diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-09 09:58:37 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-09 09:58:37 -0800 |
| commit | dff839f27dc8d70e191562c8e78b0a9a88028362 (patch) | |
| tree | 58173c5913ee68e0d8acc8ef31808bbe416d3758 /arch/s390/Kconfig | |
| parent | 54ce685cae30c106f062d714c11e644ab1b93b51 (diff) | |
| parent | 48973df8c9c51612acc870ad1a885b0cf27c3356 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 updates from Heiko Carstens:
"The main thing in this merge is the defense for the Spectre
vulnerabilities. But there are other updates as well, the changes in
more detail:
- An s390 specific implementation of the array_index_mask_nospec
function to the defense against spectre v1
- Two patches to utilize the new PPA-12/PPA-13 instructions to run
the kernel and/or user space with reduced branch predicton.
- The s390 variant of the 'retpoline' spectre v2 defense called
'expoline'. There is no return instruction for s390, instead an
indirect branch is used for function return
The s390 defense mechanism for indirect branches works by using an
execute-type instruction with the indirect branch as the target of
the execute. In effect that turns off the prediction for the
indirect branch.
- Scrub registers in entry.S that contain user controlled values to
prevent the speculative use of these values.
- Re-add the second parameter for the s390 specific runtime
instrumentation system call and move the header file to uapi. The
second parameter will continue to do nothing but older kernel
versions only accepted valid real-time signal numbers. The details
will be documented in the man-page for the system call.
- Corrections and improvements for the s390 specific documentation
- Add a line to /proc/sysinfo to display the CPU model dependent
license-internal-code identifier
- A header file include fix for eadm.
- An error message fix in the kprobes code.
- The removal of an outdated ARCH_xxx select statement"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/kconfig: Remove ARCH_WANTS_PROT_NUMA_PROT_NONE select
s390: introduce execute-trampolines for branches
s390: run user space and KVM guests with modified branch prediction
s390: add options to change branch prediction behaviour for the kernel
s390/alternative: use a copy of the facility bit mask
s390: add optimized array_index_mask_nospec
s390: scrub registers on kernel entry and KVM exit
s390/cio: fix kernel-doc usage
s390/runtime_instrumentation: re-add signum system call parameter
s390/cpum_cf: correct counter number of LAST_HOST_TRANSLATIONS
s390/kprobes: Fix %p uses in error messages
s390/runtime instrumentation: provide uapi header file
s390/sysinfo: add and display licensed internal code identifier
s390/docs: reword airq section
s390/docs: mention subchannel types
s390/cmf: fix kerneldoc
s390/eadm: fix CONFIG_BLOCK include dependency
Diffstat (limited to 'arch/s390/Kconfig')
| -rw-r--r-- | arch/s390/Kconfig | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 0105ce28e246..eaee7087886f 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -112,7 +112,6 @@ config S390 select ARCH_USE_BUILTIN_BSWAP select ARCH_USE_CMPXCHG_LOCKREF select ARCH_WANTS_DYNAMIC_TASK_STRUCT - select ARCH_WANTS_PROT_NUMA_PROT_NONE select ARCH_WANTS_UBSAN_NO_NULL select ARCH_WANT_IPC_PARSE_VERSION select BUILDTIME_EXTABLE_SORT @@ -540,6 +539,51 @@ config ARCH_RANDOM If unsure, say Y. +config KERNEL_NOBP + def_bool n + prompt "Enable modified branch prediction for the kernel by default" + help + If this option is selected the kernel will switch to a modified + branch prediction mode if the firmware interface is available. + The modified branch prediction mode improves the behaviour in + regard to speculative execution. + + With the option enabled the kernel parameter "nobp=0" or "nospec" + can be used to run the kernel in the normal branch prediction mode. + + With the option disabled the modified branch prediction mode is + enabled with the "nobp=1" kernel parameter. + + If unsure, say N. + +config EXPOLINE + def_bool n + prompt "Avoid speculative indirect branches in the kernel" + help + Compile the kernel with the expoline compiler options to guard + against kernel-to-user data leaks by avoiding speculative indirect + branches. + Requires a compiler with -mindirect-branch=thunk support for full + protection. The kernel may run slower. + + If unsure, say N. + +choice + prompt "Expoline default" + depends on EXPOLINE + default EXPOLINE_FULL + +config EXPOLINE_OFF + bool "spectre_v2=off" + +config EXPOLINE_MEDIUM + bool "spectre_v2=auto" + +config EXPOLINE_FULL + bool "spectre_v2=on" + +endchoice + endmenu menu "Memory setup" |