| Message ID | 20181127092742.27356-1-juergh@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Xenial] UBUNTU: SAUCE: x86/speculation: Only report IBPB/IBRS state changes | expand |
This should be applied after the series. Sorry, it's missing the CVE line :-( ...Juerg On Tue, 27 Nov 2018 10:27:42 +0100 Juerg Haefliger <juerg.haefliger@canonical.com> wrote: > Only print the IBPB/IBRS state to the log if it actually changes. > Otherwise the log is polluted everytime the procfs file is read from. CVE-2017-5715 > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > kernel/sysctl.c | 18 +++++++++++------- > 1 file changed, 11 insertions(+), 7 deletions(-) > > diff --git a/kernel/sysctl.c b/kernel/sysctl.c > index 11c626dd1b1c..59fe90f934fb 100644 > --- a/kernel/sysctl.c > +++ b/kernel/sysctl.c > @@ -213,15 +213,17 @@ static unsigned int __ibpb_enabled = 0; /* > procfs shadow variable */ int set_ibpb_enabled(unsigned int val) > { > int error = 0; > + unsigned int prev = ibpb_enabled; > > mutex_lock(&spec_ctrl_mutex); > > /* Only enable IBPB if the CPU supports it */ > if (boot_cpu_has(X86_FEATURE_IBPB)) { > ibpb_enabled = val; > - pr_info("Spectre V2 : Spectre v2 mitigation: %s > Indirect " > - "Branch Prediction Barrier\n", > - ibpb_enabled ? "Enabling" : "Disabling"); > + if (ibpb_enabled != prev) > + pr_info("Spectre V2 : Spectre v2 mitigation: > %s " > + "Indirect Branch Prediction > Barrier\n", > + ibpb_enabled ? "Enabling" : > "Disabling"); } else { > ibpb_enabled = 0; > if (val) { > @@ -260,16 +262,18 @@ int set_ibrs_enabled(unsigned int val) > { > int error = 0; > unsigned int cpu; > + unsigned int prev = ibrs_enabled; > > mutex_lock(&spec_ctrl_mutex); > > /* Only enable/disable IBRS if the CPU supports it */ > if (boot_cpu_has(X86_FEATURE_IBRS)) { > ibrs_enabled = val; > - pr_info("Spectre V2 : Spectre v2 mitigation: %s > Indirect " > - "Branch Restricted Speculation%s\n", > - ibrs_enabled ? "Enabling" : "Disabling", > - ibrs_enabled == 2 ? " (user space)" : ""); > + if (ibrs_enabled != prev) > + pr_info("Spectre V2 : Spectre v2 mitigation: > %s " > + "Indirect Branch Restricted > Speculation%s\n", > + ibrs_enabled ? "Enabling" : > "Disabling", > + ibrs_enabled == 2 ? " (user > space)" : ""); > if (ibrs_enabled == 0) { > /* Always disable IBRS */
On 2018-11-27 10:27:42, Juerg Haefliger wrote: > Only print the IBPB/IBRS state to the log if it actually changes. Otherwise > the log is polluted everytime the procfs file is read from. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked with the log message adjustment that I asked for in the earlier two patches. Acked-by: Tyler Hicks <tyhicks@canonical.com> Tyler
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 11c626dd1b1c..59fe90f934fb 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -213,15 +213,17 @@ static unsigned int __ibpb_enabled = 0; /* procfs shadow variable */ int set_ibpb_enabled(unsigned int val) { int error = 0; + unsigned int prev = ibpb_enabled; mutex_lock(&spec_ctrl_mutex); /* Only enable IBPB if the CPU supports it */ if (boot_cpu_has(X86_FEATURE_IBPB)) { ibpb_enabled = val; - pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect " - "Branch Prediction Barrier\n", - ibpb_enabled ? "Enabling" : "Disabling"); + if (ibpb_enabled != prev) + pr_info("Spectre V2 : Spectre v2 mitigation: %s " + "Indirect Branch Prediction Barrier\n", + ibpb_enabled ? "Enabling" : "Disabling"); } else { ibpb_enabled = 0; if (val) { @@ -260,16 +262,18 @@ int set_ibrs_enabled(unsigned int val) { int error = 0; unsigned int cpu; + unsigned int prev = ibrs_enabled; mutex_lock(&spec_ctrl_mutex); /* Only enable/disable IBRS if the CPU supports it */ if (boot_cpu_has(X86_FEATURE_IBRS)) { ibrs_enabled = val; - pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect " - "Branch Restricted Speculation%s\n", - ibrs_enabled ? "Enabling" : "Disabling", - ibrs_enabled == 2 ? " (user space)" : ""); + if (ibrs_enabled != prev) + pr_info("Spectre V2 : Spectre v2 mitigation: %s " + "Indirect Branch Restricted Speculation%s\n", + ibrs_enabled ? "Enabling" : "Disabling", + ibrs_enabled == 2 ? " (user space)" : ""); if (ibrs_enabled == 0) { /* Always disable IBRS */
Only print the IBPB/IBRS state to the log if it actually changes. Otherwise the log is polluted everytime the procfs file is read from. Signed-off-by: Juerg Haefliger <juergh@canonical.com> --- kernel/sysctl.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-)