diff mbox series

[SRU,Xenial,v2,3/3] UBUNTU: SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT

Message ID 20180910150348.7542-4-kleber.souza@canonical.com
State New
Headers show
Series Follow-up fixes for CVE-2017-5715 (Spectre v2) for s390x | expand

Commit Message

Kleber Sacilotto de Souza Sept. 10, 2018, 3:03 p.m. UTC 
From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

git commit e1cf4befa297b149149f633eff746593e400c030
"bpf, s390x: remove ld_abs/ld_ind"
removed the code that generated the indirect branch "basr %b5,%w1"
from the BPF JIT. Older versions of the BPF which still have support
for LD_ABS/LD_IND need a patch to add the execute trampoline for
this branch instruction.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
---
 arch/s390/net/bpf_jit_comp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index 2d3ba0acc592..5683d9c13b63 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -1277,8 +1277,13 @@  call_fn:
 			/* agfr %b2,%src (%src is s32 here) */
 			EMIT4(0xb9180000, BPF_REG_2, src_reg);
 
-		/* basr %b5,%w1 (%b5 is call saved) */
-		EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) {
+			/* brasl %r5,__s390_indirect_jump_r1 */
+			EMIT6_PCREL_RILB(0xc0050000, BPF_REG_5, jit->r1_thunk_ip);
+		} else {
+			/* basr %b5,%w1 (%b5 is call saved) */
+			EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		}
 
 		/*
 		 * Note: For fast access we jump directly after the