From patchwork Mon Sep 10 15:03:48 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
X-Patchwork-Id: 968099
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 428BC95Mhjz9s3C;
	Tue, 11 Sep 2018 01:04:05 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fzNjL-00058F-3z; Mon, 10 Sep 2018 15:03:59 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <kleber.souza@canonical.com>)
	id 1fzNjJ-00057Q-H9
	for kernel-team@lists.ubuntu.com; Mon, 10 Sep 2018 15:03:57 +0000
Received: from mail-wm0-f70.google.com ([74.125.82.70])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <kleber.souza@canonical.com>)
	id 1fzNjJ-0008G7-8Q
	for kernel-team@lists.ubuntu.com; Mon, 10 Sep 2018 15:03:57 +0000
Received: by mail-wm0-f70.google.com with SMTP id v24-v6so14355650wmh.5
	for <kernel-team@lists.ubuntu.com>;
	Mon, 10 Sep 2018 08:03:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=PwEK8ESLDk2VGphtFWSmhsApaZ+kByL0+f25xXCRuOU=;
	b=c8FbpXZwZYNtjuOxK+JXq0QJm2eMr3A1jE6BwQcEOCmetLM8RHlCaOGi2UV4PsYnBf
	5mxdp3nT8nH0Cou45EoOrK1QYftK+Y8VVrB4Y1UPUANt+upyGALO7bKghvNg/Owb1Vof
	qvypC/Pgx7Y8YA6ym+rK5v+iO77uhjBHkBDaiSxlSrJi7Aey1z1pzhvEAYmDDrSwG/mE
	ED8Qx4njMQC7BFRsQs2GMzeYviqEFqdOE3TzoKruGwwI7/mXJ4eE/U/XATdM7Ek5T8yW
	J58NfYkOWh7GSTC31hYrv4zCkLDKTs76e+QIZiHZN+E/KqEyakQUxkPmxoTzeXn3uLTA
	Rt/Q==
X-Gm-Message-State: APzg51DSNfE8fEY+IKjHoeJPQaAqxnQRuSHMIQeDXf29N9qU9vwKHt35
	wb6j2EgWQ5CEihwYaosqds08GLJ+ApkX2UEmR55KlXHIdZrfZebreFFCSAmVHZgL7yW0GfhtuUl
	MKl3fAxqmlVvHID+C5fpn0RsQyuxb4lEW9IR6MCVXdw==
X-Received: by 2002:a5d:4684:: with SMTP id
	u4-v6mr16111411wrq.76.1536591836590;
	Mon, 10 Sep 2018 08:03:56 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdbhnznYPP6EJ3tTCr7MBgCTMePVc3Sz6eCbncBoKCvMlyCVrnhtDSIRVPhDe7avkkzt/SwcMQ==
X-Received: by 2002:a5d:4684:: with SMTP id
	u4-v6mr16111392wrq.76.1536591836320;
	Mon, 10 Sep 2018 08:03:56 -0700 (PDT)
Received: from localhost ([2a02:8109:98c0:1604:34b0:1c10:9745:7766])
	by smtp.gmail.com with ESMTPSA id
	s131-v6sm18730406wmf.2.2018.09.10.08.03.54
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 10 Sep 2018 08:03:55 -0700 (PDT)
From: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Xenial][Patch v2 3/3] UBUNTU: SAUCE: s390: use expoline thunks
	for all branches generated by the BPF JIT
Date: Mon, 10 Sep 2018 17:03:48 +0200
Message-Id: <20180910150348.7542-4-kleber.souza@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180910150348.7542-1-kleber.souza@canonical.com>
References: <20180910150348.7542-1-kleber.souza@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

git commit e1cf4befa297b149149f633eff746593e400c030
"bpf, s390x: remove ld_abs/ld_ind"
removed the code that generated the indirect branch "basr %b5,%w1"
from the BPF JIT. Older versions of the BPF which still have support
for LD_ABS/LD_IND need a patch to add the execute trampoline for
this branch instruction.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
---
 arch/s390/net/bpf_jit_comp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index 2d3ba0acc592..5683d9c13b63 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -1277,8 +1277,13 @@ call_fn:
 			/* agfr %b2,%src (%src is s32 here) */
 			EMIT4(0xb9180000, BPF_REG_2, src_reg);
 
-		/* basr %b5,%w1 (%b5 is call saved) */
-		EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) {
+			/* brasl %r5,__s390_indirect_jump_r1 */
+			EMIT6_PCREL_RILB(0xc0050000, BPF_REG_5, jit->r1_thunk_ip);
+		} else {
+			/* basr %b5,%w1 (%b5 is call saved) */
+			EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		}
 
 		/*
 		 * Note: For fast access we jump directly after the