From patchwork Mon Sep 10 14:26:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kleber Sacilotto de Souza X-Patchwork-Id: 968079 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4289Mb6kVtz9s4s; Tue, 11 Sep 2018 00:26:19 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fzN8n-00024p-Cx; Mon, 10 Sep 2018 14:26:13 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fzN8l-00023y-Kc for kernel-team@lists.ubuntu.com; Mon, 10 Sep 2018 14:26:11 +0000 Received: from mail-wm0-f72.google.com ([74.125.82.72]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fzN8l-0003xB-DC for kernel-team@lists.ubuntu.com; Mon, 10 Sep 2018 14:26:11 +0000 Received: by mail-wm0-f72.google.com with SMTP id z23-v6so14550421wma.2 for ; Mon, 10 Sep 2018 07:26:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=xizfHWRROKAsMFYtN/VMS8Xcxpaw7Ux+asX3H6ZmXFw=; b=slHakv3iG11RMlMvnukS8WOEbn+te51esqrUzSClT1VzXUFKvrWQI1owfbbSqNq01V viFlnSJbSCvQ+jRddZEMetK2GlaV538r6lOO1/zUHZ3qA2KtWlJubBbOpkintyGCUCuc M4UA75aZh0/JYuCzfHLZgLRDzLJrVHF1xH041ZeSqAWk5kLlYf4+by7ILvlndhxcX1Le THH/GXqU8tbZbVdF2recmPOVdOL//MLFfs2dotvjXoTI0aEsBNlcbnYHE7J/6rsBaFkO GIGPaYhybjomwLaca7MrBX7GixvyQmyIe2FhrnZZdVSWDf/JD8VP/jgBc7Q2w5TwwCQy +R7Q== X-Gm-Message-State: APzg51DgooH1LFQlXZjkEetMDBZ2iM/Y8FkWEXFjkRN3EXD0mK7OyHYC Y5MPxiHmGUAbpzd9ZgGn5G3jvIILwAXx3HIfsoUD68rEIoplCZ3aJkCNU6rbHtmCwx6w22wGOqX YHJqsgspLiFCbKT9M1uOCZZtHclRs9yksbbOOVBDWIA== X-Received: by 2002:a1c:64d5:: with SMTP id y204-v6mr988111wmb.14.1536589570707; Mon, 10 Sep 2018 07:26:10 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaEsJiU+Zg61HsOCV06RpO30zqyvsf75Jc9by8EaZtHRjRfMBonll+6BIQS+V/+V8fDehdOIA== X-Received: by 2002:a1c:64d5:: with SMTP id y204-v6mr988092wmb.14.1536589570421; Mon, 10 Sep 2018 07:26:10 -0700 (PDT) Received: from localhost ([2a02:8109:98c0:1604:34b0:1c10:9745:7766]) by smtp.gmail.com with ESMTPSA id l18-v6sm20176088wru.75.2018.09.10.07.26.09 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 10 Sep 2018 07:26:09 -0700 (PDT) From: Kleber Sacilotto de Souza To: kernel-team@lists.ubuntu.com Subject: [SRU][Xenial][Patch 1/3] s390: detect etoken facility Date: Mon, 10 Sep 2018 16:26:04 +0200 Message-Id: <20180910142606.4927-2-kleber.souza@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180910142606.4927-1-kleber.souza@canonical.com> References: <20180910142606.4927-1-kleber.souza@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Martin Schwidefsky CVE-2017-5715 (Spectre v2 s390x) Detect and report the etoken facility. With spectre_v2=auto or CONFIG_EXPOLINE_AUTO=y automatically disable expolines and use the full branch prediction mode for the kernel. Signed-off-by: Martin Schwidefsky (cherry picked from commit aeaf7002a76c8da60c0f503badcbddc07650678c) Signed-off-by: Kleber Sacilotto de Souza --- arch/s390/kernel/nospec-branch.c | 12 +++++++++++- arch/s390/kernel/nospec-sysfs.c | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index d5eed651b5ab..acc9957a59d9 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -36,6 +36,8 @@ early_param("nospec", nospec_setup_early); static int __init nospec_report(void) { + if (test_facility(156)) + pr_info("Spectre V2 mitigation: etokens\n"); if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) pr_info("Spectre V2 mitigation: execute trampolines.\n"); if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) @@ -57,7 +59,15 @@ early_param("nospectre_v2", nospectre_v2_setup_early); void __init nospec_auto_detect(void) { - if (IS_ENABLED(CC_USING_EXPOLINE)) { + if (test_facility(156)) { + /* + * The machine supports etokens. + * Disable expolines and disable nobp. + */ + if (IS_ENABLED(CC_USING_EXPOLINE)) + nospec_disable = 1; + __clear_facility(82, S390_lowcore.alt_stfle_fac_list); + } else if (IS_ENABLED(CC_USING_EXPOLINE)) { /* * The kernel has been compiled with expolines. * Keep expolines enabled and disable nobp. diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c index 8affad5f18cb..e30e580ae362 100644 --- a/arch/s390/kernel/nospec-sysfs.c +++ b/arch/s390/kernel/nospec-sysfs.c @@ -13,6 +13,8 @@ ssize_t cpu_show_spectre_v1(struct device *dev, ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { + if (test_facility(156)) + return sprintf(buf, "Mitigation: etokens\n"); if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) return sprintf(buf, "Mitigation: execute trampolines\n"); if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))