x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting

With unprivileged eBPF enabled, eIBRS (without retpoline) is vulnerable to Spectre v2 BHB-based attacks. When both are enabled, print a warning message and report it in the 'spectre_v2' sysfs vulnerabilities file. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
author: Josh Poimboeuf <jpoimboe@redhat.com> 2022-02-18 11:49:08 -0800
committer: Borislav Petkov <bp@suse.de> 2022-02-21 10:21:47 +0100
commit: 44a3918c8245ab10c6c9719dd12e7a8d291980d8 (patch)
tree: 1dacbf59f0672a0cfeea601cf1b338d9ed74bc80 /include/linux/bpf.h
parent: 5ad3eb1132453b9795ce5fd4572b1c18b292cca9 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index fa517ae604ad..1f56806d8eb9 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1793,6 +1793,11 @@ struct bpf_core_ctx {
 int bpf_core_apply(struct bpf_core_ctx *ctx, const struct bpf_core_relo *relo,
 		   int relo_idx, void *insn);
 
+static inline bool unprivileged_ebpf_enabled(void)
+{
+	return !sysctl_unprivileged_bpf_disabled;
+}
+
 #else /* !CONFIG_BPF_SYSCALL */
 static inline struct bpf_prog *bpf_prog_get(u32 ufd)
 {
@@ -2012,6 +2017,12 @@ bpf_jit_find_kfunc_model(const struct bpf_prog *prog,
 {
 	return NULL;
 }
+
+static inline bool unprivileged_ebpf_enabled(void)
+{
+	return false;
+}
+
 #endif /* CONFIG_BPF_SYSCALL */
 
 void __bpf_free_used_btfs(struct bpf_prog_aux *aux,
author	Josh Poimboeuf <jpoimboe@redhat.com>	2022-02-18 11:49:08 -0800
committer	Borislav Petkov <bp@suse.de>	2022-02-21 10:21:47 +0100
commit	44a3918c8245ab10c6c9719dd12e7a8d291980d8 (patch)
tree	1dacbf59f0672a0cfeea601cf1b338d9ed74bc80 /include/linux/bpf.h
parent	5ad3eb1132453b9795ce5fd4572b1c18b292cca9 (diff)