return sprintf(buf, "%s\n", "Vulnerable");

		if (_unprivileged_ebpf_enabled())
		return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");

		switch (spectre_v2_methods) {
		case SPECTRE_V2_METHOD_BPIALL:
		method = "Branch predictor hardening";