From patchwork Wed Sep  5 16:36:17 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966560
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4258VT5cPfz9sW5;
	Thu,  6 Sep 2018 02:36:49 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxanK-0004tn-OU; Wed, 05 Sep 2018 16:36:42 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanF-0004r3-Nv
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:37 +0000
Received: from mail-io0-f197.google.com ([209.85.223.197])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanF-0005hO-CY
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:37 +0000
Received: by mail-io0-f197.google.com with SMTP id z20-v6so7799218iol.1
	for <kernel-team@lists.ubuntu.com>;
	Wed, 05 Sep 2018 09:36:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=jx52kUg7vUBZ/1R9CvraoRmSNBDveMHAdm+sxe9sYeg=;
	b=p2Lbth3VfqcKNII4toXd/99ijDoFkv/HkxNT1oRmlUB1ftNx8BvtEBiRlKuEsRStZa
	4X8fZYM/XMMpzfKUAPkytoisj/e+1uGIHuqWSI8asvxqt67paIrGRPtoK1CO21EPIVLE
	BUrDXWMFxMqc1JB1Ic0Oavkme7AZTOKv/2zhIv+vRdVabk7Q0DMQGDzrl3jepmDA3XsT
	qyhsif0mHR7DmnxqsKF0gTTnZorRKQRCb+SpzJeSKvDg++pa78+PP3wjZiTPifq9fFLQ
	pqv9Zi6paAeJf3wMo1ACTx4GS83z//0rS/HJyN4c2wlJtcMFlGHypILkyNMNG3fDk6Hj
	d7hg==
X-Gm-Message-State: APzg51BKoJpMnbciSSuTfommPb1KY4nL+Pp+oaQ1aqiYHitwYv7FMQLF
	SrT852VzbfWgHZ1GAA14gbRT6XTS7Z1+3F/Xn6DUnjLMPtO50IF07fwDO9NaiE7kcuvtRy71E30
	nPbRG8JM3uBEeKCye2FZfT19jbI6FQvY+XWpPbaLg7A==
X-Received: by 2002:a02:4502:: with SMTP id
	y2-v6mr28216475jaa.11.1536165396105;
	Wed, 05 Sep 2018 09:36:36 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdaT8Dtrh0SgWIpPv+xZgaOoFr0JTy0W9HJBciTDYk+qvuoeO0oXNkBKlp/Mr1yqzSMdBw+xvQ==
X-Received: by 2002:a02:4502:: with SMTP id
	y2-v6mr28216468jaa.11.1536165395948;
	Wed, 05 Sep 2018 09:36:35 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	i5-v6sm744367ioq.5.2018.09.05.09.36.34
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 05 Sep 2018 09:36:34 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v4 2/6] s390: detect etoken facility
Date: Wed,  5 Sep 2018 12:36:17 -0400
Message-Id: <20180905163621.16452-3-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905163621.16452-1-khalid.elmously@canonical.com>
References: <20180905163621.16452-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

Detect and report the etoken facility. With spectre_v2=auto or
CONFIG_EXPOLINE_AUTO=y automatically disable expolines and use
the full branch prediction mode for the kernel.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit aeaf7002a76c8da60c0f503badcbddc07650678c)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/kernel/nospec-branch.c | 12 +++++++++++-
 arch/s390/kernel/nospec-sysfs.c  |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c
index 8ad6a7128b3a..555da6e05d7b 100644
--- a/arch/s390/kernel/nospec-branch.c
+++ b/arch/s390/kernel/nospec-branch.c
@@ -35,6 +35,8 @@ early_param("nospec", nospec_setup_early);
 
 static int __init nospec_report(void)
 {
+	if (test_facility(156))
+		pr_info("Spectre V2 mitigation: etokens\n");
 	if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
 		pr_info("Spectre V2 mitigation: execute trampolines.\n");
 	if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))
@@ -56,7 +58,15 @@ early_param("nospectre_v2", nospectre_v2_setup_early);
 
