commit 3e9245c5fa3092de19b95f03817b02469bcf146c · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:

- a fix for the vfio ccw translation code

- update an incorrect email address in the MAINTAINERS file

- fix a division by zero oops in the cpum_sf code found by trinity

- two fixes for the error handling of the qdio code

- several spectre related patches to convert all left-over indirect
branches in the kernel to expoline branches

- update defconfigs to avoid warnings due to the netfilter Kconfig
changes

- avoid several compiler warnings in the kexec_file code for s390

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/qdio: don't release memory in qdio_setup_irq()
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390: use expoline thunks in the BPF JIT
s390: extend expoline to BC instructions
s390: remove indirect branch from do_softirq_own_stack
s390: move spectre sysfs attribute code
s390/kernel: use expoline for indirect branches
s390/ftrace: use expoline for indirect branches
s390/lib: use expoline for indirect branches
s390/crc32-vx: use expoline for indirect branches
s390: move expoline assembler macros to a header
vfio: ccw: fix cleanup if cp_prefetch fails
s390/kexec_file: add declaration of purgatory related globals
s390: update defconfigs
MAINTAINERS: update s390 zcrypt maintainers email address

Linus Torvalds 7 years ago 3e9245c5 305bb552

+422 -167

23 changed files

expand all

unified split

MAINTAINERS

arch

s390

configs

debug_defconfig

performance_defconfig

crypto

crc32be-vx.S

crc32le-vx.S

include

asm

nospec-insn.h

purgatory.h

kernel

Makefile

asm-offsets.c

base.S

entry.S

irq.c

mcount.S

nospec-branch.c

nospec-sysfs.c

perf_cpum_sf.c

reipl.S

swsusp.S

lib

mem.S

net

bpf_jit.S

bpf_jit_comp.c

drivers

s390

cio

qdio_setup.c

vfio_ccw_cp.c

+1 -1

MAINTAINERS

··· 12220 12220 F: include/uapi/linux/vfio_ccw.h 12221 12221 12222 12222 S390 ZCRYPT DRIVER 12223 - M: Harald Freudenberger <freude@de.ibm.com> 12223 + M: Harald Freudenberger <freude@linux.ibm.com> 12224 12224 L: linux-s390@vger.kernel.org 12225 12225 W: http://www.ibm.com/developerworks/linux/linux390/ 12226 12226 S: Supported

+4 -5

arch/s390/configs/debug_defconfig

··· 261 261 CONFIG_IP_VS_FTP=m 262 262 CONFIG_IP_VS_PE_SIP=m 263 263 CONFIG_NF_CONNTRACK_IPV4=m 264 - CONFIG_NF_TABLES_IPV4=m 264 + CONFIG_NF_TABLES_IPV4=y 265 265 CONFIG_NFT_CHAIN_ROUTE_IPV4=m 266 - CONFIG_NF_TABLES_ARP=m 266 + CONFIG_NF_TABLES_ARP=y 267 267 CONFIG_NFT_CHAIN_NAT_IPV4=m 268 268 CONFIG_IP_NF_IPTABLES=m 269 269 CONFIG_IP_NF_MATCH_AH=m ··· 284 284 CONFIG_IP_NF_ARPFILTER=m 285 285 CONFIG_IP_NF_ARP_MANGLE=m 286 286 CONFIG_NF_CONNTRACK_IPV6=m 287 - CONFIG_NF_TABLES_IPV6=m 287 + CONFIG_NF_TABLES_IPV6=y 288 288 CONFIG_NFT_CHAIN_ROUTE_IPV6=m 289 289 CONFIG_NFT_CHAIN_NAT_IPV6=m 290 290 CONFIG_IP6_NF_IPTABLES=m ··· 305 305 CONFIG_IP6_NF_SECURITY=m 306 306 CONFIG_IP6_NF_NAT=m 307 307 CONFIG_IP6_NF_TARGET_MASQUERADE=m 308 - CONFIG_NF_TABLES_BRIDGE=m 308 + CONFIG_NF_TABLES_BRIDGE=y 309 309 CONFIG_RDS=m 310 310 CONFIG_RDS_RDMA=m 311 311 CONFIG_RDS_TCP=m ··· 604 604 CONFIG_WQ_WATCHDOG=y 605 605 CONFIG_PANIC_ON_OOPS=y 606 606 CONFIG_DEBUG_TIMEKEEPING=y 607 - CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y 608 607 CONFIG_PROVE_LOCKING=y 609 608 CONFIG_LOCK_STAT=y 610 609 CONFIG_DEBUG_LOCKDEP=y

+4 -4

arch/s390/configs/performance_defconfig

··· 259 259 CONFIG_IP_VS_FTP=m 260 260 CONFIG_IP_VS_PE_SIP=m 261 261 CONFIG_NF_CONNTRACK_IPV4=m 262 - CONFIG_NF_TABLES_IPV4=m 262 + CONFIG_NF_TABLES_IPV4=y 263 263 CONFIG_NFT_CHAIN_ROUTE_IPV4=m 264 - CONFIG_NF_TABLES_ARP=m 264 + CONFIG_NF_TABLES_ARP=y 265 265 CONFIG_NFT_CHAIN_NAT_IPV4=m 266 266 CONFIG_IP_NF_IPTABLES=m 267 267 CONFIG_IP_NF_MATCH_AH=m ··· 282 282 CONFIG_IP_NF_ARPFILTER=m 283 283 CONFIG_IP_NF_ARP_MANGLE=m 284 284 CONFIG_NF_CONNTRACK_IPV6=m 285 - CONFIG_NF_TABLES_IPV6=m 285 + CONFIG_NF_TABLES_IPV6=y 286 286 CONFIG_NFT_CHAIN_ROUTE_IPV6=m 287 287 CONFIG_NFT_CHAIN_NAT_IPV6=m 288 288 CONFIG_IP6_NF_IPTABLES=m ··· 303 303 CONFIG_IP6_NF_SECURITY=m 304 304 CONFIG_IP6_NF_NAT=m 305 305 CONFIG_IP6_NF_TARGET_MASQUERADE=m 306 - CONFIG_NF_TABLES_BRIDGE=m 306 + CONFIG_NF_TABLES_BRIDGE=y 307 307 CONFIG_RDS=m 308 308 CONFIG_RDS_RDMA=m 309 309 CONFIG_RDS_TCP=m

