x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation

instead of during early bootup. This makes the bootup much
faster as we may get an NMI (watchdog) during booting before we
make it to spectre_v2_select_mitigation - which means we would
be running with IBRS enabled.

OraBug: 28041771
CVE: CVE-2018-3639

Fixes: XYZ ("x86/bugs/IBRS: Use variable instead of defines for enabling IBRS")
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>

diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h
index bd56ce84ce4d35a9576d983fa3528f5c0945d74e..2ea0a57f1799114eb5c42d5ba19577fb668ef1b4 100644 (file)
--- a/arch/x86/include/asm/spec_ctrl.h
+++ b/arch/x86/include/asm/spec_ctrl.h
@@ -251,8 +251,6 @@ static inline int check_ibrs_inuse(void)
 static inline void set_ibrs_supported(void)
 {
        use_ibrs |= SPEC_CTRL_IBRS_SUPPORTED;
-       if (!ibrs_disabled)
-               (void)set_ibrs_inuse();
 }
 
 static inline void set_ibrs_disabled(void)

diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index 54425027c5ded082b5c38112170c471c4305a1bb..bd49860741eaa623bf58d77f51cccb1ef1db501b 100644 (file)
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -314,6 +314,9 @@ static enum spectre_v2_mitigation __init ibrs_select(void)
 {
        enum spectre_v2_mitigation mode = SPECTRE_V2_NONE;
 
+       /* Turn it on (if possible) */
+       set_ibrs_inuse();
+
        /* If it is ON, OK, lets use it.*/
        if (check_ibrs_inuse())
                mode = SPECTRE_V2_IBRS;
@@ -439,12 +442,12 @@ retpoline_auto:
                                         SPECTRE_V2_RETPOLINE_MINIMAL;
 
                pr_info("Options: %s%s%s\n",
-                       check_ibrs_inuse() ? "IBRS " : "",
+                       ibrs_supported ? "IBRS " : "",
                        check_ibpb_inuse() ? "IBPB " : "",
                        retp_compiler() ? "retpoline" : "");
 
                /* IBRS available. Lets see if we are compiled with retpoline. */
-               if (check_ibrs_inuse()) {
+               if (ibrs_supported) {
                        /*
                         * If we are on Skylake, use IBRS (if available). But if we
                         * are forced to use retpoline on Skylake then use that.
@@ -452,11 +455,11 @@ retpoline_auto:
                        if (!retp_compiler() /* prefer IBRS over minimal ASM */ ||
                            (retp_compiler() && !retpoline_selected(cmd) &&
                             is_skylake_era() && use_ibrs_on_skylake)) {
-                               mode = SPECTRE_V2_IBRS;
-                               /* OK, some form of IBRS is enabled, lets see if we need to STUFF_RSB */
-                               if (!boot_cpu_has(X86_FEATURE_SMEP))
-                                       setup_force_cpu_cap(X86_FEATURE_STUFF_RSB);
-                               goto display;
+                               /* Start the engine! */
+                               mode = ibrs_select();
+                               if (mode == SPECTRE_V2_IBRS)
+                                       goto display;
+                               /* But if we can't, then just use retpoline */
                        }
                }
                setup_force_cpu_cap(X86_FEATURE_RETPOLINE);