 void __init nospec_auto_detect(void)
 {
-	if (IS_ENABLED(CC_USING_EXPOLINE)) {
+	if (test_facility(156)) {
+		/*
+		 * The machine supports etokens.
+		 * Disable expolines and disable nobp.
+		 */
+		if (IS_ENABLED(CC_USING_EXPOLINE))
+			nospec_disable = 1;
+		__clear_facility(82, S390_lowcore.alt_stfle_fac_list);
+	} else if (IS_ENABLED(CC_USING_EXPOLINE)) {
 		/*
 		 * The kernel has been compiled with expolines.
 		 * Keep expolines enabled and disable nobp.
diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c
index 8affad5f18cb..e30e580ae362 100644
--- a/arch/s390/kernel/nospec-sysfs.c
+++ b/arch/s390/kernel/nospec-sysfs.c
@@ -13,6 +13,8 @@ ssize_t cpu_show_spectre_v1(struct device *dev,
 ssize_t cpu_show_spectre_v2(struct device *dev,
 			    struct device_attribute *attr, char *buf)
 {
+	if (test_facility(156))
+		return sprintf(buf, "Mitigation: etokens\n");
 	if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
 		return sprintf(buf, "Mitigation: execute trampolines\n");
 	if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))

From patchwork Wed Sep  5 16:36:18 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966559
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4258VR3bLXz9sRC;
	Thu,  6 Sep 2018 02:36:47 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxanI-0004sN-IT; Wed, 05 Sep 2018 16:36:40 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanH-0004rp-Gt
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:39 +0000
Received: from mail-io0-f199.google.com ([209.85.223.199])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanH-0005hX-6c
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:39 +0000
Received: by mail-io0-f199.google.com with SMTP id p22-v6so7672979ioh.7
	for <kernel-team@lists.ubuntu.com>;
	Wed, 05 Sep 2018 09:36:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ZCkP+HRcS1ps1QSXE9LGa0msz5FwW+U+k9h0inJ3W3w=;
	b=Fx+7P2jDpCtlC0UFGGsbqD5rRrIskZhhAzA0gTa3aWpuPAWPEvhGDsKvv+W8pq4+Ys
	TgFXn5Xqh5lFNKAq3ziNPlc5wPakqWGSNT62UiUzDPzHZDpX9UtaD6MhoHMHMoH9JPxS
	QbVLOjt6bXwZawZz3i3VLLaZZ2bWxq//4eZEkvqbeu4XJQqZ0wzpSeZl0rSntKocD8E1
	PPQXY3ZawRseh+N9mg+yDDGBdaC2Qwp3z6BMqfeE+qfb7CqvoPzFMc1AllkcdCJYeIlW
	BWQ74WJ8nyj6pi2zDOD1gkRfnX+0PMHh2qy4R+fK87ATO1OE4YAjd7D6XZukYsEvgyhP
	VwAw==
X-Gm-Message-State: APzg51DE5HeK3Twy5q5gWbd+/X80I/3lZr72b9IJnGKXqoy9achDw1O3
	plu/GllFt/sNNAvaj8FOMVuPSbeRdap+Ug2XQLYG/2ees74czKvj4RGoIRibEWcPCryM8+b8V6L
	6A1V97cUVN8y0eBO9r5IavM8Oz3JCUAi1f+9SJaKL4g==
X-Received: by 2002:a02:238f:: with SMTP id
	u137-v6mr27644851jau.0.1536165397894;
	Wed, 05 Sep 2018 09:36:37 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdZMu3O6p+00DChlL/blXs5FPDH9v4bKH8TYSinTUw3Crfn/sdBLClFh7A7u761WfIRf7eg09g==
X-Received: by 2002:a02:238f:: with SMTP id
	u137-v6mr27644842jau.0.1536165397667;
	Wed, 05 Sep 2018 09:36:37 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	i5-v6sm744367ioq.5.2018.09.05.09.36.36
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 05 Sep 2018 09:36:36 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v4 3/6] KVM: s390: add etoken support for guests
Date: Wed,  5 Sep 2018 12:36:18 -0400
Message-Id: <20180905163621.16452-4-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905163621.16452-1-khalid.elmously@canonical.com>
References: <20180905163621.16452-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Christian Borntraeger <borntraeger@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

We want to provide facility 156 (etoken facility) to our
guests. This includes migration support (via sync regs) and
VSIE changes. The tokens are being reset on clear reset. This
has to be implemented by userspace (via sync regs).