+4 -1

arch/s390/crypto/crc32be-vx.S

··· 13 13 */ 14 14 15 15 #include <linux/linkage.h> 16 + #include <asm/nospec-insn.h> 16 17 #include <asm/vx-insn.h> 17 18 18 19 /* Vector register range containing CRC-32 constants */ ··· 67 66 .quad 0x104C11DB7, 0 # P(x) 68 67 69 68 .previous 69 + 70 + GEN_BR_THUNK %r14 70 71 71 72 .text 72 73 /* ··· 206 203 207 204 .Ldone: 208 205 VLGVF %r2,%v2,3 209 - br %r14 206 + BR_EX %r14 210 207 211 208 .previous

+3 -1

arch/s390/crypto/crc32le-vx.S

··· 14 14 */ 15 15 16 16 #include <linux/linkage.h> 17 + #include <asm/nospec-insn.h> 17 18 #include <asm/vx-insn.h> 18 19 19 20 /* Vector register range containing CRC-32 constants */ ··· 77 76 78 77 .previous 79 78 79 + GEN_BR_THUNK %r14 80 80 81 81 .text 82 82 ··· 266 264 267 265 .Ldone: 268 266 VLGVF %r2,%v2,2 269 - br %r14 267 + BR_EX %r14 270 268 271 269 .previous

+196

arch/s390/include/asm/nospec-insn.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + #ifndef _ASM_S390_NOSPEC_ASM_H 3 + #define _ASM_S390_NOSPEC_ASM_H 4 + 5 + #include <asm/alternative-asm.h> 6 + #include <asm/asm-offsets.h> 7 + #include <asm/dwarf.h> 8 + 9 + #ifdef __ASSEMBLY__ 10 + 11 + #ifdef CONFIG_EXPOLINE 12 + 13 + _LC_BR_R1 = __LC_BR_R1 14 + 15 + /* 16 + * The expoline macros are used to create thunks in the same format 17 + * as gcc generates them. The 'comdat' section flag makes sure that 18 + * the various thunks are merged into a single copy. 19 + */ 20 + .macro __THUNK_PROLOG_NAME name 21 + .pushsection .text.\name,"axG",@progbits,\name,comdat 22 + .globl \name 23 + .hidden \name 24 + .type \name,@function 25 + \name: 26 + CFI_STARTPROC 27 + .endm 28 + 29 + .macro __THUNK_EPILOG 30 + CFI_ENDPROC 31 + .popsection 32 + .endm 33 + 34 + .macro __THUNK_PROLOG_BR r1,r2 35 + __THUNK_PROLOG_NAME __s390x_indirect_jump_r\r2\()use_r\r1 36 + .endm 37 + 38 + .macro __THUNK_PROLOG_BC d0,r1,r2 39 + __THUNK_PROLOG_NAME __s390x_indirect_branch_\d0\()_\r2\()use_\r1 40 + .endm 41 + 42 + .macro __THUNK_BR r1,r2 43 + jg __s390x_indirect_jump_r\r2\()use_r\r1 44 + .endm 45 + 46 + .macro __THUNK_BC d0,r1,r2 47 + jg __s390x_indirect_branch_\d0\()_\r2\()use_\r1 48 + .endm 49 + 50 + .macro __THUNK_BRASL r1,r2,r3 51 + brasl \r1,__s390x_indirect_jump_r\r3\()use_r\r2 52 + .endm 53 + 54 + .macro __DECODE_RR expand,reg,ruse 55 + .set __decode_fail,1 56 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 57 + .ifc \reg,%r\r1 58 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 59 + .ifc \ruse,%r\r2 60 + \expand \r1,\r2 61 + .set __decode_fail,0 62 + .endif 63 + .endr 64 + .endif 65 + .endr 66 + .if __decode_fail == 1 67 + .error "__DECODE_RR failed" 68 + .endif 69 + .endm 70 + 71 + .macro __DECODE_RRR expand,rsave,rtarget,ruse 72 + .set __decode_fail,1 73 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 74 + .ifc \rsave,%r\r1 75 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 76 + .ifc \rtarget,%r\r2 77 + .irp r3,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 78 + .ifc \ruse,%r\r3 79 + \expand \r1,\r2,\r3 80 + .set __decode_fail,0 81 + .endif 82 + .endr 83 + .endif 84 + .endr 85 + .endif 86 + .endr 87 + .if __decode_fail == 1 88 + .error "__DECODE_RRR failed" 89 + .endif 90 + .endm 91 + 92 + .macro __DECODE_DRR expand,disp,reg,ruse 93 + .set __decode_fail,1 94 + .irp r1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 95 + .ifc \reg,%r\r1 96 + .irp r2,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 97 + .ifc \ruse,%r\r2 98 + \expand \disp,\r1,\r2 99 + .set __decode_fail,0 100 + .endif 101 + .endr 102 + .endif 103 + .endr 104 + .if __decode_fail == 1 105 + .error "__DECODE_DRR failed" 106 + .endif 107 + .endm 108 + 109 + .macro __THUNK_EX_BR reg,ruse 110 + # Be very careful when adding instructions to this macro! 111 + # The ALTERNATIVE replacement code has a .+10 which targets 112 + # the "br \reg" after the code has been patched. 113 + #ifdef CONFIG_HAVE_MARCH_Z10_FEATURES 114 + exrl 0,555f 115 + j . 116 + #else 117 + .ifc \reg,%r1 118 + ALTERNATIVE "ex %r0,_LC_BR_R1", ".insn ril,0xc60000000000,0,.+10", 35 119 + j . 120 + .else 121 + larl \ruse,555f 122 + ex 0,0(\ruse) 123 + j . 124 + .endif 125 + #endif 126 + 555: br \reg 127 + .endm 128 + 129 + .macro __THUNK_EX_BC disp,reg,ruse 130 + #ifdef CONFIG_HAVE_MARCH_Z10_FEATURES 131 + exrl 0,556f 132 + j . 133 + #else 134 + larl \ruse,556f 135 + ex 0,0(\ruse) 136 + j . 137 + #endif 138 + 556: b \disp(\reg) 139 + .endm 140 + 141 + .macro GEN_BR_THUNK reg,ruse=%r1 142 + __DECODE_RR __THUNK_PROLOG_BR,\reg,\ruse 143 + __THUNK_EX_BR \reg,\ruse 144 + __THUNK_EPILOG 145 + .endm 146 + 147 + .macro GEN_B_THUNK disp,reg,ruse=%r1 148 + __DECODE_DRR __THUNK_PROLOG_BC,\disp,\reg,\ruse 149 + __THUNK_EX_BC \disp,\reg,\ruse 150 + __THUNK_EPILOG 151 + .endm 152 + 153 + .macro BR_EX reg,ruse=%r1 154 + 557: __DECODE_RR __THUNK_BR,\reg,\ruse 155 + .pushsection .s390_indirect_branches,"a",@progbits 156 + .long 557b-. 157 + .popsection 158 + .endm 159 + 160 + .macro B_EX disp,reg,ruse=%r1 161 + 558: __DECODE_DRR __THUNK_BC,\disp,\reg,\ruse 162 + .pushsection .s390_indirect_branches,"a",@progbits 163 + .long 558b-. 164 + .popsection 165 + .endm 166 + 167 + .macro BASR_EX rsave,rtarget,ruse=%r1 168 + 559: __DECODE_RRR __THUNK_BRASL,\rsave,\rtarget,\ruse 169 + .pushsection .s390_indirect_branches,"a",@progbits 170 + .long 559b-. 171 + .popsection 172 + .endm 173 + 174 + #else 175 + .macro GEN_BR_THUNK reg,ruse=%r1 176 + .endm 177 + 178 + .macro GEN_B_THUNK disp,reg,ruse=%r1 179 + .endm 180 + 181 + .macro BR_EX reg,ruse=%r1 182 + br \reg 183 + .endm 184 + 185 + .macro B_EX disp,reg,ruse=%r1 186 + b \disp(\reg) 187 + .endm 188 + 189 + .macro BASR_EX rsave,rtarget,ruse=%r1 190 + basr \rsave,\rtarget 191 + .endm 192 + #endif 193 + 194 + #endif /* __ASSEMBLY__ */ 195 + 196 + #endif /* _ASM_S390_NOSPEC_ASM_H */

