x86/spectre_v2: Do not disable IBPB when disabling IBRS

Upstream has decided that while IBRS is bad, IBPB is good.

In fact:
18bf3c3ea8ece8f03b6fc58508f2dfd23c7711c7 x86/speculation: Use Indirect Branch Prediction Barrier in context switch

and KVM patches:
15d45071523d89b3fb7372e2135fbd72f6af9506 KVM/x86: Add IBPB support

all use indirect_branch_prediction_barrier().

In our code base the indirect_branch_prediction_barrier
is wrapped with an check:

if (ibpb_inuse)
	wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);

But nonethless we should keep the IBPB disabled on the normal path.

However if folks have choosen 'spectre_v2=off' or 'spectre_v2=none'
then we MUST disable the IBPB.

Orabug: 27477743
CVE: CVE-2017-5715

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>

diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index 40fd40bbeb1a98bb6cbc133a1263e4800ae5f3f9..d56b3d462f19621bd058e025aea668b0871ee4a7 100644 (file)
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -258,10 +258,12 @@ static enum spectre_v2_mitigation __init ibrs_select(void)
        return mode;
 }
 
-static void __init disable_ibrs_and_friends(void)
+static void __init disable_ibrs_and_friends(bool disable_ibpb)
 {
        set_ibrs_disabled();
-       set_ibpb_disabled();
+       /* We need to use IBPB with retpoline if it is available. */
+       if (disable_ibpb)
+               set_ibpb_disabled();
        set_lfence_disabled();
 }
 
@@ -290,13 +292,13 @@ static void __init spectre_v2_select_mitigation(void)
         */
        if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) &&
            (cmd == SPECTRE_V2_CMD_NONE || cmd == SPECTRE_V2_CMD_AUTO)) {
-               disable_ibrs_and_friends();
+               disable_ibrs_and_friends(true);
                return;
        }
 
        switch (cmd) {
        case SPECTRE_V2_CMD_NONE:
-               disable_ibrs_and_friends();
+               disable_ibrs_and_friends(true);
                return;
 
        case SPECTRE_V2_CMD_FORCE:
@@ -392,7 +394,7 @@ out:
        /* IBRS is unnecessary with retpoline mitigation. */
        if (mode == SPECTRE_V2_RETPOLINE_GENERIC ||
            mode == SPECTRE_V2_RETPOLINE_AMD) {
-               disable_ibrs_and_friends();
+               disable_ibrs_and_friends(false /* Do use IPBP if possible */);
        }
        /* Future CPUs with IBRS_ATT might be able to avoid this. */
        setup_force_cpu_cap(X86_FEATURE_VMEXIT_RSB_FULL);