arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs

A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. Signed-off-by: James Morse <james.morse@arm.com> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net>
author: James Morse <james.morse@arm.com> 2021-12-09 15:13:24 +0000
committer: James Morse <james.morse@arm.com> 2025-05-08 15:28:35 +0100
commit: 0dfefc2ea2f29ced2416017d7e5b1253a54c2735 (patch)
tree: 46fac081ffc5f13e4c0560e4f17a694296d420cf /arch/arm64/kernel
parent: a1152be30a043d2d4dcb1683415f328bf3c51978 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
index 3154094a9e33..4459b613077e 100644
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -1021,7 +1021,7 @@ static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot)
 	isb();
 }
 
-static bool __read_mostly __nospectre_bhb;
+bool __read_mostly __nospectre_bhb;
 static int __init parse_spectre_bhb_param(char *str)
 {
 	__nospectre_bhb = true;
author	James Morse <james.morse@arm.com>	2021-12-09 15:13:24 +0000
committer	James Morse <james.morse@arm.com>	2025-05-08 15:28:35 +0100
commit	0dfefc2ea2f29ced2416017d7e5b1253a54c2735 (patch)
tree	46fac081ffc5f13e4c0560e4f17a694296d420cf /arch/arm64/kernel
parent	a1152be30a043d2d4dcb1683415f328bf3c51978 (diff)