www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Thu, 1 Feb 2018 15:13:37 +0000 (10:13 -0500)
committer	Jack Vogel <jack.vogel@oracle.com>
	Wed, 7 Feb 2018 19:00:41 +0000 (11:00 -0800)
commit	f1bb328815e537d76b7070aa71030568e01c74e9
tree	2fc8dc2ccbaf8f6ab31aad61c5503ab286648c25	tree
parent	2328a007b0aed23792ff7e1a9d7e02d15e928b52	commit \| diff

x86/spectre_v2: Figure out when to use IBRS.

Which is if:
a) on the bootline you have 'spectre_v2=ibrs' _and_ the microcode
    is loaded that exposes this. And nobody used 'noibrs'.

    Also if you have 'spectre_v2=ibrs noibrs' we end up falling
    in the 'lfence'. Unless somebody did 'spectre_v2=ibrs noibrs nolfence',
    then we go back to automatic discovery.

b) Kernel compiled without retpoline and the microcode is
   available.

c) Kernel compiled without retpoline and there is no microcode with IBRS
   then we pick 'lfence' on system calls.

Orabug: 27477743
CVE: CVE-2017-5715

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Pavel Tatashin <pasha.tatashin@oracle.com>

arch/x86/include/asm/nospec-branch.h		diff \| blob \| history
arch/x86/kernel/cpu/bugs_64.c		diff \| blob \| history