s390: introduce execute-trampolines for branches (f19fbd5e) · Commits · 戴 / test

arch/s390/Kconfig

+28 −0

Original line number	Diff line number	Diff line
		@@ -557,6 +557,34 @@ config KERNEL_NOBP

		If unsure, say N.

		config EXPOLINE
		def_bool n
		prompt "Avoid speculative indirect branches in the kernel"
		help
		Compile the kernel with the expoline compiler options to guard
		against kernel-to-user data leaks by avoiding speculative indirect
		branches.
		Requires a compiler with -mindirect-branch=thunk support for full
		protection. The kernel may run slower.

		If unsure, say N.

		choice
		prompt "Expoline default"
		depends on EXPOLINE
		default EXPOLINE_FULL

		config EXPOLINE_OFF
		bool "spectre_v2=off"

		config EXPOLINE_MEDIUM
		bool "spectre_v2=auto"

		config EXPOLINE_FULL
		bool "spectre_v2=on"

		endchoice

		endmenu

		menu "Memory setup"

+10 −0

Original line number	Diff line number	Diff line
		@@ -78,6 +78,16 @@ ifeq ($(call cc-option-yn,-mwarn-dynamicstack),y)
		cflags-$(CONFIG_WARN_DYNAMIC_STACK) += -mwarn-dynamicstack
		endif

		ifdef CONFIG_EXPOLINE
		ifeq ($(call cc-option-yn,$(CC_FLAGS_MARCH) -mindirect-branch=thunk),y)
		CC_FLAGS_EXPOLINE := -mindirect-branch=thunk
		CC_FLAGS_EXPOLINE += -mfunction-return=thunk
		CC_FLAGS_EXPOLINE += -mindirect-branch-table
		export CC_FLAGS_EXPOLINE
		cflags-y += $(CC_FLAGS_EXPOLINE)
		endif
		endif

		ifdef CONFIG_FUNCTION_TRACER
		# make use of hotpatch feature if the compiler supports it
		cc_hotpatch := -mhotpatch=0,3

+5 −1

Original line number	Diff line number	Diff line
		@@ -136,7 +136,11 @@ struct lowcore {
		__u64 vdso_per_cpu_data; /* 0x03b8 */
		__u64 machine_flags; /* 0x03c0 */
		__u64 gmap; /* 0x03c8 */
		__u8 pad_0x03d0[0x0e00-0x03d0]; /* 0x03d0 */
		__u8 pad_0x03d0[0x0400-0x03d0]; /* 0x03d0 */

		/* br %r1 trampoline */
		__u16 br_r1_trampoline; /* 0x0400 */
		__u8 pad_0x0402[0x0e00-0x0402]; /* 0x0402 */

		/*
		* 0xe00 contains the address of the IPL Parameter Information

0 → 100644

+18 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0 */
		#ifndef _ASM_S390_EXPOLINE_H
		#define _ASM_S390_EXPOLINE_H

		#ifndef __ASSEMBLY__

		#include <linux/types.h>

		extern int nospec_call_disable;
		extern int nospec_return_disable;

		void nospec_init_branches(void);
		void nospec_call_revert(s32 start, s32 end);
		void nospec_return_revert(s32 start, s32 end);

		#endif /* __ASSEMBLY__ */

		#endif /* _ASM_S390_EXPOLINE_H */

+4 −0

Original line number	Diff line number	Diff line
		@@ -29,6 +29,7 @@ UBSAN_SANITIZE_early.o := n
		#
		ifneq ($(CC_FLAGS_MARCH),-march=z900)
		CFLAGS_REMOVE_als.o += $(CC_FLAGS_MARCH)
		CFLAGS_REMOVE_als.o += $(CC_FLAGS_EXPOLINE)
		CFLAGS_als.o += -march=z900
		AFLAGS_REMOVE_head.o += $(CC_FLAGS_MARCH)
		AFLAGS_head.o += -march=z900
		@@ -63,6 +64,9 @@ obj-y += entry.o reipl.o relocate_kernel.o kdebugfs.o alternative.o

		extra-y += head.o head64.o vmlinux.lds

		obj-$(CONFIG_EXPOLINE) += nospec-branch.o
		CFLAGS_REMOVE_expoline.o += $(CC_FLAGS_EXPOLINE)

		obj-$(CONFIG_MODULES) += module.o
		obj-$(CONFIG_SMP) += smp.o
		obj-$(CONFIG_SCHED_TOPOLOGY) += topology.o