1 // SPDX-License-Identifier: GPL-2.0-only
4 #include <linux/device.h>
6 #include <asm/spectre.h>
8 static bool _unprivileged_ebpf_enabled(void)
10 #ifdef CONFIG_BPF_SYSCALL
11 return !sysctl_unprivileged_bpf_disabled;
17 ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
20 return sprintf(buf, "Mitigation: __user pointer sanitization\n");
23 static unsigned int spectre_v2_state;
24 static unsigned int spectre_v2_methods;
26 void spectre_v2_update_state(unsigned int state, unsigned int method)
28 if (state > spectre_v2_state)
29 spectre_v2_state = state;
30 spectre_v2_methods |= method;
33 ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
38 if (spectre_v2_state == SPECTRE_UNAFFECTED)
39 return sprintf(buf, "%s\n", "Not affected");
41 if (spectre_v2_state != SPECTRE_MITIGATED)
42 return sprintf(buf, "%s\n", "Vulnerable");
44 if (_unprivileged_ebpf_enabled())
45 return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");
47 switch (spectre_v2_methods) {
48 case SPECTRE_V2_METHOD_BPIALL:
49 method = "Branch predictor hardening";
52 case SPECTRE_V2_METHOD_ICIALLU:
53 method = "I-cache invalidation";
56 case SPECTRE_V2_METHOD_SMC:
57 case SPECTRE_V2_METHOD_HVC:
58 method = "Firmware call";
61 case SPECTRE_V2_METHOD_LOOP8:
62 method = "History overwrite";
66 method = "Multiple mitigations";
70 return sprintf(buf, "Mitigation: %s\n", method);