From b6596f8311d9a69b88e935b0bc2fb0a380a11b54 Mon Sep 17 00:00:00 2001 From: Jinqian Yang Date: Wed, 10 Dec 2025 15:20:33 +0800 Subject: [PATCH 1/2] arm64: Add support for TSV110 Spectre-BHB mitigation virt inclusion category: other bugzilla: https://gitee.com/openeuler/kernel/issues/IDC3UF ------------------------------------------------------------------------ The TSV110 processor is vulnerable to the Spectre-BHB (Branch History Buffer) attack, which can be exploited to leak information through branch prediction side channels. This commit adds the MIDR of TSV110 to the list for software mitigation. Signed-off-by: Jinqian Yang --- arch/arm64/kernel/proton-pack.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index 22e5e23438af..c8e13f196899 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -896,6 +896,7 @@ static u8 spectre_bhb_loop_affected(void) MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), + MIDR_ALL_VERSIONS(MIDR_HISI_TSV110), {}, }; static const struct midr_range spectre_bhb_k24_list[] = { -- Gitee From d4d93282ff1a43d036a0a49c96d4e05267a084a8 Mon Sep 17 00:00:00 2001 From: Jinqian Yang Date: Wed, 10 Dec 2025 15:20:34 +0800 Subject: [PATCH 2/2] config: Disable unprivileged BPF syscall by default virt inclusion category: other bugzilla: https://gitee.com/openeuler/kernel/issues/IDC3UF ------------------------------------------------------------------------ The presence of unprivileged BPF facilitates the exploitation of hardware vulnerabilities such as Spectre-BHB. Therefore, unprivileged BPF is disabled by default. Signed-off-by: Jinqian Yang --- arch/arm64/configs/openeuler_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index d4237341e76d..37925fe351db 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -85,7 +85,7 @@ CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y -# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set +CONFIG_BPF_UNPRIV_DEFAULT_OFF=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_LSM=y CONFIG_BPF_SCHED=y -- Gitee