arch/s390/include/asm/purgatory.h

··· 13 13 14 14 int verify_sha256_digest(void); 15 15 16 + extern u64 kernel_entry; 17 + extern u64 kernel_type; 18 + 19 + extern u64 crash_start; 20 + extern u64 crash_size; 21 + 16 22 #endif /* __ASSEMBLY__ */ 17 23 #endif /* _S390_PURGATORY_H_ */

arch/s390/kernel/Makefile

··· 65 65 66 66 extra-y += head.o head64.o vmlinux.lds 67 67 68 + obj-$(CONFIG_SYSFS) += nospec-sysfs.o 68 69 CFLAGS_REMOVE_nospec-branch.o += $(CC_FLAGS_EXPOLINE) 69 70 70 71 obj-$(CONFIG_MODULES) += module.o

arch/s390/kernel/asm-offsets.c

··· 181 181 OFFSET(__LC_MACHINE_FLAGS, lowcore, machine_flags); 182 182 OFFSET(__LC_PREEMPT_COUNT, lowcore, preempt_count); 183 183 OFFSET(__LC_GMAP, lowcore, gmap); 184 + OFFSET(__LC_BR_R1, lowcore, br_r1_trampoline); 184 185 /* software defined ABI-relevant lowcore locations 0xe00 - 0xe20 */ 185 186 OFFSET(__LC_DUMP_REIPL, lowcore, ipib); 186 187 /* hardware defined lowcore locations 0x1000 - 0x18ff */

+14 -10

arch/s390/kernel/base.S

··· 9 9 10 10 #include <linux/linkage.h> 11 11 #include <asm/asm-offsets.h> 12 + #include <asm/nospec-insn.h> 12 13 #include <asm/ptrace.h> 13 14 #include <asm/sigp.h> 15 + 16 + GEN_BR_THUNK %r9 17 + GEN_BR_THUNK %r14 14 18 15 19 ENTRY(s390_base_mcck_handler) 16 20 basr %r13,0 17 21 0: lg %r15,__LC_PANIC_STACK # load panic stack 18 22 aghi %r15,-STACK_FRAME_OVERHEAD 19 23 larl %r1,s390_base_mcck_handler_fn 20 - lg %r1,0(%r1) 21 - ltgr %r1,%r1 24 + lg %r9,0(%r1) 25 + ltgr %r9,%r9 22 26 jz 1f 23 - basr %r14,%r1 27 + BASR_EX %r14,%r9 24 28 1: la %r1,4095 25 29 lmg %r0,%r15,__LC_GPREGS_SAVE_AREA-4095(%r1) 26 30 lpswe __LC_MCK_OLD_PSW ··· 41 37 basr %r13,0 42 38 0: aghi %r15,-STACK_FRAME_OVERHEAD 43 39 larl %r1,s390_base_ext_handler_fn 44 - lg %r1,0(%r1) 45 - ltgr %r1,%r1 40 + lg %r9,0(%r1) 41 + ltgr %r9,%r9 46 42 jz 1f 47 - basr %r14,%r1 43 + BASR_EX %r14,%r9 48 44 1: lmg %r0,%r15,__LC_SAVE_AREA_ASYNC 49 45 ni __LC_EXT_OLD_PSW+1,0xfd # clear wait state bit 50 46 lpswe __LC_EXT_OLD_PSW ··· 61 57 basr %r13,0 62 58 0: aghi %r15,-STACK_FRAME_OVERHEAD 63 59 larl %r1,s390_base_pgm_handler_fn 64 - lg %r1,0(%r1) 65 - ltgr %r1,%r1 60 + lg %r9,0(%r1) 61 + ltgr %r9,%r9 66 62 jz 1f 67 - basr %r14,%r1 63 + BASR_EX %r14,%r9 68 64 lmg %r0,%r15,__LC_SAVE_AREA_SYNC 69 65 lpswe __LC_PGM_OLD_PSW 70 66 1: lpswe disabled_wait_psw-0b(%r13) ··· 121 117 larl %r4,.Lcontinue_psw # Restore PSW flags 122 118 lpswe 0(%r4) 123 119 .Lcontinue: 124 - br %r14 120 + BR_EX %r14 125 121 .align 16 126 122 .Lrestart_psw: 127 123 .long 0x00080000,0x80000000 + .Lrestart_part2

