retpoline/module: do not enable IBRS/IPBP if SPEC_CTRL_IBRS_ADMIN_DISABLED/SPEC_CTRL_...

The retpoline fallback code in disable_retpoline() attempts to enable
the Spectre IBRS and IPBP mitigations by calling set_ibrs_inuse() and
set_ibpb_inuse().  SPEC_CTRL_IBRS_INUSE should not be set unless
SPEC_CTRL_IBRS_SUPPORTED is set and SPEC_CTRL_IBRS_ADMIN_DISABLED is not
set.  Otherwise, the kernel boot parameter noibrs, which sets
SPEC_CTRL_IBRS_ADMIN_DISABLED, is ignored and IBRS is incorrectly
enabled during retpoline fallback.

Same for set_ibpb_inuse(): it should respect
SPEC_CTRL_IBPB_ADMIN_DISABLED.

Orabug: 27625353
Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h
index 17bd0916164a94e8a3e042fe665ca656d4d03322..91465ba903e02e8951777078ebdb773e4e4c63b0 100644 (file)
--- a/arch/x86/include/asm/spec_ctrl.h
+++ b/arch/x86/include/asm/spec_ctrl.h
@@ -220,7 +220,7 @@ extern void unprotected_firmware_end(void);
 
 static inline bool set_ibrs_inuse(void)
 {
-       if (ibrs_supported) {
+       if (ibrs_supported && !ibrs_disabled) {
                use_ibrs |= SPEC_CTRL_IBRS_INUSE;
                return true;
        } else {
@@ -293,7 +293,7 @@ extern u32 sysctl_ibpb_enabled;
 
 static inline bool set_ibpb_inuse(void)
 {
-       if (ibpb_supported) {
+       if (ibpb_supported && !ibpb_disabled) {
                use_ibpb |= SPEC_CTRL_IBPB_INUSE;
                return true;
        } else {