From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Sat, 12 May 2018 00:12:34 +0000 (-0400)
Subject: x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation
X-Git-Tag: v4.1.12-124.31.3~784
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=edd22967f272aafa4dfbbaf294e28942728dc95c;p=users%2Fjedix%2Flinux-maple.git

x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation

instead of during early bootup. This makes the bootup much
faster as we may get an NMI (watchdog) during booting before we
make it to spectre_v2_select_mitigation - which means we would
be running with IBRS enabled.

OraBug: 28041771
CVE: CVE-2018-3639

Fixes: XYZ ("x86/bugs/IBRS: Use variable instead of defines for enabling IBRS")
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Mihai Carabas <mihai.carabas@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
---

diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h
index bd56ce84ce4d3..2ea0a57f17991 100644
--- a/arch/x86/include/asm/spec_ctrl.h
+++ b/arch/x86/include/asm/spec_ctrl.h
@@ -251,8 +251,6 @@ static inline int check_ibrs_inuse(void)
 static inline void set_ibrs_supported(void)
 {
 	use_ibrs |= SPEC_CTRL_IBRS_SUPPORTED;
-	if (!ibrs_disabled)
-		(void)set_ibrs_inuse();
 }
 
 static inline void set_ibrs_disabled(void)
diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index 54425027c5ded..bd49860741eaa 100644
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -314,6 +314,9 @@ static enum spectre_v2_mitigation __init ibrs_select(void)
 {
 	enum spectre_v2_mitigation mode = SPECTRE_V2_NONE;
 
+	/* Turn it on (if possible) */
+	set_ibrs_inuse();
+
 	/* If it is ON, OK, lets use it.*/
 	if (check_ibrs_inuse())
 		mode = SPECTRE_V2_IBRS;
@@ -439,12 +442,12 @@ retpoline_auto:
 					 SPECTRE_V2_RETPOLINE_MINIMAL;
 
 		pr_info("Options: %s%s%s\n",
-			check_ibrs_inuse() ? "IBRS " : "",
+			ibrs_supported ? "IBRS " : "",
 			check_ibpb_inuse() ? "IBPB " : "",
 			retp_compiler() ? "retpoline" : "");
 
 		/* IBRS available. Lets see if we are compiled with retpoline. */
-		if (check_ibrs_inuse()) {
+		if (ibrs_supported) {
 			/*
 			 * If we are on Skylake, use IBRS (if available). But if we
 			 * are forced to use retpoline on Skylake then use that.
@@ -452,11 +455,11 @@ retpoline_auto:
 			if (!retp_compiler() /* prefer IBRS over minimal ASM */ ||
 			    (retp_compiler() && !retpoline_selected(cmd) &&
 			     is_skylake_era() && use_ibrs_on_skylake)) {
-				mode = SPECTRE_V2_IBRS;
-				/* OK, some form of IBRS is enabled, lets see if we need to STUFF_RSB */
-				if (!boot_cpu_has(X86_FEATURE_SMEP))
-					setup_force_cpu_cap(X86_FEATURE_STUFF_RSB);
-				goto display;
+				/* Start the engine! */
+				mode = ibrs_select();
+				if (mode == SPECTRE_V2_IBRS)
+					goto display;
+				/* But if we can't, then just use retpoline */
 			}
 		}
 		setup_force_cpu_cap(X86_FEATURE_RETPOLINE);