From patchwork Wed Sep  5 03:52:01 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966208
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 424qY03PTPz9s7T;
	Wed,  5 Sep 2018 13:52:52 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxOrz-00019Q-VN; Wed, 05 Sep 2018 03:52:43 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOry-000198-Bx
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:42 +0000
Received: from mail-it0-f71.google.com ([209.85.214.71])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOry-0001Qq-1k
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:42 +0000
Received: by mail-it0-f71.google.com with SMTP id k143-v6so6000206ite.5
	for <kernel-team@lists.ubuntu.com>;
	Tue, 04 Sep 2018 20:52:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=FWlXod1nLTIdIAeKuXsqazJgweX52WGQt75xZNcrujA=;
	b=N2BHT1GF2i7sA8Q9TlcpMbWSFHUvBWX6PgIBuFzLfBN/ttCoOqB66i3rAa+JS+1K59
	kTvZ9JkuB6uMA9mIU4wF2OTEhEz0Sdj8uhQ2qzFUUEf/Iot72TfCzccba3xQxrqh6hVa
	7EWPqrRnWjp3JItFlbUQUB/hJvtaLtDcp06amKb2tChXQ5BK2pb30VoUa1Ffl3EqJ4Yq
	q+Ay6tqI1ENHRl7am6m4K7d/1hhI/PS6DV/Qh9UFZMeNiJx1/DZ6EXy8iB4p/VvBUxkw
	tlNDcSErWSXpA3+/mCc4LddrRX1Mmo8NOXZrfQWvRBE8ye8IC/t3LY2J6KDXXLxtDgXU
	E/XQ==
X-Gm-Message-State: APzg51Dx2XytsYD5b8+gD1jBamOg4T0lobd25rYPWpJdnzyloeqPzbOE
	bvwRpDxLNAFMS9aMoLQgj9nrB5hvShx4jceLpNfWrlO3ZTSNDjHbePJryPC/VHZurH4yVJgPb/u
	kfxj5UKq3IAKpmLsfSxvzp6bQhAu1jJ8smslTXAP2tQ==
X-Received: by 2002:a24:e904:: with SMTP id
	f4-v6mr2441614ith.19.1536119560550;
	Tue, 04 Sep 2018 20:52:40 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdbHiMIARLIAo/N61XOUixdqO6OSmVqSCtSQSPrEn4ry/a7WMRLe59mcNZqgg789hsl+op2nkw==
X-Received: by 2002:a24:e904:: with SMTP id
	f4-v6mr2441609ith.19.1536119560332;
	Tue, 04 Sep 2018 20:52:40 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	c12-v6sm248689ioq.81.2018.09.04.20.52.38
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 04 Sep 2018 20:52:39 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v2 1/7] KVM: s390: implement CPU model only facilities
Date: Tue,  4 Sep 2018 23:52:01 -0400
Message-Id: <20180905035207.32559-2-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com>
References: <20180905035207.32559-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Christian Borntraeger <borntraeger@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

Some facilities should only be provided to the guest, if they are
enabled by a CPU model. This allows us to avoid capabilities and
to simply fall back to the cpumodel for deciding about a facility
without enabling it for older QEMUs or QEMUs without a CPU
model.

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
(cherry-picked from c3b9e3e1ea1c1d1524b56b6734711db2a6fc2163)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/kvm/kvm-s390.c         | 53 ++++++++++++++++++++------------
 arch/s390/kvm/kvm-s390.h         |  2 --
 arch/s390/tools/gen_facilities.c | 20 ++++++++++++
 3 files changed, 54 insertions(+), 21 deletions(-)

diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 656a3c8dfb50..9629be612304 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -151,13 +151,33 @@ static int nested;
 module_param(nested, int, S_IRUGO);
 MODULE_PARM_DESC(nested, "Nested virtualization support");
 
-/* upper facilities limit for kvm */
-unsigned long kvm_s390_fac_list_mask[16] = { FACILITIES_KVM };
 
-unsigned long kvm_s390_fac_list_mask_size(void)
+/*
+ * For now we handle at most 16 double words as this is what the s390 base
+ * kernel handles and stores in the prefix page. If we ever need to go beyond
+ * this, this requires changes to code, but the external uapi can stay.
+ */
+#define SIZE_INTERNAL 16
+
+/*
+ * Base feature mask that defines default mask for facilities. Consists of the
+ * defines in FACILITIES_KVM and the non-hypervisor managed bits.
+ */
+static unsigned long kvm_s390_fac_base[SIZE_INTERNAL] = { FACILITIES_KVM };
+/*
+ * Extended feature mask. Consists of the defines in FACILITIES_KVM_CPUMODEL
+ * and defines the facilities that can be enabled via a cpu model.
+ */
+static unsigned long kvm_s390_fac_ext[SIZE_INTERNAL] = { FACILITIES_KVM_CPUMODEL };
+
+static unsigned long kvm_s390_fac_size(void)
 {
-	BUILD_BUG_ON(ARRAY_SIZE(kvm_s390_fac_list_mask) > S390_ARCH_FAC_MASK_SIZE_U64);
-	return ARRAY_SIZE(kvm_s390_fac_list_mask);
+	BUILD_BUG_ON(SIZE_INTERNAL > S390_ARCH_FAC_MASK_SIZE_U64);
+	BUILD_BUG_ON(SIZE_INTERNAL > S390_ARCH_FAC_LIST_SIZE_U64);
+	BUILD_BUG_ON(SIZE_INTERNAL * sizeof(unsigned long) >
+		sizeof(S390_lowcore.stfle_fac_list));
+
+	return SIZE_INTERNAL;
 }
 
