Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp576099pxp; Wed, 9 Mar 2022 08:27:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJzMGHJDIbZfxd7MaVKSwL1sW48iR6HrxII28DNqobU408+jneMSmEGQnFZ8MWrYdXaKFXYA X-Received: by 2002:a17:906:9754:b0:6da:7d72:1353 with SMTP id o20-20020a170906975400b006da7d721353mr500955ejy.273.1646843226557; Wed, 09 Mar 2022 08:27:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646843226; cv=none; d=google.com; s=arc-20160816; b=zzoCXiSth0N1UyjaRzNP8bPaGNqF3MpN1AlvoAjJ6yJQceil8ScHVseKHtCVXevYRx RkWcqsCD8NPqM04uycWuMWHZr2/5oMx/6xqgOX8s8pRibhHLHtemW3y3z74eJt651kw1 xEmesOgKUR/Bf7PYhH5qJE5R7JBrpU+UYR/ouhx6aHLiwJVNXs4/zv5u3tF+OjW4QEeK nLWcjaHT6Gy/pv1A/dSBBc0sFL92zx11GNDWgiMyq+TrrXvwjCsMLbxzGuEaOLjE+Fl1 EpQxMNfY3d0Y93AfZ5NlSGfN08Z9WjgU0u8sZBBIKEfswnm+1Koq3aLSGvluJHP1VNd4 aXow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=q/rA8NrHkKl6u9EPnFVwANqg4RCcGNlWtxm+eX12Z6U=; b=Kn2p57R0YUsCGjriQ7CcbqFujrCHlz2mFJkrNk+qFbmEz7mC9PXGrEq0dG0Fa0NHm9 s0oHnOlkBSBdi9h8VJYHIet+q6m2S1mqBuyNe0o2HfaeeGls24vHikSlXDkeDGuGfPmd mpxY4+g2S8EIONj1iOuPosdT6tUOhLC1SSJMYNxrNIJA8495KOB5db+YJs6qn32LWBze rtJEfNh9dCDRxcSifD2GH9WkxGl01O4E5h01IUcR52rv/dNoMzoJC5oiXpPtlGKwsiGq 1FeO44dGhVQwb/fo3lakioPcRTkodqZeWq0FQWY6mmYrCVcXY7CBbe6tdFeKRk5XZ8x7 Mcmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jSDJ0leG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e20-20020aa7d7d4000000b00415f18b8e50si1522758eds.123.2022.03.09.08.26.42; Wed, 09 Mar 2022 08:27:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=jSDJ0leG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234234AbiCIQCx (ORCPT + 99 others); Wed, 9 Mar 2022 11:02:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231624AbiCIQCf (ORCPT ); Wed, 9 Mar 2022 11:02:35 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D900517F6B4; Wed, 9 Mar 2022 08:01:34 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 79C51B8222B; Wed, 9 Mar 2022 16:01:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D8B42C36AF4; Wed, 9 Mar 2022 16:01:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1646841692; bh=YYTxn4Nwrg6CuOgCloYwoSlfT43YKOmCi0fRD30gcL8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jSDJ0leGK7meEE3SaqsGoaaUXgDG08EONKEBD60fkG9acHiU1FZBBReYjuY+A+tM3 5AUzPnpr++08pd2HBJbJ+vPvCMjs6WxC6vysi6F6GsiKmJqH+3SZJw8Q5fLC00tUTW Bp4R+Fg7C+t5B12NO0tIekHzqE2RAvSbp3Y6/hT8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Russell King (Oracle)" Subject: [PATCH 4.9 23/24] ARM: include unprivileged BPF status in Spectre V2 reporting Date: Wed, 9 Mar 2022 16:59:36 +0100 Message-Id: <20220309155856.981196235@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220309155856.295480966@linuxfoundation.org> References: <20220309155856.295480966@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Russell King (Oracle) commit 25875aa71dfefd1959f07e626c4d285b88b27ac2 upstream. The mitigations for Spectre-BHB are only applied when an exception is taken, but when unprivileged BPF is enabled, userspace can load BPF programs that can be used to exploit the problem. When unprivileged BPF is enabled, report the vulnerable status via the spectre_v2 sysfs file. Signed-off-by: Russell King (Oracle) Signed-off-by: Greg Kroah-Hartman --- arch/arm/kernel/spectre.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/arch/arm/kernel/spectre.c +++ b/arch/arm/kernel/spectre.c @@ -1,9 +1,19 @@ // SPDX-License-Identifier: GPL-2.0-only +#include #include #include #include +static bool _unprivileged_ebpf_enabled(void) +{ +#ifdef CONFIG_BPF_SYSCALL + return !sysctl_unprivileged_bpf_disabled; +#else + return false +#endif +} + ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) { @@ -31,6 +41,9 @@ ssize_t cpu_show_spectre_v2(struct devic if (spectre_v2_state != SPECTRE_MITIGATED) return sprintf(buf, "%s\n", "Vulnerable"); + if (_unprivileged_ebpf_enabled()) + return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n"); + switch (spectre_v2_methods) { case SPECTRE_V2_METHOD_BPIALL: method = "Branch predictor hardening";