From patchwork Wed Sep 5 03:52:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khalid Elmously X-Patchwork-Id: 966210 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 424qY041S3z9sCf; Wed, 5 Sep 2018 13:52:52 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fxOs2-0001A0-3G; Wed, 05 Sep 2018 03:52:46 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fxOs0-00019X-6g for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:44 +0000 Received: from mail-io0-f199.google.com ([209.85.223.199]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fxOrz-0001R2-Rx for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:43 +0000 Received: by mail-io0-f199.google.com with SMTP id o18-v6so5642016ioh.23 for ; Tue, 04 Sep 2018 20:52:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vJsGT98DcehrjXFiSeMvVt4vajIZ0Rp6VMFlkkMkox8=; b=d9/Zx8G1PY40Nj1pcU7GkhsTLoQcxVYG2rYZKXYx7oKaclcK3rwj+Pmk1pXN+mgDzE xnNKpiyNXPWRKL3GTejH/EpjUcaEdlBU1HUrWKK1P2rqHDiuGlNNzNl2esRuPod1HnSJ YtAxxC1AWJpw81D+8O9dvOb1F54O1q6UvsEjO968E5yrt8eqSXL0LPE7LvVl7Olzu5pU pO/0mwB+CdL00/ctyqo7mnv0QQKBYRaaJ9UmgB6jD0E2SEBxghaD5btgQX1/Abcj9oVP jm2v39M2reYThYkt7sKoLUBfwfkuWz33DNNbCH0CnPwtxyO1KBTD2V0M5MNKNjoPy2G4 fW6g== X-Gm-Message-State: APzg51ABMR/7/g0MPmiM1/kLLBBrGTsMu3x7XGGRkpZw3u3AoY6/KSdp gQfTnw9DP3KUkzehFxvZOYfckJun7SPxzc0FLks1QdjIC1PBvEJXs4DsptoXabjHkajL7IQpYwG 9EoywSblXOHRNpFQj2dexFhbIp96M973XSleLz92X8Q== X-Received: by 2002:a6b:3954:: with SMTP id g81-v6mr23697272ioa.225.1536119562408; Tue, 04 Sep 2018 20:52:42 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbNL7qUfz/nxp2FFV5LXqNugsS7kbEKzHhJt3gYyQFztSYW6G048S2uLh4crj0zJ+gDL46TEw== X-Received: by 2002:a6b:3954:: with SMTP id g81-v6mr23697266ioa.225.1536119562204; Tue, 04 Sep 2018 20:52:42 -0700 (PDT) Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca. [23.233.27.24]) by smtp.gmail.com with ESMTPSA id c12-v6sm248689ioq.81.2018.09.04.20.52.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Sep 2018 20:52:40 -0700 (PDT) From: Khalid Elmously To: kernel-team@lists.ubuntu.com Subject: [SRU][Bionic][v2 2/7] s390: detect etoken facility Date: Tue, 4 Sep 2018 23:52:02 -0400 Message-Id: <20180905035207.32559-3-khalid.elmously@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com> References: <20180905035207.32559-1-khalid.elmously@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Martin Schwidefsky CVE-2017-5715 (Spectre v2 s390x) Detect and report the etoken facility. With spectre_v2=auto or CONFIG_EXPOLINE_AUTO=y automatically disable expolines and use the full branch prediction mode for the kernel. Signed-off-by: Martin Schwidefsky (cherry-picked from aeaf7002a76c8da60c0f503badcbddc07650678c) Signed-off-by: Khalid Elmously --- arch/s390/kernel/nospec-branch.c | 12 +++++++++++- arch/s390/kernel/nospec-sysfs.c | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c index 8ad6a7128b3a..555da6e05d7b 100644 --- a/arch/s390/kernel/nospec-branch.c +++ b/arch/s390/kernel/nospec-branch.c @@ -35,6 +35,8 @@ early_param("nospec", nospec_setup_early); static int __init nospec_report(void) { + if (test_facility(156)) + pr_info("Spectre V2 mitigation: etokens\n"); if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) pr_info("Spectre V2 mitigation: execute trampolines.\n"); if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) @@ -56,7 +58,15 @@ early_param("nospectre_v2", nospectre_v2_setup_early); void __init nospec_auto_detect(void) { - if (IS_ENABLED(CC_USING_EXPOLINE)) { + if (test_facility(156)) { + /* + * The machine supports etokens. + * Disable expolines and disable nobp. + */ + if (IS_ENABLED(CC_USING_EXPOLINE)) + nospec_disable = 1; + __clear_facility(82, S390_lowcore.alt_stfle_fac_list); + } else if (IS_ENABLED(CC_USING_EXPOLINE)) { /* * The kernel has been compiled with expolines. * Keep expolines enabled and disable nobp. diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c index 8affad5f18cb..e30e580ae362 100644 --- a/arch/s390/kernel/nospec-sysfs.c +++ b/arch/s390/kernel/nospec-sysfs.c @@ -13,6 +13,8 @@ ssize_t cpu_show_spectre_v1(struct device *dev, ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) { + if (test_facility(156)) + return sprintf(buf, "Mitigation: etokens\n"); if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) return sprintf(buf, "Mitigation: execute trampolines\n"); if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))