Loading Documentation/kernel-parameters.txt +3 −0 Original line number Diff line number Diff line Loading @@ -2453,6 +2453,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. noalign [KNL,ARM] noaltinstr [S390] Disables alternative instructions patching (CPU alternatives feature). noapic [SMP,APIC] Tells the kernel to not make use of any IOAPICs that may be present in the system. Loading Makefile +1 −1 Original line number Diff line number Diff line VERSION = 4 PATCHLEVEL = 4 SUBLEVEL = 129 SUBLEVEL = 131 EXTRAVERSION = NAME = Blurry Fish Butt Loading arch/s390/Kconfig +47 −0 Original line number Diff line number Diff line Loading @@ -111,6 +111,7 @@ config S390 select GENERIC_CLOCKEVENTS select GENERIC_CPU_AUTOPROBE select GENERIC_CPU_DEVICES if !SMP select GENERIC_CPU_VULNERABILITIES select GENERIC_FIND_FIRST_BIT select GENERIC_SMP_IDLE_THREAD select GENERIC_TIME_VSYSCALL Loading Loading @@ -706,6 +707,51 @@ config SECCOMP If unsure, say Y. config KERNEL_NOBP def_bool n prompt "Enable modified branch prediction for the kernel by default" help If this option is selected the kernel will switch to a modified branch prediction mode if the firmware interface is available. The modified branch prediction mode improves the behaviour in regard to speculative execution. With the option enabled the kernel parameter "nobp=0" or "nospec" can be used to run the kernel in the normal branch prediction mode. With the option disabled the modified branch prediction mode is enabled with the "nobp=1" kernel parameter. If unsure, say N. config EXPOLINE def_bool n prompt "Avoid speculative indirect branches in the kernel" help Compile the kernel with the expoline compiler options to guard against kernel-to-user data leaks by avoiding speculative indirect branches. Requires a compiler with -mindirect-branch=thunk support for full protection. The kernel may run slower. If unsure, say N. choice prompt "Expoline default" depends on EXPOLINE default EXPOLINE_FULL config EXPOLINE_OFF bool "spectre_v2=off" config EXPOLINE_AUTO bool "spectre_v2=auto" config EXPOLINE_FULL bool "spectre_v2=on" endchoice endmenu menu "Power Management" Loading Loading @@ -755,6 +801,7 @@ config PFAULT config SHARED_KERNEL bool "VM shared kernel support" depends on !JUMP_LABEL depends on !ALTERNATIVES help Select this option, if you want to share the text segment of the Linux kernel between different VM guests. This reduces memory Loading arch/s390/Makefile +10 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,16 @@ ifeq ($(call cc-option-yn,-mwarn-dynamicstack),y) cflags-$(CONFIG_WARN_DYNAMIC_STACK) += -mwarn-dynamicstack endif ifdef CONFIG_EXPOLINE ifeq ($(call cc-option-yn,$(CC_FLAGS_MARCH) -mindirect-branch=thunk),y) CC_FLAGS_EXPOLINE := -mindirect-branch=thunk CC_FLAGS_EXPOLINE += -mfunction-return=thunk CC_FLAGS_EXPOLINE += -mindirect-branch-table export CC_FLAGS_EXPOLINE cflags-y += $(CC_FLAGS_EXPOLINE) -DCC_USING_EXPOLINE endif endif ifdef CONFIG_FUNCTION_TRACER # make use of hotpatch feature if the compiler supports it cc_hotpatch := -mhotpatch=0,3 Loading arch/s390/include/asm/alternative.h 0 → 100644 +149 −0 Original line