Received: by 10.223.176.5 with SMTP id f5csp556174wra; Wed, 7 Feb 2018 03:53:05 -0800 (PST) X-Google-Smtp-Source: AH8x2265JOm8yKjJ51JfMG+lHzZR+RMdXKgUsq20O/xd3eyaQnpZTxbGVprqNv9oYwcmbqrxMN0R X-Received: by 10.101.82.1 with SMTP id o1mr4668013pgp.259.1518004385736; Wed, 07 Feb 2018 03:53:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518004385; cv=none; d=google.com; s=arc-20160816; b=p//6Qp2m8ypHOQPOae2L6fvdB+qqq5Z/KVKYVnEZCIQIy0w++ddzqlakhO/WNAOcGh OaSN1mAVBY8AiKoMNYxM9d/3gd6PMsw1DKy9GRKz8y4TwlwKyW+keB1xJhFy2ZdrutaS R8yuwR90YZseZ+qWhqlDO2JOp+T7Fc2ugDz5SeYL5PzFHlVfJ7gMNs1a+gxHX+vi45FG vonSp6hjvsuXFyffuiWi9LHtpQ0SAVORCPiQOAQQLKGUl2DmmcQwF3w3ZsDE8ve3PumN +Opo048mDX4/nfE4mkfN5v897X1fyzk0smveD+BYPqeoFvVNeL3N1/8vDBhZAouC/S8I dQow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=kH7wxyOvbo4UNI8Fgih8INXA9ikUSKUypSjYfRzVKxM=; b=vNV+SDKkRi4X2oCgVO86+JrviES1v3tn3ZWlXQv3UQYv1qIdQFl3EZhSy7wNy4Vhzg XAkF6v6QZxdLeLVAK5M+fF11KTc2KWSMzxVE9GE8lhLajqPDGsPMcJBYB48LlA0sNi4R DVajw3m5GpnEfN2md4UUqzf0kJlrUqkRiGexgWvvFoOoxThX6qRNc/ut2WEcNEJBam/v L0MUU5swkK6IzgpKRAlyrPDuRNVn2w1hjkVOb14WRMwsoddOQZ7mYffv5Tk6m7nLezcT SI8sB0giBQoacqasVq8e9gudxx4foC22ljLRVBZOhGPhn57cp+vdiaZiiXQwyaQMOnKx FScg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d18si1023051pfj.225.2018.02.07.03.52.51; Wed, 07 Feb 2018 03:53:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753768AbeBGLwA (ORCPT + 99 others); Wed, 7 Feb 2018 06:52:00 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:55388 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753539AbeBGLv5 (ORCPT ); Wed, 7 Feb 2018 06:51:57 -0500 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w17Bcr3a051101 for ; Wed, 7 Feb 2018 06:51:57 -0500 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0b-001b2d01.pphosted.com with ESMTP id 2g00rhrmkw-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 07 Feb 2018 06:51:57 -0500 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 7 Feb 2018 11:51:55 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 7 Feb 2018 11:51:50 -0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w17BpocA45613214; Wed, 7 Feb 2018 11:51:50 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C861211C04C; Wed, 7 Feb 2018 11:45:12 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 67A3611C050; Wed, 7 Feb 2018 11:45:12 +0000 (GMT) Received: from mschwideX1 (unknown [9.152.212.220]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 7 Feb 2018 11:45:12 +0000 (GMT) Date: Wed, 7 Feb 2018 12:51:48 +0100 From: Martin Schwidefsky To: Pavel Machek Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, Heiko Carstens , Christian Borntraeger , Cornelia Huck , David Hildenbrand , Greg Kroah-Hartman , Jon Masters , Marcus Meissner , Jiri Kosina , Dominik Brodowski , Alan Cox , David Woodhouse Subject: Re: [PATCH 6/6] s390: introduce execute-trampolines for branches In-Reply-To: <20180207100726.GB31392@amd> References: <1517986811-27819-1-git-send-email-schwidefsky@de.ibm.com> <1517986811-27819-7-git-send-email-schwidefsky@de.ibm.com> <20180207100726.GB31392@amd> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 18020711-0040-0000-0000-0000042D53C6 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18020711-0041-0000-0000-000020D10629 Message-Id: <20180207125148.2c657e58@mschwideX1> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-02-07_03:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1802070149 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 7 Feb 2018 11:07:26 +0100 Pavel Machek wrote: > On Wed 2018-02-07 08:00:11, Martin Schwidefsky wrote: > > Add CONFIG_EXPOLINE to enable the use of the new -mindirect-branch= and > > -mfunction_return= compiler options to create a kernel fortified against > > the specte v2 attack. > > > > With CONFIG_EXPOLINE=y all indirect branches will be issued with an > > execute type instruction. For z10 or newer the EXRL instruction will > > be used, for older machines the EX instruction. The typical indirect > > call > > > > basr %r14,%r1 > > > > is replaced with a PC relative call to a new thunk > > > > brasl %r14,__s390x_indirect_jump_r1 > > > > The thunk contains the EXRL/EX instruction to the indirect branch > > > > __s390x_indirect_jump_r1: > > exrl 0,0f > > j . > > 0: br %r1 > > > > The detour via the execute type instruction has a performance impact. > > To get rid of the detour the new kernel parameter "nospectre_v2" and > > "spectre_v2=[on,off,auto]" can be used. If the parameter is specified > > the kernel and module code will be patched at runtime. > > This is really unfortunate naming of kernel option. > > spectre_v2=off sounds like we are turning the "bug" off, but i somehow > suspect you are turning the bug _workaround_ off. Well, that is the 1:1 copy of the x86 option. Do you want to change that one as well? -- blue skies, Martin. "Reality continues to ruin my life." - Calvin.