diff mbox series

[SRU,Xenial,2/3] s390/lib: use expoline for all bcr instructions

Message ID 20180910142606.4927-3-kleber.souza@canonical.com
State New
Headers show
Series Follow-up fixes for CVE-2017-5715 (Spectre v2) for s390x | expand

Commit Message

Kleber Sacilotto de Souza Sept. 10, 2018, 2:26 p.m. UTC 
From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

The memove, memset, memcpy, __memset16, __memset32 and __memset64
function have an additional indirect return branch in form of a
"bzr" instruction. These need to use expolines as well.

Cc: <stable@vger.kernel.org> # v4.17+
Fixes: 97489e0663 ("s390/lib: use expoline for indirect branches")
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(backported from commit 5eda25b10297684c1f46a14199ec00210f3c346e)
[ kleber: memove, __memset16, __memset32 and __memset64 are not
  implemented on 4.4 kernel ]
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
---
 arch/s390/lib/mem.S | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S
index 16c5998b9792..1b7ca2de3af1 100644
--- a/arch/s390/lib/mem.S
+++ b/arch/s390/lib/mem.S
@@ -26,7 +26,7 @@ 
  */
 ENTRY(memset)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.Lmemset_exit
 	ltgr	%r3,%r3
 	jnz	.Lmemset_fill
 	aghi	%r4,-1
@@ -41,6 +41,7 @@  ENTRY(memset)
 .Lmemset_clear_rest:
 	larl	%r3,.Lmemset_xc
 	ex	%r4,0(%r3)
+.Lmemset_exit:
 	BR_EX	%r14
 .Lmemset_fill:
 	stc	%r3,0(%r2)
@@ -71,7 +72,7 @@  ENTRY(memset)
  */
 ENTRY(memcpy)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.Lmemcpy_exit
 	aghi	%r4,-1
 	srlg	%r5,%r4,8
 	ltgr	%r5,%r5
@@ -80,6 +81,7 @@  ENTRY(memcpy)
 .Lmemcpy_rest:
 	larl	%r5,.Lmemcpy_mvc
 	ex	%r4,0(%r5)
+.Lmemcpy_exit:
 	BR_EX	%r14
 .Lmemcpy_loop:
 	mvc	0(256,%r1),0(%r3)