Commit a9a979ca authored by Martin Schwidefsky's avatar Martin Schwidefsky Committed by Stefan Bader

UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and nobp

CVE-2017-5753
CVE-2017-5715
Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: default avatarMarcelo Henrique Cerri <marcelo.cerri@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarKhaled Elmously <khalid.elmously@canonical.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 86d33097
...@@ -485,6 +485,23 @@ source kernel/Kconfig.preempt ...@@ -485,6 +485,23 @@ source kernel/Kconfig.preempt
source kernel/Kconfig.hz source kernel/Kconfig.hz
config KERNEL_NOBP
def_bool n
prompt "Enable modified branch prediction for the kernel by default"
help
If this option is selected the kernel will switch to a modified
branch prediction mode if the firmware interface is available.
The modified branch prediction mode improves the behaviour in
regard to speculative execution.
With the option enabled the kernel parameter "nobp=0" or "nospec"
can be used to run the kernel in the normal branch prediction mode.
With the option disabled the modified branch prediction mode is
enabled with the "nobp=1" kernel parameter.
If unsure, say N.
endmenu endmenu
menu "Memory setup" menu "Memory setup"
......
...@@ -13,6 +13,24 @@ ...@@ -13,6 +13,24 @@
#define MAX_FACILITY_BIT (256*8) /* stfle_fac_list has 256 bytes */ #define MAX_FACILITY_BIT (256*8) /* stfle_fac_list has 256 bytes */
static inline void __set_facility(unsigned long nr, void *facilities)
{
unsigned char *ptr = (unsigned char *) facilities;
if (nr >= MAX_FACILITY_BIT)
return;
ptr[nr >> 3] |= 0x80 >> (nr & 7);
}
static inline void __clear_facility(unsigned long nr, void *facilities)
{
unsigned char *ptr = (unsigned char *) facilities;
if (nr >= MAX_FACILITY_BIT)
return;
ptr[nr >> 3] &= ~(0x80 >> (nr & 7));
}
static inline int __test_facility(unsigned long nr, void *facilities) static inline int __test_facility(unsigned long nr, void *facilities)
{ {
unsigned char *ptr; unsigned char *ptr;
......
...@@ -170,7 +170,8 @@ struct _lowcore { ...@@ -170,7 +170,8 @@ struct _lowcore {
__u8 pad_0x0e20[0x0f00-0x0e20]; /* 0x0e20 */ __u8 pad_0x0e20[0x0f00-0x0e20]; /* 0x0e20 */
/* Extended facility list */ /* Extended facility list */
__u64 stfle_fac_list[32]; /* 0x0f00 */ __u64 stfle_fac_list[16]; /* 0x0f00 */
__u64 alt_stfle_fac_list[16]; /* 0x0f80 */
__u8 pad_0x1000[0x11b0-0x1000]; /* 0x1000 */ __u8 pad_0x1000[0x11b0-0x1000]; /* 0x1000 */
/* Pointer to vector register save area */ /* Pointer to vector register save area */
......
...@@ -14,18 +14,35 @@ static int __init disable_alternative_instructions(char *str) ...@@ -14,18 +14,35 @@ static int __init disable_alternative_instructions(char *str)
early_param("noaltinstr", disable_alternative_instructions); early_param("noaltinstr", disable_alternative_instructions);
extern struct alt_instr __alt_nobp[], __alt_nobp_end[]; static int __init nobp_setup_early(char *str)
static int __init nobp_setup(char *str)
{ {
bool enabled; bool enabled;
int rc; int rc;
rc = strtobool(str, &enabled); rc = strtobool(str, &enabled);
if (!rc && enabled) if (rc)
apply_alternatives(__alt_nobp, __alt_nobp_end); return rc;
return rc; if (enabled && test_facility(82))
__set_facility(82, S390_lowcore.alt_stfle_fac_list);
else
__clear_facility(82, S390_lowcore.alt_stfle_fac_list);
return 0;
}
early_param("nobp", nobp_setup_early);
static int __init nospec_setup_early(char *str)
{
__clear_facility(82, S390_lowcore.alt_stfle_fac_list);
return 0;
}
early_param("nospec", nospec_setup_early);
static int __init nogmb_setup_early(char *str)
{
__clear_facility(81, S390_lowcore.alt_stfle_fac_list);
return 0;
} }
__setup("nobp=", nobp_setup); early_param("nogmb", nogmb_setup_early);
struct brcl_insn { struct brcl_insn {
u16 opc; u16 opc;
...@@ -87,7 +104,8 @@ static void __init_or_module __apply_alternatives(struct alt_instr *start, ...@@ -87,7 +104,8 @@ static void __init_or_module __apply_alternatives(struct alt_instr *start,
instr = (u8 *)&a->instr_offset + a->instr_offset; instr = (u8 *)&a->instr_offset + a->instr_offset;
replacement = (u8 *)&a->repl_offset + a->repl_offset; replacement = (u8 *)&a->repl_offset + a->repl_offset;
if (!test_facility(a->facility)) if (!__test_facility(a->facility,
S390_lowcore.alt_stfle_fac_list))
continue; continue;
if (unlikely(a->instrlen % 2 || a->replacementlen % 2)) { if (unlikely(a->instrlen % 2 || a->replacementlen % 2)) {
......
