Commit c32821cd authored by Martin Schwidefsky's avatar Martin Schwidefsky Committed by Kleber Sacilotto de Souza

s390: detect etoken facility

CVE-2017-5715 (Spectre v2 s390x)

Detect and report the etoken facility. With spectre_v2=auto or
CONFIG_EXPOLINE_AUTO=y automatically disable expolines and use
the full branch prediction mode for the kernel.
Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
(backported from commit aeaf7002)
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 8a9a72bc
...@@ -36,6 +36,8 @@ early_param("nospec", nospec_setup_early); ...@@ -36,6 +36,8 @@ early_param("nospec", nospec_setup_early);
static int __init nospec_report(void) static int __init nospec_report(void)
{ {
if (test_facility(156))
pr_info("Spectre V2 mitigation: etokens\n");
if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
pr_info("Spectre V2 mitigation: execute trampolines.\n"); pr_info("Spectre V2 mitigation: execute trampolines.\n");
if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))
...@@ -57,7 +59,15 @@ early_param("nospectre_v2", nospectre_v2_setup_early); ...@@ -57,7 +59,15 @@ early_param("nospectre_v2", nospectre_v2_setup_early);
void __init nospec_auto_detect(void) void __init nospec_auto_detect(void)
{ {
if (IS_ENABLED(CC_USING_EXPOLINE)) { if (test_facility(156)) {
/*
* The machine supports etokens.
* Disable expolines and disable nobp.
*/
if (IS_ENABLED(CC_USING_EXPOLINE))
nospec_disable = 1;
__clear_facility(82, S390_lowcore.alt_stfle_fac_list);
} else if (IS_ENABLED(CC_USING_EXPOLINE)) {
/* /*
* The kernel has been compiled with expolines. * The kernel has been compiled with expolines.
* Keep expolines enabled and disable nobp. * Keep expolines enabled and disable nobp.
......
...@@ -13,6 +13,8 @@ ssize_t cpu_show_spectre_v1(struct device *dev, ...@@ -13,6 +13,8 @@ ssize_t cpu_show_spectre_v1(struct device *dev,
ssize_t cpu_show_spectre_v2(struct device *dev, ssize_t cpu_show_spectre_v2(struct device *dev,
struct device_attribute *attr, char *buf) struct device_attribute *attr, char *buf)
{ {
if (test_facility(156))
return sprintf(buf, "Mitigation: etokens\n");
if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
return sprintf(buf, "Mitigation: execute trampolines\n"); return sprintf(buf, "Mitigation: execute trampolines\n");
if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment