x86/spec_ctrl: Disable if running as Xen PV guest.

Orabug: 27344012
CVE: CVE-2017-5715

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>

diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 61216c821682c59c46ee50772bf39a7f4cf2cd7e..1dd9a5b09e0179ac1af9ebd9eddb9f2bf5155250 100644 (file)
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -86,8 +86,15 @@ void init_scattered_cpuid_features(struct cpuinfo_x86 *c)
        }
 
        if (!c->cpu_index) {
+               bool ignore = false;
+
+               if (xen_pv_domain())
+                       ignore = true;
+
                if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
-                       printk(KERN_INFO "FEATURE SPEC_CTRL Present\n");
+                       printk(KERN_INFO "FEATURE SPEC_CTRL Present%s\n", ignore ? " but ignored (Xen)": "");
+                       if (ignore)
+                               return;
                        set_ibrs_supported();
                        set_ibpb_supported();
                        if (ibrs_inuse)
@@ -95,7 +102,9 @@ void init_scattered_cpuid_features(struct cpuinfo_x86 *c)
                        if (ibpb_inuse)
                                sysctl_ibpb_enabled = 1;
                } else if (boot_cpu_has(X86_FEATURE_IBPB)) {
-                       printk_once(KERN_INFO "FEATURE IBPB Present\n");
+                       printk_once(KERN_INFO "FEATURE IBPB Present%s\n", ignore ? " but ignored (Xen)": "");
+                       if (ignore)
+                               return;
                        set_ibpb_supported();
                        if (ibpb_inuse)
                                sysctl_ibpb_enabled = 1;