 /* available cpu features supported by kvm */
@@ -1953,20 +1973,15 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 	if (!kvm->arch.sie_page2)
 		goto out_err;
 
-	/* Populate the facility mask initially. */
-	memcpy(kvm->arch.model.fac_mask, S390_lowcore.stfle_fac_list,
-	       sizeof(S390_lowcore.stfle_fac_list));
-	for (i = 0; i < S390_ARCH_FAC_LIST_SIZE_U64; i++) {
-		if (i < kvm_s390_fac_list_mask_size())
-			kvm->arch.model.fac_mask[i] &= kvm_s390_fac_list_mask[i];
-		else
-			kvm->arch.model.fac_mask[i] = 0UL;
-	}
-
-	/* Populate the facility list initially. */
 	kvm->arch.model.fac_list = kvm->arch.sie_page2->fac_list;
-	memcpy(kvm->arch.model.fac_list, kvm->arch.model.fac_mask,
-	       S390_ARCH_FAC_LIST_SIZE_BYTE);
+
+	for (i = 0; i < kvm_s390_fac_size(); i++) {
+		kvm->arch.model.fac_mask[i] = S390_lowcore.stfle_fac_list[i] &
+					      (kvm_s390_fac_base[i] |
+					       kvm_s390_fac_ext[i]);
+		kvm->arch.model.fac_list[i] = S390_lowcore.stfle_fac_list[i] &
+					      kvm_s390_fac_base[i];
+	}
 
 	/* we are always in czam mode - even on pre z14 machines */
 	set_kvm_facility(kvm->arch.model.fac_mask, 138);
@@ -3965,7 +3980,7 @@ static int __init kvm_s390_init(void)
 	}
 
 	for (i = 0; i < 16; i++)
-		kvm_s390_fac_list_mask[i] |=
+		kvm_s390_fac_base[i] |=
 			S390_lowcore.stfle_fac_list[i] & nonhyp_mask(i);
 
 	return kvm_init(NULL, sizeof(struct kvm_vcpu), 0, THIS_MODULE);
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index efa186f065fb..0f08873937d4 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -281,8 +281,6 @@ void exit_sie(struct kvm_vcpu *vcpu);
 void kvm_s390_sync_request(int req, struct kvm_vcpu *vcpu);
 int kvm_s390_vcpu_setup_cmma(struct kvm_vcpu *vcpu);
 void kvm_s390_vcpu_unsetup_cmma(struct kvm_vcpu *vcpu);
-unsigned long kvm_s390_fac_list_mask_size(void);
-extern unsigned long kvm_s390_fac_list_mask[];
 void kvm_s390_set_cpu_timer(struct kvm_vcpu *vcpu, __u64 cputm);
 __u64 kvm_s390_get_cpu_timer(struct kvm_vcpu *vcpu);
 
diff --git a/arch/s390/tools/gen_facilities.c b/arch/s390/tools/gen_facilities.c
index 0373801d9860..78b7192fc070 100644
--- a/arch/s390/tools/gen_facilities.c
+++ b/arch/s390/tools/gen_facilities.c
@@ -62,6 +62,13 @@ static struct facility_def facility_defs[] = {
 		}
 	},
 	{
+		/*
+		 * FACILITIES_KVM contains the list of facilities that are part
+		 * of the default facility mask and list that are passed to the
+		 * initial CPU model. If no CPU model is used, this, together
+		 * with the non-hypervisor managed bits, is the maximum list of
+		 * guest facilities supported by KVM.
+		 */
 		.name = "FACILITIES_KVM",
 		.bits = (int[]){
 			0,  /* N3 instructions */
@@ -89,6 +96,19 @@ static struct facility_def facility_defs[] = {
 			-1  /* END */
 		}
 	},
+	{
+		/*
+		 * FACILITIES_KVM_CPUMODEL contains the list of facilities
+		 * that can be enabled by CPU model code if the host supports
+		 * it. These facilities are not passed to the guest without
+		 * CPU model support.
+		 */
+
+		.name = "FACILITIES_KVM_CPUMODEL",
+		.bits = (int[]){
+			-1  /* END */
+		}
+	},
 };
 
 static void print_facility_list(struct facility_def *def)

From patchwork Wed Sep  5 03:52:02 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966210
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 424qY041S3z9sCf;
	Wed,  5 Sep 2018 13:52:52 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxOs2-0001A0-3G; Wed, 05 Sep 2018 03:52:46 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs0-00019X-6g
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:44 +0000
Received: from mail-io0-f199.google.com ([209.85.223.199])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOrz-0001R2-Rx
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:43 +0000
Received: by mail-io0-f199.google.com with SMTP id o18-v6so5642016ioh.23
	for <kernel-team@lists.ubuntu.com>;
	Tue, 04 Sep 2018 20:52:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=vJsGT98DcehrjXFiSeMvVt4vajIZ0Rp6VMFlkkMkox8=;
	b=d9/Zx8G1PY40Nj1pcU7GkhsTLoQcxVYG2rYZKXYx7oKaclcK3rwj+Pmk1pXN+mgDzE
	xnNKpiyNXPWRKL3GTejH/EpjUcaEdlBU1HUrWKK1P2rqHDiuGlNNzNl2esRuPod1HnSJ
	YtAxxC1AWJpw81D+8O9dvOb1F54O1q6UvsEjO968E5yrt8eqSXL0LPE7LvVl7Olzu5pU
	pO/0mwB+CdL00/ctyqo7mnv0QQKBYRaaJ9UmgB6jD0E2SEBxghaD5btgQX1/Abcj9oVP
	jm2v39M2reYThYkt7sKoLUBfwfkuWz33DNNbCH0CnPwtxyO1KBTD2V0M5MNKNjoPy2G4
	fW6g==
X-Gm-Message-State: APzg51ABMR/7/g0MPmiM1/kLLBBrGTsMu3x7XGGRkpZw3u3AoY6/KSdp
	gQfTnw9DP3KUkzehFxvZOYfckJun7SPxzc0FLks1QdjIC1PBvEJXs4DsptoXabjHkajL7IQpYwG
	9EoywSblXOHRNpFQj2dexFhbIp96M973XSleLz92X8Q==
X-Received: by 2002:a6b:3954:: with SMTP id
	g81-v6mr23697272ioa.225.1536119562408;
	Tue, 04 Sep 2018 20:52:42 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdbNL7qUfz/nxp2FFV5LXqNugsS7kbEKzHhJt3gYyQFztSYW6G048S2uLh4crj0zJ+gDL46TEw==
X-Received: by 2002:a6b:3954:: with SMTP id
	g81-v6mr23697266ioa.225.1536119562204;
	Tue, 04 Sep 2018 20:52:42 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	c12-v6sm248689ioq.81.2018.09.04.20.52.40
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 04 Sep 2018 20:52:40 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v2 2/7] s390: detect etoken facility
Date: Tue,  4 Sep 2018 23:52:02 -0400
Message-Id: <20180905035207.32559-3-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com>
References: <20180905035207.32559-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

