From: Patrick Colp Date: Tue, 28 Aug 2018 23:22:41 +0000 (-0700) Subject: x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use X-Git-Tag: v4.1.12-124.31.3~533 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=6a9757c562b36e32798b3e69a22295cd55ef8a69;p=users%2Fjedix%2Flinux-maple.git x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use Currently the SPEC_CTRL_IBRS_FIRMWARE flag always gets set as long as IBRS is supported by the hardware. However, as best as can be determined by the documention, if IBRS has been disabled (e.g., spectre_v2=off) then SPEC_CTRL_IBRS_FIRMWARE should not be set: nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 (indirect branch prediction) vulnerability. System may allow data leaks with this option, which is equivalent to spectre_v2=off. and: spectre_v2= [X86] Control mitigation of Spectre variant 2 (indirect branch speculation) vulnerability. off - unconditionally disable Add a check in set_ibrs_firmware() to only set SPEC_CTRL_IBRS_FIRMWARE if ibrs_disabled is not also set. Orabug: 28274907 Signed-off-by: Patrick Colp Reviewed-by: Kanth Ghatraju Signed-off-by: Brian Maly --- diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h index 1abaf122a6e8..c9016d4d3694 100644 --- a/arch/x86/include/asm/spec_ctrl.h +++ b/arch/x86/include/asm/spec_ctrl.h @@ -337,7 +337,7 @@ static inline void clear_ibrs_disabled(void) static inline void set_ibrs_firmware(void) { - if (ibrs_supported) + if (ibrs_supported && !ibrs_disabled) use_ibrs |= SPEC_CTRL_IBRS_FIRMWARE; }