arm64 Spectre-BHB mitigations based on v5.17-rc3
 - Make EL1 vectors per-cpu
 - Add mitigation sequences to the EL1 and EL2 vectors on vulnerble CPUs
 - Implement ARCH_WORKAROUND_3 for KVM guests
 - Report Vulnerable when unprivileged eBPF is enabled
arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting

The mitigations for Spectre-BHB are only applied when an exception is
taken from user-space. The mitigation status is reported via the spectre_v2
sysfs vulnerabilities file.

When unprivileged eBPF is enabled the mitigation in the exception vectors
can be avoided by an eBPF program.

When unprivileged eBPF is enabled, print a warning and report vulnerable
via the sysfs vulnerabilities file.

Acked-by: Catalin Marinas <>
Signed-off-by: James Morse <>
1 file changed