Detect and report the etoken facility. With spectre_v2=auto or
CONFIG_EXPOLINE_AUTO=y automatically disable expolines and use
the full branch prediction mode for the kernel.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry-picked from aeaf7002a76c8da60c0f503badcbddc07650678c)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/kernel/nospec-branch.c | 12 +++++++++++-
 arch/s390/kernel/nospec-sysfs.c  |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c
index 8ad6a7128b3a..555da6e05d7b 100644
--- a/arch/s390/kernel/nospec-branch.c
+++ b/arch/s390/kernel/nospec-branch.c
@@ -35,6 +35,8 @@ early_param("nospec", nospec_setup_early);
 
 static int __init nospec_report(void)
 {
+	if (test_facility(156))
+		pr_info("Spectre V2 mitigation: etokens\n");
 	if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
 		pr_info("Spectre V2 mitigation: execute trampolines.\n");
 	if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))
@@ -56,7 +58,15 @@ early_param("nospectre_v2", nospectre_v2_setup_early);
 
 void __init nospec_auto_detect(void)
 {
-	if (IS_ENABLED(CC_USING_EXPOLINE)) {
+	if (test_facility(156)) {
+		/*
+		 * The machine supports etokens.
+		 * Disable expolines and disable nobp.
+		 */
+		if (IS_ENABLED(CC_USING_EXPOLINE))
+			nospec_disable = 1;
+		__clear_facility(82, S390_lowcore.alt_stfle_fac_list);
+	} else if (IS_ENABLED(CC_USING_EXPOLINE)) {
 		/*
 		 * The kernel has been compiled with expolines.
 		 * Keep expolines enabled and disable nobp.
diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c
index 8affad5f18cb..e30e580ae362 100644
--- a/arch/s390/kernel/nospec-sysfs.c
+++ b/arch/s390/kernel/nospec-sysfs.c
@@ -13,6 +13,8 @@ ssize_t cpu_show_spectre_v1(struct device *dev,
 ssize_t cpu_show_spectre_v2(struct device *dev,
 			    struct device_attribute *attr, char *buf)
 {
+	if (test_facility(156))
+		return sprintf(buf, "Mitigation: etokens\n");
 	if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
 		return sprintf(buf, "Mitigation: execute trampolines\n");
 	if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))

From patchwork Wed Sep  5 03:52:03 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966211
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 424qY146s7z9sCt;
	Wed,  5 Sep 2018 13:52:53 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxOs3-0001AM-8l; Wed, 05 Sep 2018 03:52:47 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs1-00019t-NK
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:45 +0000
Received: from mail-it0-f69.google.com ([209.85.214.69])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs1-0001RB-D4
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:45 +0000
Received: by mail-it0-f69.google.com with SMTP id e63-v6so6020232ite.2
	for <kernel-team@lists.ubuntu.com>;
	Tue, 04 Sep 2018 20:52:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=zr3IuZMxqAcn/Ba9Qs/EK+D0Mm1EMAXPDiTbq9HFpu8=;
	b=mSa4FQIY7Cqw8lJ138NlXf7Bmrm7bnSogRVdi9GZs6y0vVfrYade3oekdMABuDBgAj
	cl1OSEUi990kw0vH9MrCro+8OhY1tPycboCI+WCvxz1HnVr/A27nT9tCt++9w1ySSMRM
	AyBNHqlKTecHnzaXvF2K3ogWbUf6jb0QNGw6z5pWM0uuu2klBIX+RDe6clSyn2IW0Wmb
	XhnsuZN5TRnKfqKO+KgdpOxYm6d4REV6GG9AVqp3On7W6luBjlcQJEsggJbfGpbnxMKX
	EmQ+KbJi0JK4wt1YZ3DbEYYSO1JXJnBZh2ykZdJK8Hmd4Kh6W1Y1HMbty3YmrCDdlMOc
	42HA==
X-Gm-Message-State: APzg51BSzWldxnQee2KI6uJtNgnt94O0mfkxS4gQ5niDiQZ0tQzClVir
	x0UmPQwEKR1CmbP9H6lgLbIt1/LeSaZLkhhVbQyOAZsNbB0EXGevFEnjDBrQl2JDomMqtvM3jBR
	JwORuj96lr1jm1trvJc3QzRtftDJaG2AJfDwg+g9H9A==
X-Received: by 2002:a24:97cd:: with SMTP id
	k196-v6mr9672537ite.93.1536119564116;
	Tue, 04 Sep 2018 20:52:44 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdZNwPxMW11R/adLMVfPR1WtU/ChrM5F28O0oIOq6/ebxw/lNePoptM0pg+DyOxwsms63lwFtg==
X-Received: by 2002:a24:97cd:: with SMTP id
	k196-v6mr9672528ite.93.1536119563943;
	Tue, 04 Sep 2018 20:52:43 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	c12-v6sm248689ioq.81.2018.09.04.20.52.42
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 04 Sep 2018 20:52:42 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v2 3/7] KVM: s390: define GISA format-0 data structure
Date: Tue,  4 Sep 2018 23:52:03 -0400
Message-Id: <20180905035207.32559-4-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com>
References: <20180905035207.32559-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Michael Mueller <mimu@linux.vnet.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

