x86/mm: Set IBPB upon context switch

Set IBPB on context switch with changing of page table.

Orabug: 27344012
CVE: CVE-2017-5715

Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
[Backport needs an asm/microcode.h to include the native_wrmsrl]

Reviewed-by: John Haxby <john.haxby@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>

diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 73e38f14ddebec9a822407606b53f9291568da6b..517c3998d7e44be3fa965916360aac7a73f790bc 100644 (file)
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -11,6 +11,7 @@
 #include <asm/tlbflush.h>
 #include <asm/paravirt.h>
 #include <asm/mpx.h>
+#include <asm/microcode.h>
 #ifndef CONFIG_PARAVIRT
 static inline void paravirt_activate_mm(struct mm_struct *prev,
                                        struct mm_struct *next)
@@ -97,6 +98,9 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
 {
        unsigned cpu = smp_processor_id();
 
+       if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
+               native_wrmsrl(MSR_IA32_PRED_CMD, FEATURE_SET_IBPB);
+
        if (likely(prev != next)) {
 #ifdef CONFIG_SMP
                this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);