+24 -81

arch/s390/kernel/entry.S

··· 28 28 #include <asm/setup.h> 29 29 #include <asm/nmi.h> 30 30 #include <asm/export.h> 31 + #include <asm/nospec-insn.h> 31 32 32 33 __PT_R0 = __PT_GPRS 33 34 __PT_R1 = __PT_GPRS + 8 ··· 184 183 "jnz .+8; .long 0xb2e8d000", 82 185 184 .endm 186 185 187 - #ifdef CONFIG_EXPOLINE 188 - 189 - .macro GEN_BR_THUNK name,reg,tmp 190 - .section .text.\name,"axG",@progbits,\name,comdat 191 - .globl \name 192 - .hidden \name 193 - .type \name,@function 194 - \name: 195 - CFI_STARTPROC 196 - #ifdef CONFIG_HAVE_MARCH_Z10_FEATURES 197 - exrl 0,0f 198 - #else 199 - larl \tmp,0f 200 - ex 0,0(\tmp) 201 - #endif 202 - j . 203 - 0: br \reg 204 - CFI_ENDPROC 205 - .endm 206 - 207 - GEN_BR_THUNK __s390x_indirect_jump_r1use_r9,%r9,%r1 208 - GEN_BR_THUNK __s390x_indirect_jump_r1use_r14,%r14,%r1 209 - GEN_BR_THUNK __s390x_indirect_jump_r11use_r14,%r14,%r11 210 - 211 - .macro BASR_R14_R9 212 - 0: brasl %r14,__s390x_indirect_jump_r1use_r9 213 - .pushsection .s390_indirect_branches,"a",@progbits 214 - .long 0b-. 215 - .popsection 216 - .endm 217 - 218 - .macro BR_R1USE_R14 219 - 0: jg __s390x_indirect_jump_r1use_r14 220 - .pushsection .s390_indirect_branches,"a",@progbits 221 - .long 0b-. 222 - .popsection 223 - .endm 224 - 225 - .macro BR_R11USE_R14 226 - 0: jg __s390x_indirect_jump_r11use_r14 227 - .pushsection .s390_indirect_branches,"a",@progbits 228 - .long 0b-. 229 - .popsection 230 - .endm 231 - 232 - #else /* CONFIG_EXPOLINE */ 233 - 234 - .macro BASR_R14_R9 235 - basr %r14,%r9 236 - .endm 237 - 238 - .macro BR_R1USE_R14 239 - br %r14 240 - .endm 241 - 242 - .macro BR_R11USE_R14 243 - br %r14 244 - .endm 245 - 246 - #endif /* CONFIG_EXPOLINE */ 247 - 186 + GEN_BR_THUNK %r9 187 + GEN_BR_THUNK %r14 188 + GEN_BR_THUNK %r14,%r11 248 189 249 190 .section .kprobes.text, "ax" 250 191 .Ldummy: ··· 203 260 ENTRY(__bpon) 204 261 .globl __bpon 205 262 BPON 206 - BR_R1USE_R14 263 + BR_EX %r14 207 264 208 265 /* 209 266 * Scheduler resume function, called by switch_to ··· 227 284 mvc __LC_CURRENT_PID(4,%r0),0(%r3) # store pid of next 228 285 lmg %r6,%r15,__SF_GPRS(%r15) # load gprs of next task 229 286 ALTERNATIVE "", ".insn s,0xb2800000,_LPP_OFFSET", 40 230 - BR_R1USE_R14 287 + BR_EX %r14 231 288 232 289 .L__critical_start: 233 290 ··· 294 351 xgr %r5,%r5 295 352 lmg %r6,%r14,__SF_GPRS(%r15) # restore kernel registers 296 353 lg %r2,__SF_SIE_REASON(%r15) # return exit reason code 297 - BR_R1USE_R14 354 + BR_EX %r14 298 355 .Lsie_fault: 299 356 lghi %r14,-EFAULT 300 357 stg %r14,__SF_SIE_REASON(%r15) # set exit reason code ··· 353 410 lgf %r9,0(%r8,%r10) # get system call add. 354 411 TSTMSK __TI_flags(%r12),_TIF_TRACE 355 412 jnz .Lsysc_tracesys 356 - BASR_R14_R9 # call sys_xxxx 413 + BASR_EX %r14,%r9 # call sys_xxxx 357 414 stg %r2,__PT_R2(%r11) # store return value 358 415 359 416 .Lsysc_return: ··· 538 595 lmg %r3,%r7,__PT_R3(%r11) 539 596 stg %r7,STACK_FRAME_OVERHEAD(%r15) 540 597 lg %r2,__PT_ORIG_GPR2(%r11) 541 - BASR_R14_R9 # call sys_xxx 598 + BASR_EX %r14,%r9 # call sys_xxx 542 599 stg %r2,__PT_R2(%r11) # store return value 543 600 .Lsysc_tracenogo: 544 601 TSTMSK __TI_flags(%r12),_TIF_TRACE ··· 562 619 lmg %r9,%r10,__PT_R9(%r11) # load gprs 563 620 ENTRY(kernel_thread_starter) 564 621 la %r2,0(%r10) 565 - BASR_R14_R9 622 + BASR_EX %r14,%r9 566 623 j .Lsysc_tracenogo 567 624 568 625 /* ··· 644 701 je .Lpgm_return 645 702 lgf %r9,0(%r10,%r1) # load address of handler routine 646 703 lgr %r2,%r11 # pass pointer to pt_regs 647 - BASR_R14_R9 # branch to interrupt-handler 704 + BASR_EX %r14,%r9 # branch to interrupt-handler 648 705 .Lpgm_return: 649 706 LOCKDEP_SYS_EXIT 650 707 tm __PT_PSW+1(%r11),0x01 # returning to user ? ··· 962 1019 stpt __TIMER_IDLE_ENTER(%r2) 963 1020 .Lpsw_idle_lpsw: 964 1021 lpswe __SF_EMPTY(%r15) 965 - BR_R1USE_R14 1022 + BR_EX %r14 966 1023 .Lpsw_idle_end: 967 1024 968 1025 /* ··· 1004 1061 .Lsave_fpu_regs_done: 1005 1062 oi __LC_CPU_FLAGS+7,_CIF_FPU 1006 1063 .Lsave_fpu_regs_exit: 1007 - BR_R1USE_R14 1064 + BR_EX %r14 1008 1065 .Lsave_fpu_regs_end: 1009 1066 EXPORT_SYMBOL(save_fpu_regs) 1010 1067 ··· 1050 1107 .Lload_fpu_regs_done: 1051 1108 ni __LC_CPU_FLAGS+7,255-_CIF_FPU 1052 1109 .Lload_fpu_regs_exit: 1053 - BR_R1USE_R14 1110 + BR_EX %r14 1054 1111 .Lload_fpu_regs_end: 1055 1112 1056 1113 .L__critical_end: ··· 1265 1322 jl 0f 1266 1323 clg %r9,BASED(.Lcleanup_table+104) # .Lload_fpu_regs_end 1267 1324 jl .Lcleanup_load_fpu_regs 1268 - 0: BR_R11USE_R14 1325 + 0: BR_EX %r14 1269 1326 1270 1327 .align 8 1271 1328 .Lcleanup_table: ··· 1301 1358 ni __SIE_PROG0C+3(%r9),0xfe # no longer in SIE 1302 1359 lctlg %c1,%c1,__LC_USER_ASCE # load primary asce 1303 1360 larl %r9,sie_exit # skip forward to sie_exit 1304 - BR_R11USE_R14 1361 + BR_EX %r14 1305 1362 #endif 1306 1363 1307 1364 .Lcleanup_system_call: ··· 1355 1412 stg %r15,56(%r11) # r15 stack pointer 1356 1413 # set new psw address and exit 1357 1414 larl %r9,.Lsysc_do_svc 1358 - BR_R11USE_R14 1415 + BR_EX %r14,%r11 1359 1416 .Lcleanup_system_call_insn: 1360 1417 .quad system_call 1361 1418 .quad .Lsysc_stmg ··· 1367 1424 1368 1425 .Lcleanup_sysc_tif: 1369 1426 larl %r9,.Lsysc_tif 1370 - BR_R11USE_R14 1427 + BR_EX %r14,%r11 1371 1428 1372 1429 .Lcleanup_sysc_restore: 1373 1430 # check if stpt has been executed ··· 1384 1441 mvc 0(64,%r11),__PT_R8(%r9) 1385 1442 lmg %r0,%r7,__PT_R0(%r9) 1386 1443 1: lmg %r8,%r9,__LC_RETURN_PSW 1387 - BR_R11USE_R14 1444 + BR_EX %r14,%r11 1388 1445 .Lcleanup_sysc_restore_insn: 1389 1446 .quad .Lsysc_exit_timer 1390 1447 .quad .Lsysc_done - 4 1391 1448 1392 1449 .Lcleanup_io_tif: 1393 1450 larl %r9,.Lio_tif 1394 - BR_R11USE_R14 1451 + BR_EX %r14,%r11 1395 1452 1396 1453 .Lcleanup_io_restore: 1397 1454 # check if stpt has been executed ··· 1405 1462 mvc 0(64,%r11),__PT_R8(%r9) 1406 1463 lmg %r0,%r7,__PT_R0(%r9) 1407 1464 1: lmg %r8,%r9,__LC_RETURN_PSW 1408 - BR_R11USE_R14 1465 + BR_EX %r14,%r11 1409 1466 .Lcleanup_io_restore_insn: 1410 1467 .quad .Lio_exit_timer 1411 1468 .quad .Lio_done - 4 ··· 1458 1515 # prepare return psw 1459 1516 nihh %r8,0xfcfd # clear irq & wait state bits 1460 1517 lg %r9,48(%r11) # return from psw_idle 1461 - BR_R11USE_R14 1518 + BR_EX %r14,%r11 1462 1519 .Lcleanup_idle_insn: 1463 1520 .quad .Lpsw_idle_lpsw 1464 1521 1465 1522 .Lcleanup_save_fpu_regs: 1466 1523 larl %r9,save_fpu_regs 1467 - BR_R11USE_R14 1524 + BR_EX %r14,%r11 1468 1525 1469 1526 .Lcleanup_load_fpu_regs: 1470 1527 larl %r9,load_fpu_regs 1471 - BR_R11USE_R14 1528 + BR_EX %r14,%r11 1472 1529 1473 1530 /* 1474 1531 * Integer constants