number Diff line number Diff line #ifndef _ASM_S390_ALTERNATIVE_H #define _ASM_S390_ALTERNATIVE_H #ifndef __ASSEMBLY__ #include <linux/types.h> #include <linux/stddef.h> #include <linux/stringify.h> struct alt_instr { s32 instr_offset; /* original instruction */ s32 repl_offset; /* offset to replacement instruction */ u16 facility; /* facility bit set for replacement */ u8 instrlen; /* length of original instruction */ u8 replacementlen; /* length of new instruction */ } __packed; void apply_alternative_instructions(void); void apply_alternatives(struct alt_instr *start, struct alt_instr *end); /* * |661: |662: |6620 |663: * +-----------+---------------------+ * | oldinstr | oldinstr_padding | * | +----------+----------+ * | | | | * | | >6 bytes |6/4/2 nops| * | |6 bytes jg-----------> * +-----------+---------------------+ * ^^ static padding ^^ * * .altinstr_replacement section * +---------------------+-----------+ * |6641: |6651: * | alternative instr 1 | * +-----------+---------+- - - - - -+ * |6642: |6652: | * | alternative instr 2 | padding * +---------------------+- - - - - -+ * ^ runtime ^ * * .altinstructions section * +---------------------------------+ * | alt_instr entries for each | * | alternative instr | * +---------------------------------+ */ #define b_altinstr(num) "664"#num #define e_altinstr(num) "665"#num #define e_oldinstr_pad_end "663" #define oldinstr_len "662b-661b" #define oldinstr_total_len e_oldinstr_pad_end"b-661b" #define altinstr_len(num) e_altinstr(num)"b-"b_altinstr(num)"b" #define oldinstr_pad_len(num) \ "-(((" altinstr_len(num) ")-(" oldinstr_len ")) > 0) * " \ "((" altinstr_len(num) ")-(" oldinstr_len "))" #define INSTR_LEN_SANITY_CHECK(len) \ ".if " len " > 254\n" \ "\t.error \"cpu alternatives does not support instructions " \ "blocks > 254 bytes\"\n" \ ".endif\n" \ ".if (" len ") %% 2\n" \ "\t.error \"cpu alternatives instructions length is odd\"\n" \ ".endif\n" #define OLDINSTR_PADDING(oldinstr, num) \ ".if " oldinstr_pad_len(num) " > 6\n" \ "\tjg " e_oldinstr_pad_end "f\n" \ "6620:\n" \ "\t.fill (" oldinstr_pad_len(num) " - (6620b-662b)) / 2, 2, 0x0700\n" \ ".else\n" \ "\t.fill " oldinstr_pad_len(num) " / 6, 6, 0xc0040000\n" \ "\t.fill " oldinstr_pad_len(num) " %% 6 / 4, 4, 0x47000000\n" \ "\t.fill " oldinstr_pad_len(num) " %% 6 %% 4 / 2, 2, 0x0700\n" \ ".endif\n" #define OLDINSTR(oldinstr, num) \ "661:\n\t" oldinstr "\n662:\n" \ OLDINSTR_PADDING(oldinstr, num) \ e_oldinstr_pad_end ":\n" \ INSTR_LEN_SANITY_CHECK(oldinstr_len) #define OLDINSTR_2(oldinstr, num1, num2) \ "661:\n\t" oldinstr "\n662:\n" \ ".if " altinstr_len(num1) " < " altinstr_len(num2) "\n" \ OLDINSTR_PADDING(oldinstr, num2) \ ".else\n" \ OLDINSTR_PADDING(oldinstr, num1) \ ".endif\n" \ e_oldinstr_pad_end ":\n" \ INSTR_LEN_SANITY_CHECK(oldinstr_len) #define ALTINSTR_ENTRY(facility, num) \ "\t.long 661b - .\n" /* old instruction */ \ "\t.long " b_altinstr(num)"b - .