On Wed, 7 Feb 2018 11:07:26 +0100 Pavel Machek <pa...@ucw.cz> wrote: > On Wed 2018-02-07 08:00:11, Martin Schwidefsky wrote: > > Add CONFIG_EXPOLINE to enable the use of the new -mindirect-branch= and > > -mfunction_return= compiler options to create a kernel fortified against > > the specte v2 attack. > > > > With CONFIG_EXPOLINE=y all indirect branches will be issued with an > > execute type instruction. For z10 or newer the EXRL instruction will > > be used, for older machines the EX instruction. The typical indirect > > call > > > > basr %r14,%r1 > > > > is replaced with a PC relative call to a new thunk > > > > brasl %r14,__s390x_indirect_jump_r1 > > > > The thunk contains the EXRL/EX instruction to the indirect branch > > > > __s390x_indirect_jump_r1: > > exrl 0,0f > > j . > > 0: br %r1 > > > > The detour via the execute type instruction has a performance impact. > > To get rid of the detour the new kernel parameter "nospectre_v2" and > > "spectre_v2=[on,off,auto]" can be used. If the parameter is specified > > the kernel and module code will be patched at runtime. > > This is really unfortunate naming of kernel option. > > spectre_v2=off sounds like we are turning the "bug" off, but i somehow > suspect you are turning the bug _workaround_ off. Well, that is the 1:1 copy of the x86 option. Do you want to change that one as well?
-- blue skies, Martin. "Reality continues to ruin my life." - Calvin.