+2 -3

arch/s390/kernel/irq.c

··· 176 176 new -= STACK_FRAME_OVERHEAD; 177 177 ((struct stack_frame *) new)->back_chain = old; 178 178 asm volatile(" la 15,0(%0)\n" 179 - " basr 14,%2\n" 179 + " brasl 14,__do_softirq\n" 180 180 " la 15,0(%1)\n" 181 - : : "a" (new), "a" (old), 182 - "a" (__do_softirq) 181 + : : "a" (new), "a" (old) 183 182 : "0", "1", "2", "3", "4", "5", "14", 184 183 "cc", "memory" ); 185 184 } else {

+9 -5

arch/s390/kernel/mcount.S

··· 9 9 #include <linux/linkage.h> 10 10 #include <asm/asm-offsets.h> 11 11 #include <asm/ftrace.h> 12 + #include <asm/nospec-insn.h> 12 13 #include <asm/ptrace.h> 13 14 #include <asm/export.h> 15 + 16 + GEN_BR_THUNK %r1 17 + GEN_BR_THUNK %r14 14 18 15 19 .section .kprobes.text, "ax" 16 20 17 21 ENTRY(ftrace_stub) 18 - br %r14 22 + BR_EX %r14 19 23 20 24 #define STACK_FRAME_SIZE (STACK_FRAME_OVERHEAD + __PT_SIZE) 21 25 #define STACK_PTREGS (STACK_FRAME_OVERHEAD) ··· 27 23 #define STACK_PTREGS_PSW (STACK_PTREGS + __PT_PSW) 28 24 29 25 ENTRY(_mcount) 30 - br %r14 26 + BR_EX %r14 31 27 32 28 EXPORT_SYMBOL(_mcount) 33 29 ··· 57 53 #endif 58 54 lgr %r3,%r14 59 55 la %r5,STACK_PTREGS(%r15) 60 - basr %r14,%r1 56 + BASR_EX %r14,%r1 61 57 #ifdef CONFIG_FUNCTION_GRAPH_TRACER 62 58 # The j instruction gets runtime patched to a nop instruction. 63 59 # See ftrace_enable_ftrace_graph_caller. ··· 72 68 #endif 73 69 lg %r1,(STACK_PTREGS_PSW+8)(%r15) 74 70 lmg %r2,%r15,(STACK_PTREGS_GPRS+2*8)(%r15) 75 - br %r1 71 + BR_EX %r1 76 72 77 73 #ifdef CONFIG_FUNCTION_GRAPH_TRACER 78 74 ··· 85 81 aghi %r15,STACK_FRAME_OVERHEAD 86 82 lgr %r14,%r2 87 83 lmg %r2,%r5,32(%r15) 88 - br %r14 84 + BR_EX %r14 89 85 90 86 #endif