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
(backported from commit a3da7b4a3be51f37f434f14e11e60491f098b6ea)
[kmously: Minor context adjustment for whitespace]
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/include/asm/kvm_host.h | 1 +
 arch/s390/include/uapi/asm/kvm.h | 5 ++++-
 arch/s390/kvm/kvm-s390.c         | 8 ++++++--
 arch/s390/kvm/vsie.c             | 9 +++++++--
 arch/s390/tools/gen_facilities.c | 3 ++-
 5 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/arch/s390/include/asm/kvm_host.h b/arch/s390/include/asm/kvm_host.h
index cd7ed86c571e..3ad7ccde93af 100644
--- a/arch/s390/include/asm/kvm_host.h
+++ b/arch/s390/include/asm/kvm_host.h
@@ -266,6 +266,7 @@ struct kvm_s390_sie_block {
 	__u8	reserved1c0[8];		/* 0x01c0 */
 #define ECD_HOSTREGMGMT	0x20000000
 #define ECD_MEF		0x08000000
+#define ECD_ETOKENF	0x02000000
 	__u32	ecd;			/* 0x01c8 */
 	__u8	reserved1cc[18];	/* 0x01cc */
 	__u64	pp;			/* 0x01de */
diff --git a/arch/s390/include/uapi/asm/kvm.h b/arch/s390/include/uapi/asm/kvm.h
index 4cdaa55fabfe..9a50f02b9894 100644
--- a/arch/s390/include/uapi/asm/kvm.h
+++ b/arch/s390/include/uapi/asm/kvm.h
@@ -4,7 +4,7 @@
 /*
  * KVM s390 specific structures and definitions
  *
- * Copyright IBM Corp. 2008
+ * Copyright IBM Corp. 2008, 2018
  *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
@@ -225,6 +225,7 @@ struct kvm_guest_debug_arch {
 #define KVM_SYNC_FPRS   (1UL << 8)
 #define KVM_SYNC_GSCB   (1UL << 9)
 #define KVM_SYNC_BPBC   (1UL << 10)
+#define KVM_SYNC_ETOKEN (1UL << 11)
 /* length and alignment of the sdnx as a power of two */
 #define SDNXC 8
 #define SDNXL (1UL << SDNXC)
@@ -258,6 +259,8 @@ struct kvm_sync_regs {
 		struct {
 			__u64 reserved1[2];
 			__u64 gscb[4];
+			__u64 etoken;
+			__u64 etoken_extension;
 		};
 	};
 };
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 9629be612304..bc637fd34ec0 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -2262,6 +2262,8 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
 		vcpu->run->kvm_valid_regs |= KVM_SYNC_BPBC;
 	if (test_kvm_facility(vcpu->kvm, 133))
 		vcpu->run->kvm_valid_regs |= KVM_SYNC_GSCB;
+	if (test_kvm_facility(vcpu->kvm, 156))
+		vcpu->run->kvm_valid_regs |= KVM_SYNC_ETOKEN;
 	/* fprs can be synchronized via vrs, even if the guest has no vx. With
 	 * MACHINE_HAS_VX, (load|store)_fpu_regs() will work with vrs format.
 	 */
@@ -2509,7 +2511,8 @@ int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
 	}
 	if (test_kvm_facility(vcpu->kvm, 139))
 		vcpu->arch.sie_block->ecd |= ECD_MEF;
-
+	if (test_kvm_facility(vcpu->kvm, 156))
+		vcpu->arch.sie_block->ecd |= ECD_ETOKENF;
 	vcpu->arch.sie_block->sdnxo = ((unsigned long) &vcpu->run->s.regs.sdnx)
 					| SDNXC;
 	vcpu->arch.sie_block->riccbd = (unsigned long) &vcpu->run->s.regs.riccb;
@@ -3381,6 +3384,7 @@ static void sync_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 		}
 		preempt_enable();
 	}
+	/* SIE will load etoken directly from SDNX and therefore kvm_run */
 
 	kvm_run->kvm_dirty_regs = 0;
 }
@@ -3420,7 +3424,7 @@ static void store_regs(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 			__ctl_clear_bit(2, 4);
 		vcpu->arch.host_gscb = NULL;
 	}
-
+	/* SIE will save etoken directly into SDNX and therefore kvm_run */
 }
 
 int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index eb3043a7fff5..1f5989422df6 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -2,7 +2,7 @@
 /*
  * kvm nested virtualization support for s390x
  *
- * Copyright IBM Corp. 2016
+ * Copyright IBM Corp. 2016, 2018
  *
  *    Author(s): David Hildenbrand <dahi@linux.vnet.ibm.com>
  */
@@ -372,6 +372,10 @@ static int shadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 	if (test_kvm_facility(vcpu->kvm, 139))
 		scb_s->ecd |= scb_o->ecd & ECD_MEF;
 