\n" /* alt instruction */ \ "\t.word " __stringify(facility) "\n" /* facility bit */ \ "\t.byte " oldinstr_total_len "\n" /* source len */ \ "\t.byte " altinstr_len(num) "\n" /* alt instruction len */ #define ALTINSTR_REPLACEMENT(altinstr, num) /* replacement */ \ b_altinstr(num)":\n\t" altinstr "\n" e_altinstr(num) ":\n" \ INSTR_LEN_SANITY_CHECK(altinstr_len(num)) /* alternative assembly primitive: */ #define ALTERNATIVE(oldinstr, altinstr, facility) \ ".pushsection .altinstr_replacement, \"ax\"\n" \ ALTINSTR_REPLACEMENT(altinstr, 1) \ ".popsection\n" \ OLDINSTR(oldinstr, 1) \ ".pushsection .altinstructions,\"a\"\n" \ ALTINSTR_ENTRY(facility, 1) \ ".popsection\n" #define ALTERNATIVE_2(oldinstr, altinstr1, facility1, altinstr2, facility2)\ ".pushsection .altinstr_replacement, \"ax\"\n" \ ALTINSTR_REPLACEMENT(altinstr1, 1) \ ALTINSTR_REPLACEMENT(altinstr2, 2) \ ".popsection\n" \ OLDINSTR_2(oldinstr, 1, 2) \ ".pushsection .altinstructions,\"a\"\n" \ ALTINSTR_ENTRY(facility1, 1) \ ALTINSTR_ENTRY(facility2, 2) \ ".popsection\n" /* * Alternative instructions for different CPU types or capabilities. * * This allows to use optimized instructions even on generic binary * kernels. * * oldinstr is padded with jump and nops at compile time if altinstr is * longer. altinstr is padded with jump and nops at run-time during patching. * * For non barrier like inlines please define new variants * without volatile and memory clobber. */ #define alternative(oldinstr, altinstr, facility) \ asm volatile(ALTERNATIVE(oldinstr, altinstr, facility) : : : "memory") #define alternative_2(oldinstr, altinstr1, facility1, altinstr2, facility2) \ asm volatile(ALTERNATIVE_2(oldinstr, altinstr1, facility1, \ altinstr2, facility2) ::: "memory") #endif /* __ASSEMBLY__ */ #endif /* _ASM_S390_ALTERNATIVE_H */ Loading
Documentation/kernel-parameters.txt +3 −0 Original line number Diff line number Diff line Loading @@ -2453,6 +2453,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. noalign [KNL,ARM] noaltinstr [S390] Disables alternative instructions patching (CPU alternatives feature). noapic [SMP,APIC] Tells the kernel to not make use of any IOAPICs that may be present in the system. Loading
Makefile +1 −1 Original line number Diff line number Diff line VERSION = 4 PATCHLEVEL = 4 SUBLEVEL = 129 SUBLEVEL = 131 EXTRAVERSION = NAME = Blurry Fish Butt Loading
arch/s390/Kconfig +47 −0 Original line number Diff line number Diff line Loading @@ -111,6 +111,7 @@ config S390 select GENERIC_CLOCKEVENTS select GENERIC_CPU_AUTOPROBE select GENERIC_CPU_DEVICES if !SMP select GENERIC_CPU_VULNERABILITIES select GENERIC_FIND_FIRST_BIT select GENERIC_SMP_IDLE_THREAD select GENERIC_TIME_VSYSCALL Loading Loading @@ -706,6 +707,51 @@ config SECCOMP If unsure, say Y. config KERNEL_NOBP def_bool n prompt "Enable modified branch prediction for the kernel by default" help If this option is selected the kernel will switch to a modified branch prediction mode if the firmware interface is available. The modified branch prediction mode improves the behaviour in regard to speculative execution. With the option enabled the kernel parameter "nobp=0" or "nospec" can be used to run the kernel in the normal branch prediction mode. With the option disabled the modified branch prediction mode is enabled with the "nobp=1" kernel parameter. If unsure, say N. config EXPOLINE def_bool n