+20 -24

arch/s390/kernel/nospec-branch.c

··· 1 1 // SPDX-License-Identifier: GPL-2.0 2 2 #include <linux/module.h> 3 3 #include <linux/device.h> 4 - #include <linux/cpu.h> 5 4 #include <asm/nospec-branch.h> 6 5 7 6 static int __init nobp_setup_early(char *str) ··· 42 43 return 0; 43 44 } 44 45 arch_initcall(nospec_report); 45 - 46 - #ifdef CONFIG_SYSFS 47 - ssize_t cpu_show_spectre_v1(struct device *dev, 48 - struct device_attribute *attr, char *buf) 49 - { 50 - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); 51 - } 52 - 53 - ssize_t cpu_show_spectre_v2(struct device *dev, 54 - struct device_attribute *attr, char *buf) 55 - { 56 - if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) 57 - return sprintf(buf, "Mitigation: execute trampolines\n"); 58 - if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) 59 - return sprintf(buf, "Mitigation: limited branch prediction.\n"); 60 - return sprintf(buf, "Vulnerable\n"); 61 - } 62 - #endif 63 46 64 47 #ifdef CONFIG_EXPOLINE 65 48 ··· 93 112 s32 *epo; 94 113 95 114 /* Second part of the instruction replace is always a nop */ 96 - memcpy(insnbuf + 2, (char[]) { 0x47, 0x00, 0x00, 0x00 }, 4); 97 115 for (epo = start; epo < end; epo++) { 98 116 instr = (u8 *) epo + *epo; 99 117 if (instr[0] == 0xc0 && (instr[1] & 0x0f) == 0x04) ··· 113 133 br = thunk + (*(int *)(thunk + 2)) * 2; 114 134 else 115 135 continue; 116 - if (br[0] != 0x07 || (br[1] & 0xf0) != 0xf0) 136 + /* Check for unconditional branch 0x07f? or 0x47f???? */ 137 + if ((br[0] & 0xbf) != 0x07 || (br[1] & 0xf0) != 0xf0) 117 138 continue; 139 + 140 + memcpy(insnbuf + 2, (char[]) { 0x47, 0x00, 0x07, 0x00 }, 4); 118 141 switch (type) { 119 142 case BRCL_EXPOLINE: 120 - /* brcl to thunk, replace with br + nop */ 121 143 insnbuf[0] = br[0]; 122 144 insnbuf[1] = (instr[1] & 0xf0) | (br[1] & 0x0f); 145 + if (br[0] == 0x47) { 146 + /* brcl to b, replace with bc + nopr */ 147 + insnbuf[2] = br[2]; 148 + insnbuf[3] = br[3]; 149 + } else { 150 + /* brcl to br, replace with bcr + nop */ 151 + } 123 152 break; 124 153 case BRASL_EXPOLINE: 125 - /* brasl to thunk, replace with basr + nop */ 126 - insnbuf[0] = 0x0d; 127 154 insnbuf[1] = (instr[1] & 0xf0) | (br[1] & 0x0f); 155 + if (br[0] == 0x47) { 156 + /* brasl to b, replace with bas + nopr */ 157 + insnbuf[0] = 0x4d; 158 + insnbuf[2] = br[2]; 159 + insnbuf[3] = br[3]; 160 + } else { 161 + /* brasl to br, replace with basr + nop */ 162 + insnbuf[0] = 0x0d; 163 + } 128 164 break; 129 165 } 130 166

+21

arch/s390/kernel/nospec-sysfs.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + #include <linux/device.h> 3 + #include <linux/cpu.h> 4 + #include <asm/facility.h> 5 + #include <asm/nospec-branch.h> 6 + 7 + ssize_t cpu_show_spectre_v1(struct device *dev, 8 + struct device_attribute *attr, char *buf) 9 + { 10 + return sprintf(buf, "Mitigation: __user pointer sanitization\n"); 11 + } 12 + 13 + ssize_t cpu_show_spectre_v2(struct device *dev, 14 + struct device_attribute *attr, char *buf) 15 + { 16 + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) 17 + return sprintf(buf, "Mitigation: execute trampolines\n"); 18 + if (__test_facility(82, S390_lowcore.alt_stfle_fac_list)) 19 + return sprintf(buf, "Mitigation: limited branch prediction\n"); 20 + return sprintf(buf, "Vulnerable\n"); 21 + }

arch/s390/kernel/perf_cpum_sf.c

··· 753 753 */ 754 754 rate = 0; 755 755 if (attr->freq) { 756 + if (!attr->sample_freq) { 757 + err = -EINVAL; 758 + goto out; 759 + } 756 760 rate = freq_to_sample_rate(&si, attr->sample_freq); 757 761 rate = hw_limit_rate(&si, rate); 758 762 attr->freq = 0;

+5 -2

arch/s390/kernel/reipl.S

··· 7 7 8 8 #include <linux/linkage.h> 9 9 #include <asm/asm-offsets.h> 10 + #include <asm/nospec-insn.h> 10 11 #include <asm/sigp.h> 12 + 13 + GEN_BR_THUNK %r9 11 14 12 15 # 13 16 # Issue "store status" for the current CPU to its prefix page ··· 70 67 st %r4,0(%r1) 71 68 st %r5,4(%r1) 72 69 stg %r2,8(%r1) 73 - lgr %r1,%r2 70 + lgr %r9,%r2 74 71 lgr %r2,%r3 75 - br %r1 72 + BR_EX %r9 76 73 77 74 .section .bss 78 75 .align 8

+6 -4

arch/s390/kernel/swsusp.S

··· 13 13 #include <asm/ptrace.h> 14 14 #include <asm/thread_info.h> 15 15 #include <asm/asm-offsets.h> 16 + #include <asm/nospec-insn.h> 16 17 #include <asm/sigp.h> 17 18 18 19 /* ··· 25 24 * (see below) in the resume process. 26 25 * This function runs with disabled interrupts. 27 26 */ 27 + GEN_BR_THUNK %r14 28 + 28 29 .section .text 29 30 ENTRY(swsusp_arch_suspend) 30 31 stmg %r6,%r15,__SF_GPRS(%r15) ··· 106 103 spx 0x318(%r1) 107 104 lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) 108 105 lghi %r2,0 109 - br %r14 106 + BR_EX %r14 110 107 111 108 /* 112 109 * Restore saved memory image to correct place and restore register context. ··· 200 197 larl %r15,init_thread_union 201 198 ahi %r15,1<<(PAGE_SHIFT+THREAD_SIZE_ORDER) 202 199 larl %r2,.Lpanic_string 203 - larl %r3,sclp_early_printk 204 200 lghi %r1,0 205 201 sam31 206 202 sigp %r1,%r0,SIGP_SET_ARCHITECTURE 207 - basr %r14,%r3 203 + brasl %r14,sclp_early_printk 208 204 larl %r3,.Ldisabled_wait_31 209 205 lpsw 0(%r3) 210 206 4: ··· 269 267 /* Return 0 */ 270 268 lmg %r6,%r15,STACK_FRAME_OVERHEAD + __SF_GPRS(%r15) 271 269 lghi %r2,0 272 - br %r14 270 + BR_EX %r14 273 271 274 272 .section .data..nosave,"aw",@progbits 275 273 .align 8