+	/* etoken */
+	if (test_kvm_facility(vcpu->kvm, 156))
+		scb_s->ecd |= scb_o->ecd & ECD_ETOKENF;
+
 	prepare_ibc(vcpu, vsie_page);
 	rc = shadow_crycb(vcpu, vsie_page);
 out:
@@ -621,7 +625,8 @@ static int pin_blocks(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
 		/* Validity 0x0044 will be checked by SIE */
 		scb_s->riccbd = hpa;
 	}
-	if ((scb_s->ecb & ECB_GS) && !(scb_s->ecd & ECD_HOSTREGMGMT)) {
+	if (((scb_s->ecb & ECB_GS) && !(scb_s->ecd & ECD_HOSTREGMGMT)) ||
+	    (scb_s->ecd & ECD_ETOKENF)) {
 		unsigned long sdnxc;
 
 		gpa = READ_ONCE(scb_o->sdnxo) & ~0xfUL;
diff --git a/arch/s390/tools/gen_facilities.c b/arch/s390/tools/gen_facilities.c
index 78b7192fc070..c3582a42b598 100644
--- a/arch/s390/tools/gen_facilities.c
+++ b/arch/s390/tools/gen_facilities.c
@@ -4,7 +4,7 @@
  * numbering scheme from the Princples of Operations: most significant bit
  * has bit number 0.
  *
- *    Copyright IBM Corp. 2015
+ *    Copyright IBM Corp. 2015, 2018
  *
  */
 
@@ -106,6 +106,7 @@ static struct facility_def facility_defs[] = {
 
 		.name = "FACILITIES_KVM_CPUMODEL",
 		.bits = (int[]){
+			156, /* etoken facility */
 			-1  /* END */
 		}
 	},

From patchwork Wed Sep  5 16:36:19 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966561
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4258VW1Sy2z9sX6;
	Thu,  6 Sep 2018 02:36:51 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxanL-0004uq-TU; Wed, 05 Sep 2018 16:36:43 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanJ-0004t1-FA
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:41 +0000
Received: from mail-it0-f70.google.com ([209.85.214.70])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanJ-0005hw-4a
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:41 +0000
Received: by mail-it0-f70.google.com with SMTP id q5-v6so8497579ith.1
	for <kernel-team@lists.ubuntu.com>;
	Wed, 05 Sep 2018 09:36:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=nKep6KPAa/mjdoF/QOElknoGvZC5xjSjnwgC4lPVciA=;
	b=SKI8KD3chPkGJBYnUEWLup69HmdAu0Jtzx85pAd4Ch8Zw/pMITXuwZ+r3DVzp5CM8p
	T53C6VyA+l0v7DP+v2lnF0cnK0AR8bmF+6Y/Gq1wEs98nm6C2s21ZkwNEy5+ehhC7aIV
	wa7OsGWTTpRQ/PeC4Tn+V1E1Owu33E1MNbvrTWxf4O6cO+fEePu5DVnSPOBLFyJERkHp
	X65/Y1kgQzhYYyP/SfgnZF8/tbiZOjLUqW4pgjmmf4rrZuxjC/tL61Ft5EWYM47NbvdJ
	UX/s+Xjs3mnkCppf1OGPPzO6mR0npPCkDBXcD4o1MTfH1Wfye0Fb+hBZtvgKEgMqms/o
	cHPw==
X-Gm-Message-State: APzg51DB4TWfYVSshMqtXwWY43eScnE+Cs+VGGoRQUjAHzCU5B4o/eld
	l4GuPj1T9GZQsAO3KqwZBSZFhYalgn7gfwGxo4UV+I5OvpjquoGCP9tTPK/F7GDn91gN8Un/Ev4
	D6fwWv9i6xggeTEnSJr70CEFBj3HuTF6gHEsZIHV6Hg==
X-Received: by 2002:a6b:f919:: with SMTP id
	j25-v6mr25547991iog.280.1536165399763;
	Wed, 05 Sep 2018 09:36:39 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdYZVoODCU2rGzjRqaR6tGAW/ZdeerFWncRjdXpzXMso+zgBuDlRUPfP0r6TVMJF++RLt07GiA==
X-Received: by 2002:a6b:f919:: with SMTP id
	j25-v6mr25547978iog.280.1536165399547;
	Wed, 05 Sep 2018 09:36:39 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	i5-v6sm744367ioq.5.2018.09.05.09.36.37
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 05 Sep 2018 09:36:38 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v4 4/6] s390/lib: use expoline for all bcr
	instructions
Date: Wed,  5 Sep 2018 12:36:19 -0400
Message-Id: <20180905163621.16452-5-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905163621.16452-1-khalid.elmously@canonical.com>
References: <20180905163621.16452-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

