x86/speculation: Use IBRS if available before calling into firmware

x86/speculation: Use IBRS if available before calling into firmware

Retpoline means the kernel is safe because it has no indirect branches.
But firmware isn't, so use IBRS for firmware calls if it's available.

Block preemption while IBRS is set, although in practice the call sites
already had to be doing that.

Ignore hpwdt.c for now. It's taking spinlocks and calling into firmware
code, from an NMI handler. I don't want to touch that with a bargepole.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: arjan.van.de.ven@intel.com
Cc: bp@alien8.de
Cc: dave.hansen@intel.com
Cc: jmattson@google.com
Cc: karahmed@amazon.de
Cc: kvm@vger.kernel.org
Cc: pbonzini@redhat.com
Cc: rkrcmar@redhat.com
Link: http://lkml.kernel.org/r/1519037457-7643-2-git-send-email-dwmw@amazon.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry-pick from dd84441a7971)
[Backport:

We need to be more dynamic. We may have retpoline disabled for some time and
then when somebody loads an proprietary module (say nvidia.ko) we can stop making
these calls (as we would be doing IBRS calls now).

As such we we use a new bit on the ibrs global value - which on bootup is set
to be enabled  (if IBRS firmware is detected), and then if retpoline is selected
it is still used. But if 'spectre_v2=off' is off, then it is disabled.

The original feature uses a CPU feature, but we are much more dynamic
thanks to the SysFS and retpoline-module-check.]

Orabug: 27516477
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>