x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support

Expose indirect_branch_prediction_barrier() for use in subsequent patches.

[ tglx: Add IBPB status to spectre_v2 sysfs file ]

Co-developed-by: KarimAllah Ahmed <karahmed@amazon.de>
Signed-off-by: KarimAllah Ahmed <karahmed@amazon.de>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: ak@linux.intel.com
Cc: ashok.raj@intel.com
Cc: dave.hansen@intel.com
Cc: arjan@linux.intel.com
Cc: torvalds@linux-foundation.org
Cc: peterz@infradead.org
Cc: bp@alien8.de
Cc: pbonzini@redhat.com
Cc: tim.c.chen@linux.intel.com
Cc: gregkh@linux-foundation.org
Link: https://lkml.kernel.org/r/1516896855-7642-8-git-send-email-dwmw@amazon.co.uk
(cherry picked from commit 20ffa1caecca4db8f79fe665acdeaa5af815a24d)
Orabug: 27477743
CVE: CVE-2017-5715

 Conflicts:
	arch/x86/include/asm/cpufeatures.h
	arch/x86/kernel/cpu/bugs.c
[The original version of this patch doesn't set X86_FEATURE_IBPB, so do
it ourselves.  Given X86_FEATURE_SPEC_CTRL (i.e. CPUID.07.[EDX.26])[*],
always set X86_FEATURE_IBPB in scattered.c.  This omission did not
impact the actual IBPB functionality as the code uses 'ibpb_inuse': the
only thing missing was the 'ibpb' string in /proc/cpuinfo.

Since we already have code to enable IBPB (e.g. switch_mm_irqs_off),
there is no point in backporting indirect_branch_prediction_barrier from
this patch.]

[*] 336996-Speculative-Execution-Side-Channel-Mitigations.pdf

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Pavel Tatashin <pasha.tatashin@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>

diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index 421b151e8deaa4c43023f959cd2a9b35e2856f17..cf5787768eee8280dae7774e4effedc0b585621b 100644 (file)
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -375,6 +375,10 @@ out:
        }
        /* Future CPUs with IBRS_ATT might be able to avoid this. */
        setup_force_cpu_cap(X86_FEATURE_VMEXIT_RSB_FULL);
+
+       /* Initialize Indirect Branch Prediction Barrier if supported */
+       if (boot_cpu_has(X86_FEATURE_IBPB) && ibpb_inuse)
+               pr_info("Enabling Indirect Branch Prediction Barrier\n");
 }
 
 #undef pr_fmt

diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 8cd8a7ae42decba87cacb20aab541fc8b44c5d5d..06e9143e34891727604a7706b5d09a3336e07889 100644 (file)
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -87,6 +87,9 @@ void init_scattered_cpuid_features(struct cpuinfo_x86 *c)
                        set_cpu_cap(c, X86_FEATURE_IBRS_ATT);
        }
 
+       if (cpu_has(c, X86_FEATURE_IBRS))
+               set_cpu_cap(c, X86_FEATURE_IBPB);
+
        if (!c->cpu_index) {
                bool ignore = false;