The memove, memset, memcpy, __memset16, __memset32 and __memset64
function have an additional indirect return branch in form of a
"bzr" instruction. These need to use expolines as well.

Cc: <stable@vger.kernel.org> # v4.17+
Fixes: 97489e0663 ("s390/lib: use expoline for indirect branches")
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit 5eda25b10297684c1f46a14199ec00210f3c346e)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/lib/mem.S | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S
index 2311f15be9cf..40c4d59c926e 100644
--- a/arch/s390/lib/mem.S
+++ b/arch/s390/lib/mem.S
@@ -17,7 +17,7 @@
 ENTRY(memmove)
 	ltgr	%r4,%r4
 	lgr	%r1,%r2
-	bzr	%r14
+	jz	.Lmemmove_exit
 	aghi	%r4,-1
 	clgr	%r2,%r3
 	jnh	.Lmemmove_forward
@@ -36,6 +36,7 @@ ENTRY(memmove)
 .Lmemmove_forward_remainder:
 	larl	%r5,.Lmemmove_mvc
 	ex	%r4,0(%r5)
+.Lmemmove_exit:
 	BR_EX	%r14
 .Lmemmove_reverse:
 	ic	%r0,0(%r4,%r3)
@@ -65,7 +66,7 @@ EXPORT_SYMBOL(memmove)
  */
 ENTRY(memset)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.Lmemset_exit
 	ltgr	%r3,%r3
 	jnz	.Lmemset_fill
 	aghi	%r4,-1
@@ -80,6 +81,7 @@ ENTRY(memset)
 .Lmemset_clear_remainder:
 	larl	%r3,.Lmemset_xc
 	ex	%r4,0(%r3)
+.Lmemset_exit:
 	BR_EX	%r14
 .Lmemset_fill:
 	cghi	%r4,1
@@ -115,7 +117,7 @@ EXPORT_SYMBOL(memset)
  */
 ENTRY(memcpy)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.Lmemcpy_exit
 	aghi	%r4,-1
 	srlg	%r5,%r4,8
 	ltgr	%r5,%r5
@@ -124,6 +126,7 @@ ENTRY(memcpy)
 .Lmemcpy_remainder:
 	larl	%r5,.Lmemcpy_mvc
 	ex	%r4,0(%r5)
+.Lmemcpy_exit:
 	BR_EX	%r14
 .Lmemcpy_loop:
 	mvc	0(256,%r1),0(%r3)
@@ -145,9 +148,9 @@ EXPORT_SYMBOL(memcpy)
 .macro __MEMSET bits,bytes,insn
 ENTRY(__memset\bits)
 	ltgr	%r4,%r4
-	bzr	%r14
+	jz	.L__memset_exit\bits
 	cghi	%r4,\bytes
-	je	.L__memset_exit\bits
+	je	.L__memset_store\bits
 	aghi	%r4,-(\bytes+1)
 	srlg	%r5,%r4,8
 	ltgr	%r5,%r5
@@ -163,8 +166,9 @@ ENTRY(__memset\bits)
 	larl	%r5,.L__memset_mvc\bits
 	ex	%r4,0(%r5)
 	BR_EX	%r14
-.L__memset_exit\bits:
+.L__memset_store\bits:
 	\insn	%r3,0(%r2)
+.L__memset_exit\bits:
 	BR_EX	%r14
 .L__memset_mvc\bits:
 	mvc	\bytes(1,%r1),0(%r1)