+11 -8

arch/s390/lib/mem.S

··· 7 7 8 8 #include <linux/linkage.h> 9 9 #include <asm/export.h> 10 + #include <asm/nospec-insn.h> 11 + 12 + GEN_BR_THUNK %r14 10 13 11 14 /* 12 15 * void *memmove(void *dest, const void *src, size_t n) ··· 36 33 .Lmemmove_forward_remainder: 37 34 larl %r5,.Lmemmove_mvc 38 35 ex %r4,0(%r5) 39 - br %r14 36 + BR_EX %r14 40 37 .Lmemmove_reverse: 41 38 ic %r0,0(%r4,%r3) 42 39 stc %r0,0(%r4,%r1) 43 40 brctg %r4,.Lmemmove_reverse 44 41 ic %r0,0(%r4,%r3) 45 42 stc %r0,0(%r4,%r1) 46 - br %r14 43 + BR_EX %r14 47 44 .Lmemmove_mvc: 48 45 mvc 0(1,%r1),0(%r3) 49 46 EXPORT_SYMBOL(memmove) ··· 80 77 .Lmemset_clear_remainder: 81 78 larl %r3,.Lmemset_xc 82 79 ex %r4,0(%r3) 83 - br %r14 80 + BR_EX %r14 84 81 .Lmemset_fill: 85 82 cghi %r4,1 86 83 lgr %r1,%r2 ··· 98 95 stc %r3,0(%r1) 99 96 larl %r5,.Lmemset_mvc 100 97 ex %r4,0(%r5) 101 - br %r14 98 + BR_EX %r14 102 99 .Lmemset_fill_exit: 103 100 stc %r3,0(%r1) 104 - br %r14 101 + BR_EX %r14 105 102 .Lmemset_xc: 106 103 xc 0(1,%r1),0(%r1) 107 104 .Lmemset_mvc: ··· 124 121 .Lmemcpy_remainder: 125 122 larl %r5,.Lmemcpy_mvc 126 123 ex %r4,0(%r5) 127 - br %r14 124 + BR_EX %r14 128 125 .Lmemcpy_loop: 129 126 mvc 0(256,%r1),0(%r3) 130 127 la %r1,256(%r1) ··· 162 159 \insn %r3,0(%r1) 163 160 larl %r5,.L__memset_mvc\bits 164 161 ex %r4,0(%r5) 165 - br %r14 162 + BR_EX %r14 166 163 .L__memset_exit\bits: 167 164 \insn %r3,0(%r2) 168 - br %r14 165 + BR_EX %r14 169 166 .L__memset_mvc\bits: 170 167 mvc \bytes(1,%r1),0(%r1) 171 168 .endm

+10 -6

arch/s390/net/bpf_jit.S

··· 9 9 */ 10 10 11 11 #include <linux/linkage.h> 12 + #include <asm/nospec-insn.h> 12 13 #include "bpf_jit.h" 13 14 14 15 /* ··· 55 54 clg %r3,STK_OFF_HLEN(%r15); /* Offset + SIZE > hlen? */ \ 56 55 jh sk_load_##NAME##_slow; \ 57 56 LOAD %r14,-SIZE(%r3,%r12); /* Get data from skb */ \ 58 - b OFF_OK(%r6); /* Return */ \ 57 + B_EX OFF_OK,%r6; /* Return */ \ 59 58 \ 60 59 sk_load_##NAME##_slow:; \ 61 60 lgr %r2,%r7; /* Arg1 = skb pointer */ \ ··· 65 64 brasl %r14,skb_copy_bits; /* Get data from skb */ \ 66 65 LOAD %r14,STK_OFF_TMP(%r15); /* Load from temp bufffer */ \ 67 66 ltgr %r2,%r2; /* Set cc to (%r2 != 0) */ \ 68 - br %r6; /* Return */ 67 + BR_EX %r6; /* Return */ 69 68 70 69 sk_load_common(word, 4, llgf) /* r14 = *(u32 *) (skb->data+offset) */ 71 70 sk_load_common(half, 2, llgh) /* r14 = *(u16 *) (skb->data+offset) */ 71 + 72 + GEN_BR_THUNK %r6 73 + GEN_B_THUNK OFF_OK,%r6 72 74 73 75 /* 74 76 * Load 1 byte from SKB (optimized version) ··· 84 80 clg %r3,STK_OFF_HLEN(%r15) # Offset >= hlen? 85 81 jnl sk_load_byte_slow 86 82 llgc %r14,0(%r3,%r12) # Get byte from skb 87 - b OFF_OK(%r6) # Return OK 83 + B_EX OFF_OK,%r6 # Return OK 88 84 89 85 sk_load_byte_slow: 90 86 lgr %r2,%r7 # Arg1 = skb pointer ··· 94 90 brasl %r14,skb_copy_bits # Get data from skb 95 91 llgc %r14,STK_OFF_TMP(%r15) # Load result from temp buffer 96 92 ltgr %r2,%r2 # Set cc to (%r2 != 0) 97 - br %r6 # Return cc 93 + BR_EX %r6 # Return cc 98 94 99 95 #define sk_negative_common(NAME, SIZE, LOAD) \ 100 96 sk_load_##NAME##_slow_neg:; \ ··· 108 104 jz bpf_error; \ 109 105 LOAD %r14,0(%r2); /* Get data from pointer */ \ 110 106 xr %r3,%r3; /* Set cc to zero */ \ 111 - br %r6; /* Return cc */ 107 + BR_EX %r6; /* Return cc */ 112 108 113 109 sk_negative_common(word, 4, llgf) 114 110 sk_negative_common(half, 2, llgh) ··· 117 113 bpf_error: 118 114 # force a return 0 from jit handler 119 115 ltgr %r15,%r15 # Set condition code 120 - br %r6 116 + BR_EX %r6