...@@ -279,6 +279,11 @@ static noinline __init void setup_facility_list(void) ...@@ -279,6 +279,11 @@ static noinline __init void setup_facility_list(void)
{ {
stfle(S390_lowcore.stfle_fac_list, stfle(S390_lowcore.stfle_fac_list,
ARRAY_SIZE(S390_lowcore.stfle_fac_list)); ARRAY_SIZE(S390_lowcore.stfle_fac_list));
memcpy(S390_lowcore.alt_stfle_fac_list,
S390_lowcore.stfle_fac_list,
sizeof(S390_lowcore.alt_stfle_fac_list));
if (!IS_ENABLED(CONFIG_KERNEL_NOBP))
__clear_facility(82, S390_lowcore.alt_stfle_fac_list);
} }
static __init void detect_diag9c(void) static __init void detect_diag9c(void)
......
...@@ -167,7 +167,7 @@ _PIF_WORK = (_PIF_PER_TRAP) ...@@ -167,7 +167,7 @@ _PIF_WORK = (_PIF_PER_TRAP)
660: .long 0xb2e8c000 660: .long 0xb2e8c000
.popsection .popsection
661: .long 0x47000000 661: .long 0x47000000
.pushsection .altnobp, "a" .pushsection .altinstructions, "a"
.long 661b - . .long 661b - .
.long 660b - . .long 660b - .
.word 82 .word 82
...@@ -181,7 +181,7 @@ _PIF_WORK = (_PIF_PER_TRAP) ...@@ -181,7 +181,7 @@ _PIF_WORK = (_PIF_PER_TRAP)
662: .long 0xb2e8d000 662: .long 0xb2e8d000
.popsection .popsection
663: .long 0x47000000 663: .long 0x47000000
.pushsection .altnobp, "a" .pushsection .altinstructions, "a"
.long 663b - . .long 663b - .
.long 662b - . .long 662b - .
.word 82 .word 82
......
...@@ -334,7 +334,9 @@ static void __init setup_lowcore(void) ...@@ -334,7 +334,9 @@ static void __init setup_lowcore(void)
lc->machine_flags = S390_lowcore.machine_flags; lc->machine_flags = S390_lowcore.machine_flags;
lc->stfl_fac_list = S390_lowcore.stfl_fac_list; lc->stfl_fac_list = S390_lowcore.stfl_fac_list;
memcpy(lc->stfle_fac_list, S390_lowcore.stfle_fac_list, memcpy(lc->stfle_fac_list, S390_lowcore.stfle_fac_list,
MAX_FACILITY_BIT/8); sizeof(lc->stfle_fac_list));
memcpy(lc->alt_stfle_fac_list, S390_lowcore.alt_stfle_fac_list,
sizeof(lc->alt_stfle_fac_list));
if (MACHINE_HAS_VX) if (MACHINE_HAS_VX)
lc->vector_save_area_addr = lc->vector_save_area_addr =
(unsigned long) &lc->vector_save_area; (unsigned long) &lc->vector_save_area;
......
...@@ -250,7 +250,9 @@ static void pcpu_prepare_secondary(struct pcpu *pcpu, int cpu) ...@@ -250,7 +250,9 @@ static void pcpu_prepare_secondary(struct pcpu *pcpu, int cpu)
__ctl_store(lc->cregs_save_area, 0, 15); __ctl_store(lc->cregs_save_area, 0, 15);
save_access_regs((unsigned int *) lc->access_regs_save_area); save_access_regs((unsigned int *) lc->access_regs_save_area);
memcpy(lc->stfle_fac_list, S390_lowcore.stfle_fac_list, memcpy(lc->stfle_fac_list, S390_lowcore.stfle_fac_list,
MAX_FACILITY_BIT/8); sizeof(lc->stfle_fac_list));
memcpy(lc->alt_stfle_fac_list, S390_lowcore.alt_stfle_fac_list,
sizeof(lc->alt_stfle_fac_list));
} }
static void pcpu_attach_task(struct pcpu *pcpu, struct task_struct *tsk) static void pcpu_attach_task(struct pcpu *pcpu, struct task_struct *tsk)
......
...@@ -83,9 +83,6 @@ SECTIONS ...@@ -83,9 +83,6 @@ SECTIONS
__alt_instructions = .; __alt_instructions = .;
*(.altinstructions) *(.altinstructions)
__alt_instructions_end = .; __alt_instructions_end = .;
__alt_nobp = .;
*(.altnobp)
__alt_nobp_end = .;
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment