s390: detect etoken facility

CVE-2017-5715 (Spectre v2 s390x)

Detect and report the etoken facility. With spectre_v2=auto or
CONFIG_EXPOLINE_AUTO=y automatically disable expolines and use
the full branch prediction mode for the kernel.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit aeaf7002a76c8da60c0f503badcbddc07650678c)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

diff --git a/arch/s390/kernel/nospec-branch.c b/arch/s390/kernel/nospec-branch.c
index 8ad6a7128b3a5eba73345e2365613284466e7489..555da6e05d7b495ecd3587a85eeda1bc5409af36 100644 (file)
--- a/arch/s390/kernel/nospec-branch.c
+++ b/arch/s390/kernel/nospec-branch.c
@@ -35,6 +35,8 @@ early_param("nospec", nospec_setup_early);
 
 static int __init nospec_report(void)
 {
+       if (test_facility(156))
+               pr_info("Spectre V2 mitigation: etokens\n");
        if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
                pr_info("Spectre V2 mitigation: execute trampolines.\n");
        if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))
@@ -56,7 +58,15 @@ early_param("nospectre_v2", nospectre_v2_setup_early);
 
 void __init nospec_auto_detect(void)
 {
-       if (IS_ENABLED(CC_USING_EXPOLINE)) {
+       if (test_facility(156)) {
+               /*
+                * The machine supports etokens.
+                * Disable expolines and disable nobp.
+                */
+               if (IS_ENABLED(CC_USING_EXPOLINE))
+                       nospec_disable = 1;
+               __clear_facility(82, S390_lowcore.alt_stfle_fac_list);
+       } else if (IS_ENABLED(CC_USING_EXPOLINE)) {
                /*
                 * The kernel has been compiled with expolines.
                 * Keep expolines enabled and disable nobp.

diff --git a/arch/s390/kernel/nospec-sysfs.c b/arch/s390/kernel/nospec-sysfs.c
index 8affad5f18cb5df637754f192ae5d8bce9387eba..e30e580ae36209d3395c2cf25a412ba5b9385480 100644 (file)
--- a/arch/s390/kernel/nospec-sysfs.c
+++ b/arch/s390/kernel/nospec-sysfs.c
@@ -13,6 +13,8 @@ ssize_t cpu_show_spectre_v1(struct device *dev,
 ssize_t cpu_show_spectre_v2(struct device *dev,
                            struct device_attribute *attr, char *buf)
 {
+       if (test_facility(156))
+               return sprintf(buf, "Mitigation: etokens\n");
        if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable)
                return sprintf(buf, "Mitigation: execute trampolines\n");
        if (__test_facility(82, S390_lowcore.alt_stfle_fac_list))