In preperation to support pass-through adapter interrupts, the Guest
Interruption State Area (GISA) and the Adapter Interruption Virtualization
(AIV) features will be introduced here.

This patch introduces format-0 GISA (that is defines the struct describing
the GISA, allocates storage for it, and introduces fields for the
GISA address in kvm_s390_sie_block and kvm_s390_vsie).

As the GISA requires storage below 2GB, it is put in sie_page2, which is
already allocated in ZONE_DMA. In addition, The GISA requires alignment to
its integral boundary. This is already naturally aligned via the
padding in the sie_page2.

Signed-off-by: Michael Mueller <mimu@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
(cherry-picked from 19114beb73f774e466d9e39b8e8b961812c9f881)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/include/asm/kvm_host.h | 23 +++++++++++++++++++----
 arch/s390/kvm/kvm-s390.c         |  1 +
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index cd7ed86c571e..90d4af0b5c55 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -183,6 +183,7 @@ struct kvm_s390_sie_block {
 #define ECA_IB		0x40000000
 #define ECA_SIGPI	0x10000000
 #define ECA_MVPGI	0x01000000
+#define ECA_AIV		0x00200000
 #define ECA_VX		0x00020000
 #define ECA_PROTEXCI	0x00002000
 #define ECA_SII		0x00000001
@@ -228,7 +229,8 @@ struct kvm_s390_sie_block {
 	__u8    epdx;			/* 0x0069 */
 	__u8    reserved6a[2];		/* 0x006a */
 	__u32	todpr;			/* 0x006c */
-	__u8	reserved70[16];		/* 0x0070 */
+	__u32	gd;			/* 0x0070 */
+	__u8	reserved74[12];		/* 0x0074 */
 	__u64	mso;			/* 0x0080 */
 	__u64	msl;			/* 0x0088 */
 	psw_t	gpsw;			/* 0x0090 */
@@ -720,14 +722,27 @@ struct kvm_s390_crypto_cb {
 	struct kvm_s390_apcb1 apcb1;		/* 0x0080 */
 };
 
+struct kvm_s390_gisa {
+	u32 next_alert;
+	u8 ipm;
+	u8 reserved01;
+	u8 : 6;
+	u8 g : 1;
+	u8 c : 1;
+	u8 iam;
+	u8 reserved02[4];
+	u32 airq_count;
+};
+
 /*
- * sie_page2 has to be allocated as DMA because fac_list and crycb need
- * 31bit addresses in the sie control block.
+ * sie_page2 has to be allocated as DMA because fac_list, crycb and
+ * gisa need 31bit addresses in the sie control block.
  */
 struct sie_page2 {
 	__u64 fac_list[S390_ARCH_FAC_LIST_SIZE_U64];	/* 0x0000 */
 	struct kvm_s390_crypto_cb crycb;		/* 0x0800 */
-	u8 reserved900[0x1000 - 0x900];			/* 0x0900 */
+	struct kvm_s390_gisa gisa;			/* 0x0900 */
+	u8 reserved910[0x1000 - 0x910];			/* 0x0910 */
 };
 
 struct kvm_s390_vsie {
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 9629be612304..20f2acc8e7f9 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1968,6 +1968,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 	if (!kvm->arch.dbf)
 		goto out_err;
 
+	BUILD_BUG_ON(sizeof(struct sie_page2) != 4096);
 	kvm->arch.sie_page2 =
 	     (struct sie_page2 *) get_zeroed_page(GFP_KERNEL | GFP_DMA);
 	if (!kvm->arch.sie_page2)

