@@ -439,22 +439,26 @@ static ssize_t reload_store(struct device *dev,
if (!ret)
perf_check_microcode();
- if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
- printk_once(KERN_INFO "FEATURE SPEC_CTRL Present\n");
+ /* Initialize Indirect Branch Prediction Barrier if supported */
+ if (boot_cpu_has(X86_FEATURE_IBPB)) {
+ setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
+ pr_info("Enabling Indirect Branch Prediction Barrier\n");
+
mutex_lock(&spec_ctrl_mutex);
- set_ibrs_supported();
set_ibpb_supported();
- if (ibrs_inuse)
- sysctl_ibrs_enabled = 1;
if (ibpb_inuse)
sysctl_ibpb_enabled = 1;
mutex_unlock(&spec_ctrl_mutex);
- } else if (boot_cpu_has(X86_FEATURE_IBPB)) {
- printk_once(KERN_INFO "FEATURE IBPB Present\n");
+ }
+
+ /* Initialize Indirect Branch Restricted Speculation if supported */
+ if (boot_cpu_has(X86_FEATURE_IBRS)) {
+ pr_info("Enabling Indirect Branch Restricted Speculation\n");
+
mutex_lock(&spec_ctrl_mutex);
- set_ibpb_supported();
- if (ibpb_inuse)
- sysctl_ibpb_enabled = 1;
+ set_ibrs_supported();
+ if (ibrs_inuse)
+ sysctl_ibrs_enabled = 1;
mutex_unlock(&spec_ctrl_mutex);
}
CVE-2018-3639 (x86) We now have individual feature flags for IBRS and IBPB, so query them when reloading microcode. Just like we do on boot (in arch/x86/kernel/cpu/common.c). Signed-off-by: Juerg Haefliger <juergh@canonical.com> --- arch/x86/kernel/cpu/microcode/core.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-)