[SRU][Bionic][v3 6/6] UBUNTU: SAUCE: bpf, s390x: remove ld_abs/ld_ind
Khalid Elmously
khalid.elmously at canonical.com
Wed Sep 5 16:54:14 UTC 2018
From: Martin Schwidefsky <schwidefsky at de.ibm.com>
CVE-2017-5715 (Spectre v2 s390x)
removed the code that generated the indirect branch "basr %b5,%w1"
from the BPF JIT. Older versions of the BPF which still have support
for LD_ABS/LD_IND need a patch to add the execute trampoline for
this branch instruction.
Signed-off-by: Khalid Elmously <khalid.elmously at canonical.com>
---
arch/s390/net/bpf_jit_comp.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
index 6b84bdc94055..e3a4b98f8b47 100644
--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -1302,8 +1302,13 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
/* lg %skb_data,data_off(%b6) */
EMIT6_DISP_LH(0xe3000000, 0x0004, REG_SKB_DATA, REG_0,
BPF_REG_6, offsetof(struct sk_buff, data));
- /* basr %b5,%w1 (%b5 is call saved) */
- EMIT2(0x0d00, BPF_REG_5, REG_W1);
+ if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) {
+ /* brasl %r5,__s390_indirect_jump_r1 */
+ EMIT6_PCREL_RILB(0xc0050000, BPF_REG_5, jit->r1_thunk_ip);
+ } else {
+ /* basr %b5,%w1 (%b5 is call saved) */
+ EMIT2(0x0d00, BPF_REG_5, REG_W1);
+ }
/*
* Note: For fast access we jump directly after the
--
2.17.1
More information about the kernel-team
mailing list