From patchwork Wed Sep  5 03:52:04 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966212
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 424qY55zDLz9s7T;
	Wed,  5 Sep 2018 13:52:57 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxOs7-0001Cy-JH; Wed, 05 Sep 2018 03:52:51 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs4-0001Ai-0D
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:48 +0000
Received: from mail-it0-f70.google.com ([209.85.214.70])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs3-0001RJ-Ln
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:47 +0000
Received: by mail-it0-f70.google.com with SMTP id m207-v6so6320520itg.5
	for <kernel-team@lists.ubuntu.com>;
	Tue, 04 Sep 2018 20:52:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=o3ML+ZHcarbI+POiZYOEy2WHycERKogO/EDhJnTuWxc=;
	b=TgizdivGCwF2hkreoTU+FLM7C1WxIljyBZ6jvn6IjQnJ0uDscHIv6iLA/yHoXQkm5H
	pIkDztZB/1QmwALklpPESyJFde3idodLo00hEam84aEPVU3c7JW2iwBFNKl9FRTAdUJE
	vuDjAdMZhE3293p+MBcQ4T14FRwt9N4CNMEYTp4Zq+bRSwOrpOTCxLXK8vJ0HWiEB0/E
	C+zGR7ORCIEScDiX+PWE0YuJdlw/MuWfAIIrSrzQ0gUZX3C72O2C8OojT2aZTeyZvNga
	czkNGt7HnMjTNeYFUpYqP7YqS5D9rBWFy8gkEgVzM0+WQxloOBro1kpRS/7MqROnb6F7
	eNsA==
X-Gm-Message-State: APzg51CSFzKrtOEBi4IcZLZ95D5A8wtmFGxhoS6hmMS8LigLV95jNXtt
	VKvtAP872VVt/QQDAPwy0PWu+qnWgquy6eBLVkaDCIdyhDr+SS4AHxhHP5AIUYpCbIo8b0QLBwx
	Aw6nkkDz/WtOokZYUwMCsEPGzrlk+cb32pGSpfv9DAw==
X-Received: by 2002:a24:fa49:: with SMTP id
	v70-v6mr2514423ith.76.1536119565762;
	Tue, 04 Sep 2018 20:52:45 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vdb1i06OihDnVByEYKlzlfvAtUICW9PSIs0B03GNi/EW/o0n1XbF+Ci9TzThq14UqEqIoFvF+g==
X-Received: by 2002:a24:fa49:: with SMTP id
	v70-v6mr2514416ith.76.1536119565524;
	Tue, 04 Sep 2018 20:52:45 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	c12-v6sm248689ioq.81.2018.09.04.20.52.44
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 04 Sep 2018 20:52:44 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v2 4/7] KVM: s390: add etoken support for guests
Date: Tue,  4 Sep 2018 23:52:04 -0400
Message-Id: <20180905035207.32559-5-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com>
References: <20180905035207.32559-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Christian Borntraeger <borntraeger@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

We want to provide facility 156 (etoken facility) to our
guests. This includes migration support (via sync regs) and
VSIE changes. The tokens are being reset on clear reset. This
has to be implemented by userspace (via sync regs).

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
(cherry-picked from a3da7b4a3be51f37f434f14e11e60491f098b6ea)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/include/asm/kvm_host.h |  1 +
 arch/s390/include/uapi/asm/kvm.h |  5 ++++-
 arch/s390/kvm/kvm-s390.c         | 13 +++++++++++--
 arch/s390/kvm/vsie.c             |  9 +++++++--
 arch/s390/tools/gen_facilities.c |  3 ++-
 5 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index 90d4af0b5c55..e9ba4243d602 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -268,6 +268,7 @@ struct kvm_s390_sie_block {
 	__u8	reserved1c0[8];		/* 0x01c0 */
 #define ECD_HOSTREGMGMT	0x20000000
 #define ECD_MEF		0x08000000
+#define ECD_ETOKENF	0x02000000
 	__u32	ecd;			/* 0x01c8 */
 	__u8	reserved1cc[18];	/* 0x01cc */
 	__u64	pp;			/* 0x01de */
diff --git a/arch/s390/include/uapi/asm/kvm.h b/arch/s390/include/uapi/asm/kvm.h
index 4cdaa55fabfe..9a50f02b9894 100644
--- a/arch/s390/include/uapi/asm/kvm.h
+++ b/arch/s390/include/uapi/asm/kvm.h
@@ -4,7 +4,7 @@
 /*
  * KVM s390 specific structures and definitions
  *
- * Copyright IBM Corp. 2008
+ * Copyright IBM Corp. 2008, 2018
  *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
@@ -225,6 +225,7 @@ struct kvm_guest_debug_arch {
 #define KVM_SYNC_FPRS   (1UL << 8)
 #define KVM_SYNC_GSCB   (1UL << 9)
 #define KVM_SYNC_BPBC   (1UL << 10)
+#define KVM_SYNC_ETOKEN (1UL << 11)
 /* length and alignment of the sdnx as a power of two */
 #define SDNXC 8
 #define SDNXL (1UL << SDNXC)
@@ -258,6 +259,8 @@ struct kvm_sync_regs {
 		struct {
 			__u64 reserved1[2];
 			__u64 gscb[4];
+			__u64 etoken;
+			__u64 etoken_extension;
 		};
 	};
 };
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 20f2acc8e7f9..acc6e9f3e4ae 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -2263,6 +2263,8 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
 		vcpu->run->kvm_valid_regs |= KVM_SYNC_BPBC;
 	if (test_kvm_facility(vcpu->kvm, 133))
 		vcpu->run->kvm_valid_regs |= KVM_SYNC_GSCB;
+	if (test_kvm_facility(vcpu->kvm, 156))
+		vcpu->run->kvm_valid_regs |= KVM_SYNC_ETOKEN;
 	/* fprs can be synchronized via vrs, even if the guest has no vx. With
 	 * MACHINE_HAS_VX, (load|store)_fpu_regs() will work with vrs format.
 	 */
@@ -2510,7 +2512,13 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
 	}
 	if (test_kvm_facility(vcpu->kvm, 139))
 		vcpu->arch.sie_block->ecd |= ECD_MEF;
-
+	if (test_kvm_facility(vcpu->kvm, 156))
+		vcpu->arch.sie_block->ecd |= ECD_ETOKENF;
+	if (vcpu->arch.sie_block->gd) {
+		vcpu->arch.sie_block->eca |= ECA_AIV;
+		VCPU_EVENT(vcpu, 3, "AIV gisa format-%u enabled for cpu %03u",
+			   vcpu->arch.sie_block->gd & 0x3, vcpu->vcpu_id);
+	}
 	vcpu->arch.sie_block->sdnxo = ((unsigned long) &vcpu->run->s.regs.sdnx)
 					| SDNXC;
 	vcpu->arch.sie_block->riccbd = (unsigned long) &vcpu->run->s.regs.riccb;
@@ -3382,6 +3390,7 @@ static void sync_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 		}
 		preempt_enable();
 	}
+	/* SIE will load etoken directly from SDNX and therefore kvm_run */
 
 	kvm_run->kvm_dirty_regs = 0;
 }
@@ -3421,7 +3430,7 @@ static void store_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 			__ctl_clear_bit(2, 4);
 		vcpu->arch.host_gscb = NULL;
 	}
-
+	/* SIE will save etoken directly into SDNX and therefore kvm_run */
 }
 