From patchwork Wed Sep  5 16:36:20 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966562
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4258VW1d5zz9sdn;
	Thu,  6 Sep 2018 02:36:51 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxanM-0004vG-DP; Wed, 05 Sep 2018 16:36:44 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanK-0004tk-UC
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:42 +0000
Received: from mail-io0-f198.google.com ([209.85.223.198])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanK-0005i9-J4
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:42 +0000
Received: by mail-io0-f198.google.com with SMTP id z20-v6so7799416iol.1
	for <kernel-team@lists.ubuntu.com>;
	Wed, 05 Sep 2018 09:36:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=jG22EVMNqOlrkJiHV8dn3q/D54kIv4anZdb8P89mCjk=;
	b=YxjB94NF1YidqobfpU4gTXp0PA5PZh/K7LSTGnV2zMXjlI/Y8w7DqoHpWxGBUiAQfF
	etsRTGtiVvLSCmF8BZC3TweImJYNY39W3bsAlWUEHU/XVguBVwegSt95nNhNU8/MGScr
	s2PXM4G7F8hgXJfuyjAmJdUv4dfRhUge9m0NrTzlKliZcOi8EiX/HLy8YfS9xKruMA9J
	ZY8Uz4/c7JFglQ6WTtZFNxg+ZQR5ZL2w2tGJA2Qx2czXv0630tBCSr+uuIGhC0prqIL8
	MC0JAEUJXCqqKY0C144Fu2c6zQG0UF9qAmP4a7TVrU52IPv4WWYSSJFyriB/pwRXRhHc
	Ld2g==
X-Gm-Message-State: APzg51AHRkNPlikFyKcQqSu7J0EaU8ujUasBOpUc3YtKF1bSky3lwRt+
	3NuaW4HSigak91RLlpTnknVhQTHhr0QRtLHTbIZLpRKOnR9LCKlAXYlMMWP/q1sivtqd1RRDVl8
	n6FZIirdRECpDkZr0C/DMcGvg7Z6Q3Caj90o5xn8vmw==
X-Received: by 2002:a24:e4ca:: with SMTP id
	o193-v6mr1086934ith.132.1536165401344;
	Wed, 05 Sep 2018 09:36:41 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdYPHeTMAz8zVlR0Xa0Kkpe7BcbcY3f9NwUM335cR18s2QCpzXqrPlO5UYBJOp/3gyVjpZex8A==
X-Received: by 2002:a24:e4ca:: with SMTP id
	o193-v6mr1086923ith.132.1536165401196;
	Wed, 05 Sep 2018 09:36:41 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	i5-v6sm744367ioq.5.2018.09.05.09.36.39
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 05 Sep 2018 09:36:40 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v4 5/6] s390: fix br_r1_trampoline for machines
	without exrl
Date: Wed,  5 Sep 2018 12:36:20 -0400
Message-Id: <20180905163621.16452-6-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905163621.16452-1-khalid.elmously@canonical.com>
References: <20180905163621.16452-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Martin Schwidefsky <schwidefsky@de.ibm.com>

CVE-2017-5715 (Spectre v2 s390x)

For machines without the exrl instruction the BFP jit generates
code that uses an "br %r1" instruction located in the lowcore page.
Unfortunately there is a cut & paste error that puts an additional
"larl %r1,.+14" instruction in the code that clobbers the branch
target address in %r1. Remove the larl instruction.

Cc: <stable@vger.kernel.org> # v4.17+
Fixes: de5cb6eb51 ("s390: use expoline thunks in the BPF JIT")
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit 26f843848bae973817b3587780ce6b7b0200d3e4)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/net/bpf_jit_comp.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index f5ad92d09006..6b84bdc94055 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -518,8 +518,6 @@ static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth)
 			/* br %r1 */
 			_EMIT2(0x07f1);
 		} else {
-			/* larl %r1,.+14 */
-			EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
 			/* ex 0,S390_lowcore.br_r1_tampoline */
 			EMIT4_DISP(0x44000000, REG_0, REG_0,
 				   offsetof(struct lowcore, br_r1_trampoline));

