0001
0002 #include <linux/bpf.h>
0003 #include <linux/cpu.h>
0004 #include <linux/device.h>
0005
0006 #include <asm/spectre.h>
0007
0008 static bool _unprivileged_ebpf_enabled(void)
0009 {
0010 #ifdef CONFIG_BPF_SYSCALL
0011 return !sysctl_unprivileged_bpf_disabled;
0012 #else
0013 return false;
0014 #endif
0015 }
0016
0017 ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
0018 char *buf)
0019 {
0020 return sprintf(buf, "Mitigation: __user pointer sanitization\n");
0021 }
0022
0023 static unsigned int spectre_v2_state;
0024 static unsigned int spectre_v2_methods;
0025
0026 void spectre_v2_update_state(unsigned int state, unsigned int method)
0027 {
0028 if (state > spectre_v2_state)
0029 spectre_v2_state = state;
0030 spectre_v2_methods |= method;
0031 }
0032
0033 ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
0034 char *buf)
0035 {
0036 const char *method;
0037
0038 if (spectre_v2_state == SPECTRE_UNAFFECTED)
0039 return sprintf(buf, "%s\n", "Not affected");
0040
0041 if (spectre_v2_state != SPECTRE_MITIGATED)
0042 return sprintf(buf, "%s\n", "Vulnerable");
0043
0044 if (_unprivileged_ebpf_enabled())
0045 return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");
0046
0047 switch (spectre_v2_methods) {
0048 case SPECTRE_V2_METHOD_BPIALL:
0049 method = "Branch predictor hardening";
0050 break;
0051
0052 case SPECTRE_V2_METHOD_ICIALLU:
0053 method = "I-cache invalidation";
0054 break;
0055
0056 case SPECTRE_V2_METHOD_SMC:
0057 case SPECTRE_V2_METHOD_HVC:
0058 method = "Firmware call";
0059 break;
0060
0061 case SPECTRE_V2_METHOD_LOOP8:
0062 method = "History overwrite";
0063 break;
0064
0065 default:
0066 method = "Multiple mitigations";
0067 break;
0068 }
0069
0070 return sprintf(buf, "Mitigation: %s\n", method);
0071 }