 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index eb3043a7fff5..1f5989422df6 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -2,7 +2,7 @@
 /*
  * kvm nested virtualization support for s390x
  *
- * Copyright IBM Corp. 2016
+ * Copyright IBM Corp. 2016, 2018
  *
  *    Author(s): David Hildenbrand <dahi@linux.vnet.ibm.com>
  */
@@ -372,6 +372,10 @@ static int shadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 	if (test_kvm_facility(vcpu->kvm, 139))
 		scb_s->ecd |= scb_o->ecd & ECD_MEF;
 
+	/* etoken */
+	if (test_kvm_facility(vcpu->kvm, 156))
+		scb_s->ecd |= scb_o->ecd & ECD_ETOKENF;
+
 	prepare_ibc(vcpu, vsie_page);
 	rc = shadow_crycb(vcpu, vsie_page);
 out:
@@ -621,7 +625,8 @@ static int pin_blocks(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 		/* Validity 0x0044 will be checked by SIE */
 		scb_s->riccbd = hpa;
 	}
-	if ((scb_s->ecb & ECB_GS) && !(scb_s->ecd & ECD_HOSTREGMGMT)) {
+	if (((scb_s->ecb & ECB_GS) && !(scb_s->ecd & ECD_HOSTREGMGMT)) ||
+	    (scb_s->ecd & ECD_ETOKENF)) {
 		unsigned long sdnxc;
 
 		gpa = READ_ONCE(scb_o->sdnxo) & ~0xfUL;
diff --git a/arch/s390/tools/gen_facilities.c b/arch/s390/tools/gen_facilities.c
index 78b7192fc070..c3582a42b598 100644
--- a/arch/s390/tools/gen_facilities.c
+++ b/arch/s390/tools/gen_facilities.c
@@ -4,7 +4,7 @@
  * numbering scheme from the Princples of Operations: most significant bit
  * has bit number 0.
  *
- *    Copyright IBM Corp. 2015
+ *    Copyright IBM Corp. 2015, 2018
  *
  */
 
@@ -106,6 +106,7 @@ static struct facility_def facility_defs[] = {
 
 		.name = "FACILITIES_KVM_CPUMODEL",
 		.bits = (int[]){
+			156, /* etoken facility */
 			-1  /* END */
 		}
 	},

From patchwork Wed Sep  5 03:52:05 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966213
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 424qY61S0pz9sCf;
	Wed,  5 Sep 2018 13:52:58 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxOs8-0001DR-CT; Wed, 05 Sep 2018 03:52:52 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs5-0001B1-8z
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:49 +0000
Received: from mail-io0-f198.google.com ([209.85.223.198])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs4-0001RQ-Sr
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:48 +0000
Received: by mail-io0-f198.google.com with SMTP id w19-v6so5684586ioa.10
	for <kernel-team@lists.ubuntu.com>;
	Tue, 04 Sep 2018 20:52:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=OkygdUl3YZRbGOSZedoTW0mTYCCREtm3evDHA73vNUo=;
	b=kgrPL9G2BtInubNt27tY8M2DcKyP+K3fHkqvPcDg9jfDOFnFVnlorT0uNLfEsiCV1J
	gznEkghOAhjvvxetpyeO0W2QQlVzwkFRKouTxvAdoOuojhjlGi5yB+6HBDPVy+KhmaIc
	SulHPgNJiPTvJXl/zfGkfQWiKQIx8oXw5Yae8eONCa/3mSS8NYeqh2GSEiP95f711qD9
	1rxQRktxbwqojICy1dGcEGYdJWD5qCWEf68bg/FZggP2o+fTuRP7G2p7JkwVIl3Id+jE
	+bwwA5F9BjyKZYAEpcB/795PIoeja/7Z8/rRoaONB8wwfBx79sOSHjGm2DXBoLGVIHxH
	lMrQ==
X-Gm-Message-State: APzg51CM7P5k5vCEiaNL85aBmzISsU/w3ZHWEj0cSHgxCDQrFp1KInxs
	PLuOkrCdP7wPi1PvDQ6C6CzJDMAONZNbK0USjgdB1R7EdjvaAliWNH/EgpHulTiDX4aIkgRwXP2
	gxZPwUK9wS9KBQcHURvo2Qq2kEVewhUFETUXRuAb9hg==
X-Received: by 2002:a24:b60a:: with SMTP id
	g10-v6mr2372824itf.55.1536119567615;
	Tue, 04 Sep 2018 20:52:47 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdYDPkkeqjYeMJ/6pQTjIWzZGqEh0o5LqedFxUWVxN/5PR3RoeLemIx/qe96Os/E6Wr9IN5H1A==
X-Received: by 2002:a24:b60a:: with SMTP id
	g10-v6mr2372819itf.55.1536119567468;
	Tue, 04 Sep 2018 20:52:47 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	c12-v6sm248689ioq.81.2018.09.04.20.52.45
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 04 Sep 2018 20:52:46 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v2 5/7] s390/lib: use expoline for all bcr
	instructions
Date: Tue,  4 Sep 2018 23:52:05 -0400
Message-Id: <20180905035207.32559-6-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com>
References: <20180905035207.32559-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

The memove, memset, memcpy, __memset16, __memset32 and __memset64
function have an additional indirect return branch in form of a
"bzr" instruction. These need to use expolines as well.

