From patchwork Mon Sep 10 14:26:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kleber Sacilotto de Souza X-Patchwork-Id: 968081 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4289Mh1qP4z9s4s; Tue, 11 Sep 2018 00:26:24 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fzN8r-00027O-Lm; Mon, 10 Sep 2018 14:26:17 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fzN8q-00026j-GG for kernel-team@lists.ubuntu.com; Mon, 10 Sep 2018 14:26:16 +0000 Received: from mail-wm0-f69.google.com ([74.125.82.69]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fzN8q-0003yU-2q for kernel-team@lists.ubuntu.com; Mon, 10 Sep 2018 14:26:16 +0000 Received: by mail-wm0-f69.google.com with SMTP id c14-v6so14317995wmb.2 for ; Mon, 10 Sep 2018 07:26:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=PwEK8ESLDk2VGphtFWSmhsApaZ+kByL0+f25xXCRuOU=; b=iklh3t+EnPF3C1KwaElQlhJXhTny+x7cih8BBhFYKlhmPJZdk/0Y2Kqhr3MEuaKmYI JzMy6ahAmwA01pPtRt9n+5dD4BlMRaqbYHckryUgFzWzHwqKZZFuEGKOcRcaJIGvJrRW 5YIHfLQCj6/YRr9VZzgEjZuWq1RaxRW1xb2EDRSb3rYZ9mBwR54yl8CDOpoSMagJT864 83yumTV321Bt3E61FC6cjQTFLyDwUtAEHRrDWoWeV4WIV1o0lNCWzs1d6xs/QZJnzsQk 56lIOtMjMNv/MxRP6wx+UTFz7O89wVVdTvEuYGRIrcBl79iS+j8qWerITgP8OSFu0uES 51Lw== X-Gm-Message-State: APzg51BQfdf2zwZ6viEKCnVeMLp9SomD1nNmooRXSEkTJepJqxwVDm9f XNELoFXk7FgYkDiTmcYwzHwOEGNSr/lUryMepl1nBfRYYOv76rh9Hl44Ko7uN3YlX0bQ8YbdL70 6y/WnFPmE3PhJ5G33pt8ucS0N4xzs/YpD+fDLrTdRbQ== X-Received: by 2002:adf:c454:: with SMTP id a20-v6mr14756105wrg.20.1536589575408; Mon, 10 Sep 2018 07:26:15 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdas+5koP4oUPG5w0HzwZoZs+9FQe/jEJ3F8U4S24Hn5zr3xpzSDXE1zonRFFxq6CsbD4n2Lfg== X-Received: by 2002:adf:c454:: with SMTP id a20-v6mr14756083wrg.20.1536589575153; Mon, 10 Sep 2018 07:26:15 -0700 (PDT) Received: from localhost ([2a02:8109:98c0:1604:34b0:1c10:9745:7766]) by smtp.gmail.com with ESMTPSA id 14-v6sm28121120wmp.32.2018.09.10.07.26.13 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 10 Sep 2018 07:26:14 -0700 (PDT) From: Kleber Sacilotto de Souza To: kernel-team@lists.ubuntu.com Subject: [SRU][Xenial][Patch 3/3] UBUNTU: SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT Date: Mon, 10 Sep 2018 16:26:06 +0200 Message-Id: <20180910142606.4927-4-kleber.souza@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180910142606.4927-1-kleber.souza@canonical.com> References: <20180910142606.4927-1-kleber.souza@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Martin Schwidefsky CVE-2017-5715 (Spectre v2 s390x) git commit e1cf4befa297b149149f633eff746593e400c030 "bpf, s390x: remove ld_abs/ld_ind" removed the code that generated the indirect branch "basr %b5,%w1" from the BPF JIT. Older versions of the BPF which still have support for LD_ABS/LD_IND need a patch to add the execute trampoline for this branch instruction. Signed-off-by: Martin Schwidefsky Signed-off-by: Kleber Sacilotto de Souza --- arch/s390/net/bpf_jit_comp.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 2d3ba0acc592..5683d9c13b63 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -1277,8 +1277,13 @@ call_fn: /* agfr %b2,%src (%src is s32 here) */ EMIT4(0xb9180000, BPF_REG_2, src_reg); - /* basr %b5,%w1 (%b5 is call saved) */ - EMIT2(0x0d00, BPF_REG_5, REG_W1); + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) { + /* brasl %r5,__s390_indirect_jump_r1 */ + EMIT6_PCREL_RILB(0xc0050000, BPF_REG_5, jit->r1_thunk_ip); + } else { + /* basr %b5,%w1 (%b5 is call saved) */ + EMIT2(0x0d00, BPF_REG_5, REG_W1); + } /* * Note: For fast access we jump directly after the