prompt "Avoid speculative indirect branches in the kernel" help Compile the kernel with the expoline compiler options to guard against kernel-to-user data leaks by avoiding speculative indirect branches. Requires a compiler with -mindirect-branch=thunk support for full protection. The kernel may run slower. If unsure, say N. choice prompt "Expoline default" depends on EXPOLINE default EXPOLINE_FULL config EXPOLINE_OFF bool "spectre_v2=off" config EXPOLINE_AUTO bool "spectre_v2=auto" config EXPOLINE_FULL bool "spectre_v2=on" endchoice endmenu menu "Power Management" Loading Loading @@ -755,6 +801,7 @@ config PFAULT config SHARED_KERNEL bool "VM shared kernel support" depends on !JUMP_LABEL depends on !ALTERNATIVES help Select this option, if you want to share the text segment of the Linux kernel between different VM guests. This reduces memory Loading
arch/s390/Makefile +10 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,16 @@ ifeq ($(call cc-option-yn,-mwarn-dynamicstack),y) cflags-$(CONFIG_WARN_DYNAMIC_STACK) += -mwarn-dynamicstack endif ifdef CONFIG_EXPOLINE ifeq ($(call cc-option-yn,$(CC_FLAGS_MARCH) -mindirect-branch=thunk),y) CC_FLAGS_EXPOLINE := -mindirect-branch=thunk CC_FLAGS_EXPOLINE += -mfunction-return=thunk CC_FLAGS_EXPOLINE += -mindirect-branch-table export CC_FLAGS_EXPOLINE cflags-y += $(CC_FLAGS_EXPOLINE) -DCC_USING_EXPOLINE endif endif ifdef CONFIG_FUNCTION_TRACER # make use of hotpatch feature if the compiler supports it cc_hotpatch := -mhotpatch=0,3 Loading
arch/s390/include/asm/alternative.h 0 → 100644 +149 −0 Original line number Diff line number Diff line #ifndef _ASM_S390_ALTERNATIVE_H #define _ASM_S390_ALTERNATIVE_H #ifndef __ASSEMBLY__ #include <linux/types.h> #include <linux/stddef.h> #include <linux/stringify.h> struct alt_instr { s32 instr_offset; /* original instruction */ s32 repl_offset; /* offset to replacement instruction */ u16 facility; /* facility bit set for replacement */ u8 instrlen; /* length of original instruction */ u8 replacementlen; /* length of new instruction */ } __packed; void apply_alternative_instructions(void); void apply_alternatives(struct alt_instr *start, struct alt_instr *end); /* * |661: |662: |6620 |663: * +-----------+---------------------+ * | oldinstr | oldinstr_padding | * | +----------+----------+ * | | | | * | | >6 bytes |6/4/2 nops| * | |6 bytes jg-----------> * +-----------+---------------------+ * ^^ static padding ^^ * * .altinstr_replacement section * +---------------------+-----------+ * |6641: |6651: * | alternative instr 1 | * +-----------+---------+- - - - - -+ * |6642: |6652: | * | alternative instr 2 | padding * +---------------------+- - - - - -+ * ^ runtime ^ * * .altinstructions section * +---------------------------------+ * | alt_instr entries for each | * | alternative instr | * +---------------------------------+ */ #define b_altinstr(num) "664"#num #define e_altinstr(num) "665"#num #define e_oldinstr_pad_end "663" #define oldinstr_len "662b-661b" #define oldinstr_total_len e_oldinstr_pad_end"b-661b" #define altinstr_len(num) e_altinstr(num)"b-"b_altinstr(num)"b" #define oldinstr_pad_len(num) \ "-(((" altinstr_len(num) ")-(" oldinstr_len ")) > 0) * " \ "((" altinstr_len(num) ")-(" oldinstr_len "))" #define INSTR_LEN_SANITY_CHECK(len) \ ".if " len " > 254\n" \ "\t.error \"cpu alternatives does not support instructions " \ "blocks > 254 bytes\"\n" \ ".endif\n" \ ".if (" len ") %% 2\n" \ "\t.error \"cpu alternatives instructions length is odd\"\n" \ ".endif\n" #define OLDINSTR_PADDING(oldinstr, num) \ ".if " oldinstr_pad_len(num) " > 6\n" \ "\tjg " e_oldinstr_pad_end "f\n" \ "6620:\n" \ "\t.fill (" oldinstr_pad_len(num) " - (6620b-662b)) / 2, 2, 0x0700\n" \ ".else\n" \ "\t.fill " oldinstr_pad_len(num) " / 6, 6, 0xc0040000\n" \ "\t.fill " oldinstr_pad_len(num) " %% 6 / 4, 4, 0x47000000\n" \ "\t.fill " oldinstr_pad_len(num) " %% 6 %% 4 / 2, 2, 0x0700\n" \ ".endif\n" #define OLDINSTR(oldinstr, num) \ "661:\n\t" oldinstr "\n662:\n" \ OLDINSTR_PADDING(oldinstr, num) \ e_oldinstr_pad_end ":\n" \ INSTR_LEN_SANITY_CHECK(oldinstr_len) #define OLDINSTR_2(oldinstr, num1, num2) \ "661:\n\t" oldinstr "\n662:\n" \ ".if " altinstr_len(num1) " < " altinstr_len(num2) "\n" \ OLDINSTR_PADDING(oldinstr, num2) \ ".else\n" \ OLDINSTR_PADDING(oldinstr, num1) \ ".endif\n" \ e_oldinstr_pad_end ":\n" \ INSTR_LEN_SANITY_CHECK(oldinstr_len) #define ALTINSTR_ENTRY(facility, num) \ "\t.long 661b - .\n" /* old instruction */ \ "\t.long " b_altinstr(num)"b - .\n" /* alt instruction */ \ "\t.word " __stringify(facility) "\n" /* facility bit */ \ "\t.byte " oldinstr_total_len "\n" /* source len */ \ "\t.byte " altinstr_len(num) "\n" /* alt instruction len */ #define ALTINSTR_REPLACEMENT(altinstr, num) /* replacement */ \ b_altinstr(num)":\n\t" altinstr "\n" e_altinstr(num) ":\n" \ INSTR_LEN_SANITY_CHECK(altinstr_len(num)) /* alternative assembly primitive: */ #define ALTERNATIVE(oldinstr, altinstr, facility) \ ".pushsection .altinstr_replacement, \"ax\"\n" \ ALTINSTR_REPLACEMENT(altinstr, 1) \ ".popsection\n" \ OLDINSTR(oldinstr, 1) \ ".pushsection .altinstructions,\"a\"\n" \ ALTINSTR_ENTRY(facility, 1) \ ".popsection\n" #define ALTERNATIVE_2(oldinstr, altinstr1, facility1, altinstr2, facility2)\ ".pushsection .altinstr_replacement, \"ax\"\n" \ ALTINSTR_REPLACEMENT(altinstr1, 1) \ ALTINSTR_REPLACEMENT(altinstr2, 2) \ ".popsection\n" \ OLDINSTR_2(oldinstr, 1, 2) \ ".pushsection .altinstructions,\"a\"\n" \ ALTINSTR_ENTRY(facility1, 1) \ ALTINSTR_ENTRY(facility2, 2) \ ".popsection\n" /* * Alternative instructions for different CPU types or capabilities. * * This allows to use optimized instructions even on generic binary * kernels. * * oldinstr is padded with jump and nops at compile time if altinstr is * longer. altinstr is padded with jump and nops at run-time during patching. * * For non barrier like inlines please define new variants * without volatile and memory clobber. */ #define alternative(oldinstr, altinstr, facility) \ asm volatile(ALTERNATIVE(oldinstr, altinstr, facility) : : : "memory") #define alternative_2(oldinstr, altinstr1, facility1, altinstr2, facility2) \ asm volatile(ALTERNATIVE_2(oldinstr, altinstr1, facility1, \ altinstr2, facility2) ::: "memory") #endif /* __ASSEMBLY__ */ #endif /* _ASM_S390_ALTERNATIVE_H */