Cc: <stable@vger.kernel.org> # v4.17+
Fixes: 97489e0663 ("s390/lib: use expoline for indirect branches")
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry-picked from 5eda25b10297684c1f46a14199ec00210f3c346e)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/lib/mem.S | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S
index 2311f15be9cf..40c4d59c926e 100644
--- a/arch/s390/lib/mem.S
+++ b/arch/s390/lib/mem.S
@@ -17,7 +17,7 @@
 ENTRY(memmove)
 	ltgr	%r4,%r4
 	lgr	%r1,%r2
-	bzr	%r14
+	jz	.Lmemmove_exit
 	aghi	%r4,-1
 	clgr	%r2,%r3
 	jnh	.Lmemmove_forward
@@ -36,6 +36,7 @@ ENTRY(memmove)
 .Lmemmove_forward_remainder:
 	larl	%r5,.Lmemmove_mvc
 	ex	%r4,0(%r5)
+.Lmemmove_exit:
 	BR_EX	%r14
 .Lmemmove_reverse:
 	ic	%r0,0(%r4,%r3)
@@ -65,7 +66,7 @@ EXPORT_SYMBOL(memmove)
  */
 ENTRY(memset)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.Lmemset_exit
 	ltgr	%r3,%r3
 	jnz	.Lmemset_fill
 	aghi	%r4,-1
@@ -80,6 +81,7 @@ ENTRY(memset)
 .Lmemset_clear_remainder:
 	larl	%r3,.Lmemset_xc
 	ex	%r4,0(%r3)
+.Lmemset_exit:
 	BR_EX	%r14
 .Lmemset_fill:
 	cghi	%r4,1
@@ -115,7 +117,7 @@ EXPORT_SYMBOL(memset)
  */
 ENTRY(memcpy)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.Lmemcpy_exit
 	aghi	%r4,-1
 	srlg	%r5,%r4,8
 	ltgr	%r5,%r5
@@ -124,6 +126,7 @@ ENTRY(memcpy)
 .Lmemcpy_remainder:
 	larl	%r5,.Lmemcpy_mvc
 	ex	%r4,0(%r5)
+.Lmemcpy_exit:
 	BR_EX	%r14
 .Lmemcpy_loop:
 	mvc	0(256,%r1),0(%r3)
@@ -145,9 +148,9 @@ EXPORT_SYMBOL(memcpy)
 .macro __MEMSET bits,bytes,insn
 ENTRY(__memset\bits)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.L__memset_exit\bits
 	cghi	%r4,\bytes
-	je	.L__memset_exit\bits
+	je	.L__memset_store\bits
 	aghi	%r4,-(\bytes+1)
 	srlg	%r5,%r4,8
 	ltgr	%r5,%r5
@@ -163,8 +166,9 @@ ENTRY(__memset\bits)
 	larl	%r5,.L__memset_mvc\bits
 	ex	%r4,0(%r5)
 	BR_EX	%r14
-.L__memset_exit\bits:
+.L__memset_store\bits:
 	\insn	%r3,0(%r2)
+.L__memset_exit\bits:
 	BR_EX	%r14
 .L__memset_mvc\bits:
 	mvc	\bytes(1,%r1),0(%r1)

From patchwork Wed Sep  5 03:52:06 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966214
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 424qY73KCFz9sCn;
	Wed,  5 Sep 2018 13:52:59 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxOs9-0001EQ-Hk; Wed, 05 Sep 2018 03:52:53 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs7-0001CY-7N
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:51 +0000
Received: from mail-it0-f71.google.com ([209.85.214.71])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs6-0001Rb-Sb
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:50 +0000
Received: by mail-it0-f71.google.com with SMTP id b124-v6so5985880itb.9
	for <kernel-team@lists.ubuntu.com>;
	Tue, 04 Sep 2018 20:52:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=GIHkudF+HX/qzzBu0UDl9wzdoQsW9Lzkxi71e5p0YEU=;
	b=qZCVcTxGnq1P3E1wy7CaEYaJ005elS//vHX354dHyHIl82vvTCqx1/nI2PRCQEgyu3
	pAJw56BD83CL7FgC62JfVgYlu6XAChahvnPHensfphC0IOGepSG++HXL0Aw379C92wKN
	j5XIdCPeE8/LlCapf0AU/+FTY97TIZVa3VWqeOVOmE1UoL7fUrBPfikv6Jy07kXLC+ng
	rO9UHq+9drUIOgCFvPNrto2Wph2/yrgPmFLpEZ5R/8NhIgR9O5iuHfhXsIfy63VB/skA
	qVkt1MaWU9b4wizhNXUWfShSq60S/Us+FpTfq2U8AbgC0l0Ew6BmqRGSUkAGfZR7VMwY
	/0cA==
X-Gm-Message-State: APzg51ANVzRt9ry5BQ5EozpJp5K8EZbZbTvBhye67SPj/VLTJlruPAxg
	8/wxJ1AcOLENFoIVtrcu3+KtnEOpYA6r433NZDHIP5e1ZBGaIQrCqWpcflux7PgtWAjz2j5fi2T
	MTmgorqyr9BZLtM4cmwg7FP61cRVgo8f0RsrwyamdrQ==
X-Received: by 2002:a24:f5c6:: with SMTP id
	k189-v6mr2418963ith.53.1536119569624;
	Tue, 04 Sep 2018 20:52:49 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vdar42fdVmQnVoBFOcIbFQUdsIdMOvk2vooQ4X7gSUKeJnIz5030w5/qyEgfN1RIR+E3/0NXxg==
X-Received: by 2002:a24:f5c6:: with SMTP id
	k189-v6mr2418957ith.53.1536119569303;
	Tue, 04 Sep 2018 20:52:49 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	c12-v6sm248689ioq.81.2018.09.04.20.52.47
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 04 Sep 2018 20:52:47 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v2 6/7] s390: fix br_r1_trampoline for machines
	without exrl
Date: Tue,  4 Sep 2018 23:52:06 -0400
Message-Id: <20180905035207.32559-7-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com>
References: <20180905035207.32559-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