From patchwork Wed Sep  5 16:36:21 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khalid Elmously <khalid.elmously@canonical.com>
X-Patchwork-Id: 966563
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4258VY1RB3z9sDr;
	Thu,  6 Sep 2018 02:36:53 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fxanP-0004xp-0E; Wed, 05 Sep 2018 16:36:47 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanM-0004vc-Qw
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:44 +0000
Received: from mail-io0-f200.google.com ([209.85.223.200])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <khalid.elmously@canonical.com>)
	id 1fxanM-0005iK-BV
	for kernel-team@lists.ubuntu.com; Wed, 05 Sep 2018 16:36:44 +0000
Received: by mail-io0-f200.google.com with SMTP id l6-v6so7808246iog.4
	for <kernel-team@lists.ubuntu.com>;
	Wed, 05 Sep 2018 09:36:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=tU0BatZKhmgI2Css3wNNNhhvoyCQIvAjaYV4+bqi0YA=;
	b=cfJeZxh1cfVuzQNUagQtImrUVZcw3uoDNIMmC35n5LruA6zEZSpTx4BHFLtT7HvfbF
	aA/eGHVXc5a8PVbWsO2rD1XQmaXGHsLH/Z3v+dYuxas9dtAmIi+eDDyzLyEZK4iQ2Cwv
	TReK9p+mQ/BZlM45oPPIu2JbnTvGSN+vpL7HSonbBFX/ua5dwMSTpxP0M6+25tmBQXF5
	tesRPTLCmuQttHikNK2UNIFwU6PfBoG0G1P6Xy2kT6fXeCML/LV0CS7CnPgdykP4DUXb
	PzdoKT0/cSSTFdrViowJE14isP2FrP3fmuYRVVmaR09yNFhn/6AN6IhhY9lEP/PfeUTi
	6oQw==
X-Gm-Message-State: APzg51DQgLs+OG8FOkp2w7eWv40YoqcD9ZjlOAFdV1kBAyL3L5LprUHc
	HD+tFItGqI7mUYEw//lZrZFOSXvkMhN5cRcet6QJWT1qOhbXT4Jb58Ici+B7A+9S5BiDNwrzC5H
	nYJK6JElvQsAl8GfM1MUihWgEbK+i1ZH1egoEUXA/cw==
X-Received: by 2002:a6b:d90b:: with SMTP id
	r11-v6mr25296139ioc.50.1536165403085;
	Wed, 05 Sep 2018 09:36:43 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdZdw29F95Ftn/25DAmFr7SKQEI4328t7tcT029V4HyUhWMHDorpG2B8Swl7snZ7Yy8YSP8QfA==
X-Received: by 2002:a6b:d90b:: with SMTP id
	r11-v6mr25296126ioc.50.1536165402931;
	Wed, 05 Sep 2018 09:36:42 -0700 (PDT)
Received: from kbuntu.fuzzbuzz.org (23-233-27-24.cpe.pppoe.ca.
	[23.233.27.24]) by smtp.gmail.com with ESMTPSA id
	i5-v6sm744367ioq.5.2018.09.05.09.36.41
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 05 Sep 2018 09:36:41 -0700 (PDT)
From: Khalid Elmously <khalid.elmously@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][v4 6/6] UBUNTU: SAUCE: bpf,
	s390x: remove ld_abs/ld_ind
Date: Wed,  5 Sep 2018 12:36:21 -0400
Message-Id: <20180905163621.16452-7-khalid.elmously@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180905163621.16452-1-khalid.elmously@canonical.com>
References: <20180905163621.16452-1-khalid.elmously@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

CVE-2017-5715 (Spectre v2 s390x)

removed the code that generated the indirect branch "basr %b5,%w1"
from the BPF JIT. Older versions of the BPF which still have support
for LD_ABS/LD_IND need a patch to add the execute trampoline for
this branch instruction.

Original author: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---
 arch/s390/net/bpf_jit_comp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index 6b84bdc94055..e3a4b98f8b47 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -1302,8 +1302,13 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
 			/* lg %skb_data,data_off(%b6) */
 			EMIT6_DISP_LH(0xe3000000, 0x0004, REG_SKB_DATA, REG_0,
 				      BPF_REG_6, offsetof(struct sk_buff, data));
-		/* basr %b5,%w1 (%b5 is call saved) */
-		EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) {
+			/* brasl %r5,__s390_indirect_jump_r1 */
+			EMIT6_PCREL_RILB(0xc0050000, BPF_REG_5, jit->r1_thunk_ip);
+		} else {
+			/* basr %b5,%w1 (%b5 is call saved) */
+			EMIT2(0x0d00, BPF_REG_5, REG_W1);
+		}
 
 		/*
 		 * Note: For fast access we jump directly after the