From: Chuck Anderson <chuck.anderson@oracle.com>
Date: Wed, 7 Mar 2018 05:29:14 +0000 (-0800)
Subject: retpoline: selectively disable IBRS in disable_ibrs_and_friends()
X-Git-Tag: v4.1.12-124.31.3~915
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=dd777c19cb80969b770ed23e88118ec52fea937f;p=users%2Fjedix%2Flinux-maple.git

retpoline: selectively disable IBRS in disable_ibrs_and_friends()

disable_ibrs_and_friends() is called:
(1) when the boot parameter "spectre_v2=off" is specified.
(2) the CPU is not affected by Spectre V2 and:
	- spectre_v2=off
	- or spectre_v2=auto
	- or the spectre_v2 is not specified
(3) retpoline is selected as the Spectre V2 mitigation.

For (1) and (2) IBRS should be disabled (SPEC_CTRL_IBRS_ADMIN_DISABLED
is set).  This prevents setting IBRS in use even if it is the only
Spectre V2 mitigation available.

For (3) IBRS should be set not-in-use but remain enabled in case
it is selected by disable_repoline() as the fall back Spectre V2
mitigation.

Orabug: 27665263

Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---

diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index 30279fe2976f..54425027c5de 100644
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -329,9 +329,8 @@ static enum spectre_v2_mitigation __init ibrs_select(void)
 	return mode;
 }
 
-static void __init disable_ibrs_and_friends(bool disable_ibpb)
+static void __init disable_ibrs_and_friends(bool disable)
 {
-	set_ibrs_disabled();
 	if (use_ibrs & SPEC_CTRL_IBRS_SUPPORTED) {
 		unsigned int cpu;
 
@@ -341,15 +340,23 @@ static void __init disable_ibrs_and_friends(bool disable_ibpb)
 
 		put_online_cpus();
 	}
-	/*
-	 * We need to use IBPB with retpoline if it is available.
-	 * And also IBRS for firmware paths.
-	 */
-	if (disable_ibpb) {
+
+	if (disable) {
+		set_ibrs_disabled();
 		set_ibpb_disabled();
 		disable_ibrs_firmware();
-	} else
+	} else {
+		/*
+		 * Clear in-use instead of disabling so that IBRS can be
+		 * set back in use later by disable_retpoline().
+		 */
+		clear_ibrs_inuse();
+		/*
+		 * We need to use IBPB with retpoline if it is available.
+		 * Also IBRS for firmware paths.
+		 */
 		set_ibrs_firmware();
+	}
 }
 
 static bool __init retpoline_selected(enum spectre_v2_mitigation_cmd cmd)
@@ -481,7 +488,7 @@ out:
 	/* IBRS is unnecessary with retpoline mitigation. */
 	if (mode == SPECTRE_V2_RETPOLINE_GENERIC ||
 	    mode == SPECTRE_V2_RETPOLINE_AMD) {
-		disable_ibrs_and_friends(false /* Do use IPBP if possible */);
+		disable_ibrs_and_friends(false /* set not-in-use */);
 	}
 	/* Future CPUs with IBRS_ALL might be able to avoid this. */
 	setup_force_cpu_cap(X86_FEATURE_VMEXIT_RSB_FULL);