For machines without the exrl instruction the BFP jit generates
code that uses an "br %r1" instruction located in the lowcore page.
Unfortunately there is a cut & paste error that puts an additional
"larl %r1,.+14" instruction in the code that clobbers the branch
target address in %r1. Remove the larl instruction.

Cc: <stable@vger.kernel.org> # v4.17+
Fixes: de5cb6eb51 ("s390: use expoline thunks in the BPF JIT")
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry-picked from 26f843848bae973817b3587780ce6b7b0200d3e4)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/net/bpf_jit_comp.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index f5ad92d09006..6b84bdc94055 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -518,8 +518,6 @@ static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth)
 			/* br %r1 */
 			_EMIT2(0x07f1);
 		} else {
-			/* larl %r1,.+14 */
-			EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
 			/* ex 0,S390_lowcore.br_r1_tampoline */
 			EMIT4_DISP(0x44000000, REG_0, REG_0,
 				   offsetof(struct lowcore, br_r1_trampoline));

From patchwork Wed Sep  5 03:52:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966215
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 424qY91g1Sz9s7T;
	Wed,  5 Sep 2018 13:53:01 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxOsB-0001Ft-MZ; Wed, 05 Sep 2018 03:52:55 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs9-0001E8-3U
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:53 +0000
Received: from mail-io0-f197.google.com ([209.85.223.197])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxOs8-0001Rm-Pd
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 03:52:52 +0000
Received: by mail-io0-f197.google.com with SMTP id s14-v6so5782599ioc.0
	for <kernel-team@lists.ubuntu.com>;
	Tue, 04 Sep 2018 20:52:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=tU0BatZKhmgI2Css3wNNNhhvoyCQIvAjaYV4+bqi0YA=;
	b=o8G5k9FquHZbtfO4FCf6j4mvmL0Y89Q94VuXkKfQlygSAnXZtxaX8tlSDZueLzt0Ws
	8M5f+6nF2TbwylSR7sHYpE+Bxg+2KP4NP89Jbz7z1F1ZPRdoAXdfdIF3knu94KAEo9+g
	cEAyEnXspbU/dnsjQqY8fPmiM7MUoXZq9WCdlnwKM3u8UHLpCSVZEwXaBWpb7+X4ZsYr
	S5Fy3/e3jrJ8vy3BfQ5flQe2iVeTzI7V03BmBF9c1IoRret+kc7exgsT8v2lg5e0YcbH
	V9uzvxHHCRU4RFSNj5QVaQOUHQ75+TvpJbsVIFhU+ot6RHdWRWzAjEi+kVsuL/FEya0U
	awkw==
X-Gm-Message-State: APzg51D5LTvv/6My9HHMJqc/3+NtdBnc1pZjAVkKAwva0VwehRftN7vm
	P/LskC3JzkEFo3bh6JJqpEZFo3qQPMRf/zLmSvDwdd4m4SPsBefXTChPSq69VOPhRL8Znh56ipT
	HeJQ3xpFkzcS5qQWqiHvzFglOlypQ2VA4xjcM2ZwVPA==
X-Received: by 2002:a24:6302:: with SMTP id
	j2-v6mr2385757itc.8.1536119571324;
	Tue, 04 Sep 2018 20:52:51 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vdacm/bx9PXZJTS8/mp+6mtmJswr/2QVmA0BuLL+5cdelXux6tu9yT3n+qmTAMWcWRUwd+oKGw==
X-Received: by 2002:a24:6302:: with SMTP id
	j2-v6mr2385751itc.8.1536119571165;
	Tue, 04 Sep 2018 20:52:51 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	c12-v6sm248689ioq.81.2018.09.04.20.52.49
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 04 Sep 2018 20:52:49 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v2 7/7] UBUNTU: SAUCE: bpf,
	s390x: remove ld_abs/ld_ind
Date: Tue,  4 Sep 2018 23:52:07 -0400
Message-Id: <20180905035207.32559-8-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905035207.32559-1-khalid.elmously@canonical.com>
References: <20180905035207.32559-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

CVE-2017-5715 (Spectre v2 s390x)

removed the code that generated the indirect branch "basr %b5,%w1"
from the BPF JIT. Older versions of the BPF which still have support
for LD_ABS/LD_IND need a patch to add the execute trampoline for
this branch instruction.

Original author: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/net/bpf_jit_comp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index 6b84bdc94055..e3a4b98f8b47 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -1302,8 +1302,13 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
 			/* lg %skb_data,data_off(%b6) */
 			EMIT6_DISP_LH(0xe3000000, 0x0004, REG_SKB_DATA, REG_0,
 				      BPF_REG_6, offsetof(struct sk_buff, data));
-		/* basr %b5,%w1 (%b5 is call saved) */
-		EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) {
+			/* brasl %r5,__s390_indirect_jump_r1 */
+			EMIT6_PCREL_RILB(0xc0050000, BPF_REG_5, jit->r1_thunk_ip);
+		} else {
+			/* basr %b5,%w1 (%b5 is call saved) */
+			EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		}
 
 		/*
 		 * Note: For fast access we jump directly after the