arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting

stable inclusion from stable-v5.10.105 commit b65b87e718c33caa46d5246d8fbeda895aa9cf5b category: bugfix bugzilla: 186460 https://gitee.com/src-openeuler/kernel/issues/I53MHA CVE: CVE-2022-23960 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b65b87e718c3 -------------------------------- commit 58c9a506 upstream. The mitigations for Spectre-BHB are only applied when an exception is taken from user-space. The mitigation status is reported via the spectre_v2 sysfs vulnerabilities file. When unprivileged eBPF is enabled the mitigation in the exception vectors can be avoided by an eBPF program. When unprivileged eBPF is enabled, print a warning and report vulnerable via the sysfs vulnerabilities file. Acked-by: N Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: N James Morse <james.morse@arm.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Chen Jiahao <chenjiahao16@huawei.com> Reviewed-by: N Liao Chang <liaochang1@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting
stable inclusion from stable-v5.10.105 commit b65b87e718c33caa46d5246d8fbeda895aa9cf5b category: bugfix bugzilla: 186460 https://gitee.com/src-openeuler/kernel/issues/I53MHA CVE: CVE-2022-23960 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b65b87e718c3 -------------------------------- commit 58c9a506 upstream. The mitigations for Spectre-BHB are only applied when an exception is taken from user-space. The mitigation status is reported via the spectre_v2 sysfs vulnerabilities file. When unprivileged eBPF is enabled the mitigation in the exception vectors can be avoided by an eBPF program. When unprivileged eBPF is enabled, print a warning and report vulnerable via the sysfs vulnerabilities file. Acked-by: N Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: N James Morse <james.morse@arm.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Chen Jiahao <chenjiahao16@huawei.com> Reviewed-by: N Liao Chang <liaochang1@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
082ba1be · James Morse · Zheng Zengkai · 310712f9 · 082ba1be
隐藏空白更改
内联并排

Showing with 26 addition and 0 deletion

arch/arm64/kernel/proton-pack.c arch/arm64/kernel/proton-pack.c +26 -0

未找到文件。
--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -18,6 +18,7 @@
 */

 #include <linux/arm-smccc.h>
+#include <linux/bpf.h>
 #include <linux/cpu.h>
 #include <linux/device.h>
 #include <linux/nospec.h>
@@ -110,6 +111,15 @@ static const char *get_bhb_affected_string(enum mitigation_state bhb_state)
 	}
 }

+static bool _unprivileged_ebpf_enabled(void)
+{
+#ifdef CONFIG_BPF_SYSCALL
+	return !sysctl_unprivileged_bpf_disabled;
+#else
+	return false;
+#endif
+}
+
 ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
 			    char *buf)
 {
@@ -129,6 +139,9 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
 		v2_str = "CSV2";
 		fallthrough;
 	case SPECTRE_MITIGATED:
+		if (bhb_state == SPECTRE_MITIGATED && _unprivileged_ebpf_enabled())
+			return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");
+
 		return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str);
 	case SPECTRE_VULNERABLE:
 		fallthrough;
@@ -1105,3 +1118,16 @@ void noinstr spectre_bhb_patch_loop_iter(struct alt_instr *alt,
 					 AARCH64_INSN_MOVEWIDE_ZERO);
 	*updptr++ = cpu_to_le32(insn);
 }
+
+#ifdef CONFIG_BPF_SYSCALL
+#define EBPF_WARN "Unprivileged eBPF is enabled, data leaks possible via Spectre v2 BHB attacks!\n"
+void unpriv_ebpf_notify(int new_state)
+{
+	if (spectre_v2_state == SPECTRE_VULNERABLE ||
+	    spectre_bhb_state != SPECTRE_MITIGATED)
+		return;
+
+	if (!new_state)
+		pr_err("WARNING: %s", EBPF_WARN);
+}
+#endif