From: Alejandro Jimenez Date: Wed, 20 Mar 2019 16:49:58 +0000 (-0400) Subject: x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used X-Git-Tag: v4.1.12-124.31.3~119 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=0d57530467243281b7decd099a017a0659653705;p=users%2Fjedix%2Flinux-maple.git x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used When SSBD is unconditionally enabled using the kernel parameter "spec_store_bypass_disable=on", enhanced IBRS is inadvertently turned off. This happens because the SSBD initialization runs after the code which selects enhanced IBRS as the spectre V2 mitigation and sets the IBRS bit on the SPEC_CTRL MSR. When "spec_store_bypass_disable=on" is used, ssb_init() calls x86_spec_ctrl_set(SPEC_CTRL_INITIAL), which writes to the SPEC_CTRL MSR to set the SSBD bit. The value written does not have the IBRS bit set, since if basic IBRS is in use it will be set during the next userspace to kernel transition. However, this is not the case for enhanced IBRS where setting the bit once is sufficient. As a result, enhanced IBRS remains disabled in this scenario unless manually enabled afterwards using the sysfs knobs. Fix the issue by using the correct value with the IBRS bit set when the enhanced IBRS mitigation is in use. Orabug: 29423804 Signed-off-by: Alejandro Jimenez Reviewed-by: Boris Ostrovsky Signed-off-by: Brian Maly --- diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c index 417d211d435b..097b5c4f2457 100644 --- a/arch/x86/kernel/cpu/bugs_64.c +++ b/arch/x86/kernel/cpu/bugs_64.c @@ -303,10 +303,15 @@ void x86_spec_ctrl_set(enum spec_ctrl_set_context context) /* * Initial write of the MSR on this CPU. Done to turn on SSBD * if it is always enabled in privileged mode - * (spec_store_bypass_disable=on). Use the base bits to avoid - * IBRS needlessly being enabled before userspace is running. + * (spec_store_bypass_disable=on). If enhanced IBRS is in use, + * its bit has been set by an earlier write to the MSR on all + * the cpus, and it must be preserved by this MSR write. + * Otherwise use only the base bits (x86_spec_ctrl_base) to + * avoid basic IBRS needlessly being enabled before userspace + * is running. */ - host = x86_spec_ctrl_base; + host = x86_spec_ctrl_base | (spectre_v2_eibrs_enabled() ? + SPEC_CTRL_FEATURE_ENABLE_IBRS : 0); break; case SPEC_CTRL_IDLE_ENTER: /*