+61 -2

arch/s390/net/bpf_jit_comp.c

··· 25 25 #include <linux/bpf.h> 26 26 #include <asm/cacheflush.h> 27 27 #include <asm/dis.h> 28 + #include <asm/facility.h> 29 + #include <asm/nospec-branch.h> 28 30 #include <asm/set_memory.h> 29 31 #include "bpf_jit.h" 30 32 ··· 43 41 int base_ip; /* Base address for literal pool */ 44 42 int ret0_ip; /* Address of return 0 */ 45 43 int exit_ip; /* Address of exit */ 44 + int r1_thunk_ip; /* Address of expoline thunk for 'br %r1' */ 45 + int r14_thunk_ip; /* Address of expoline thunk for 'br %r14' */ 46 46 int tail_call_start; /* Tail call start offset */ 47 47 int labels[1]; /* Labels for local jumps */ 48 48 }; ··· 252 248 _EMIT6(op1 | reg(b1, b2) << 16 | (rel & 0xffff), op2 | mask); \ 253 249 REG_SET_SEEN(b1); \ 254 250 REG_SET_SEEN(b2); \ 251 + }) 252 + 253 + #define EMIT6_PCREL_RILB(op, b, target) \ 254 + ({ \ 255 + int rel = (target - jit->prg) / 2; \ 256 + _EMIT6(op | reg_high(b) << 16 | rel >> 16, rel & 0xffff); \ 257 + REG_SET_SEEN(b); \ 258 + }) 259 + 260 + #define EMIT6_PCREL_RIL(op, target) \ 261 + ({ \ 262 + int rel = (target - jit->prg) / 2; \ 263 + _EMIT6(op | rel >> 16, rel & 0xffff); \ 255 264 }) 256 265 257 266 #define _EMIT6_IMM(op, imm) \ ··· 486 469 EMIT4(0xb9040000, REG_2, BPF_REG_0); 487 470 /* Restore registers */ 488 471 save_restore_regs(jit, REGS_RESTORE, stack_depth); 472 + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) { 473 + jit->r14_thunk_ip = jit->prg; 474 + /* Generate __s390_indirect_jump_r14 thunk */ 475 + if (test_facility(35)) { 476 + /* exrl %r0,.+10 */ 477 + EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10); 478 + } else { 479 + /* larl %r1,.+14 */ 480 + EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14); 481 + /* ex 0,0(%r1) */ 482 + EMIT4_DISP(0x44000000, REG_0, REG_1, 0); 483 + } 484 + /* j . */ 485 + EMIT4_PCREL(0xa7f40000, 0); 486 + } 489 487 /* br %r14 */ 490 488 _EMIT2(0x07fe); 489 + 490 + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable && 491 + (jit->seen & SEEN_FUNC)) { 492 + jit->r1_thunk_ip = jit->prg; 493 + /* Generate __s390_indirect_jump_r1 thunk */ 494 + if (test_facility(35)) { 495 + /* exrl %r0,.+10 */ 496 + EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10); 497 + /* j . */ 498 + EMIT4_PCREL(0xa7f40000, 0); 499 + /* br %r1 */ 500 + _EMIT2(0x07f1); 501 + } else { 502 + /* larl %r1,.+14 */ 503 + EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14); 504 + /* ex 0,S390_lowcore.br_r1_tampoline */ 505 + EMIT4_DISP(0x44000000, REG_0, REG_0, 506 + offsetof(struct lowcore, br_r1_trampoline)); 507 + /* j . */ 508 + EMIT4_PCREL(0xa7f40000, 0); 509 + } 510 + } 491 511 } 492 512 493 513 /* ··· 1020 966 /* lg %w1,<d(imm)>(%l) */ 1021 967 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_W1, REG_0, REG_L, 1022 968 EMIT_CONST_U64(func)); 1023 - /* basr %r14,%w1 */ 1024 - EMIT2(0x0d00, REG_14, REG_W1); 969 + if (IS_ENABLED(CC_USING_EXPOLINE) && !nospec_disable) { 970 + /* brasl %r14,__s390_indirect_jump_r1 */ 971 + EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip); 972 + } else { 973 + /* basr %r14,%w1 */ 974 + EMIT2(0x0d00, REG_14, REG_W1); 975 + } 1025 976 /* lgr %b0,%r2: load return value into %b0 */ 1026 977 EMIT4(0xb9040000, BPF_REG_0, REG_2); 1027 978 if ((jit->seen & SEEN_SKB) &&

+3 -9

drivers/s390/cio/qdio_setup.c

··· 141 141 int i; 142 142 143 143 for (i = 0; i < nr_queues; i++) { 144 - q = kmem_cache_alloc(qdio_q_cache, GFP_KERNEL); 144 + q = kmem_cache_zalloc(qdio_q_cache, GFP_KERNEL); 145 145 if (!q) 146 146 return -ENOMEM; 147 147 ··· 456 456 { 457 457 struct ciw *ciw; 458 458 struct qdio_irq *irq_ptr = init_data->cdev->private->qdio_data; 459 - int rc; 460 459 461 460 memset(&irq_ptr->qib, 0, sizeof(irq_ptr->qib)); 462 461 memset(&irq_ptr->siga_flag, 0, sizeof(irq_ptr->siga_flag)); ··· 492 493 ciw = ccw_device_get_ciw(init_data->cdev, CIW_TYPE_EQUEUE); 493 494 if (!ciw) { 494 495 DBF_ERROR("%4x NO EQ", irq_ptr->schid.sch_no); 495 - rc = -EINVAL; 496 - goto out_err; 496 + return -EINVAL; 497 497 } 498 498 irq_ptr->equeue = *ciw; 499 499 500 500 ciw = ccw_device_get_ciw(init_data->cdev, CIW_TYPE_AQUEUE); 501 501 if (!ciw) { 502 502 DBF_ERROR("%4x NO AQ", irq_ptr->schid.sch_no); 503 - rc = -EINVAL; 504 - goto out_err; 503 + return -EINVAL; 505 504 } 506 505 irq_ptr->aqueue = *ciw; 507 506 ··· 509 512 init_data->cdev->handler = qdio_int_handler; 510 513 spin_unlock_irq(get_ccwdev_lock(irq_ptr->cdev)); 511 514 return 0; 512 - out_err: 513 - qdio_release_memory(irq_ptr); 514 - return rc; 515 515 } 516 516 517 517 void qdio_print_subchannel_info(struct qdio_irq *irq_ptr,

+12 -1

drivers/s390/cio/vfio_ccw_cp.c

··· 715 715 * and stores the result to ccwchain list. @cp must have been 716 716 * initialized by a previous call with cp_init(). Otherwise, undefined 717 717 * behavior occurs. 718 + * For each chain composing the channel program: 719 + * - On entry ch_len holds the count of CCWs to be translated. 720 + * - On exit ch_len is adjusted to the count of successfully translated CCWs. 721 + * This allows cp_free to find in ch_len the count of CCWs to free in a chain. 718 722 * 719 723 * The S/390 CCW Translation APIS (prefixed by 'cp_') are introduced 720 724 * as helpers to do ccw chain translation inside the kernel. Basically ··· 753 749 for (idx = 0; idx < len; idx++) { 754 750 ret = ccwchain_fetch_one(chain, idx, cp); 755 751 if (ret) 756 - return ret; 752 + goto out_err; 757 753 } 758 754 } 759 755 760 756 return 0; 757 + out_err: 758 + /* Only cleanup the chain elements that were actually translated. */ 759 + chain->ch_len = idx; 760 + list_for_each_entry_continue(chain, &cp->ccwchain_list, next) { 761 + chain->ch_len = 0; 762 + } 763 + return ret; 761 764 } 762 765 763 766 /**