Message ID | 20181213132102.23677-5-juergh@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Xenial,1/3] UBUNTU: SAUCE: x86/speculation: Cleanup IBPB runtime control handling | expand |
On 13.12.18 14:21, Juerg Haefliger wrote: > Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to > match upstream. No functional changes. > > CVE-2017-5715 > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- Reading in todays light its exactly what I had thought. The comment is about the code doing some RSB_CTXSW which appears in the diff as something that does not move, but taking the code before and add it further down practically moves that other code further up. So looks okay. > arch/x86/kernel/cpu/bugs.c | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 7a9940015af5..15867c20ed1c 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -410,16 +410,6 @@ specv2_set_mode: > spectre_v2_enabled = mode; > pr_info("%s\n", spectre_v2_strings[mode]); > > - /* > - * Initialize Indirect Branch Prediction Barrier if supported and not > - * disabled on the commandline > - */ > - if (boot_cpu_has(X86_FEATURE_IBPB)) { > - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); > - if (!noibpb) > - set_ibpb_enabled(1); /* Enable IBPB */ > - } > - > /* > * If spectre v2 protection has been enabled, unconditionally fill > * RSB during a context switch; this protects against two independent > @@ -431,6 +421,16 @@ specv2_set_mode: > setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); > pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); > > + /* > + * Initialize Indirect Branch Prediction Barrier if supported and not > + * disabled on the commandline > + */ > + if (boot_cpu_has(X86_FEATURE_IBPB)) { > + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); > + if (!noibpb) > + set_ibpb_enabled(1); /* Enable IBPB */ > + } > + > /* > * Retpoline means the kernel is safe because it has no indirect > * branches. Enhanced IBRS protects firmware too, so, enable restricted >
On 12/13/18 2:21 PM, Juerg Haefliger wrote: > Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to > match upstream. No functional changes. > > CVE-2017-5715 > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > --- > arch/x86/kernel/cpu/bugs.c | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 7a9940015af5..15867c20ed1c 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -410,16 +410,6 @@ specv2_set_mode: > spectre_v2_enabled = mode; > pr_info("%s\n", spectre_v2_strings[mode]); > > - /* > - * Initialize Indirect Branch Prediction Barrier if supported and not > - * disabled on the commandline > - */ > - if (boot_cpu_has(X86_FEATURE_IBPB)) { > - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); > - if (!noibpb) > - set_ibpb_enabled(1); /* Enable IBPB */ > - } > - > /* > * If spectre v2 protection has been enabled, unconditionally fill > * RSB during a context switch; this protects against two independent > @@ -431,6 +421,16 @@ specv2_set_mode: > setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); > pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); > > + /* > + * Initialize Indirect Branch Prediction Barrier if supported and not > + * disabled on the commandline > + */ > + if (boot_cpu_has(X86_FEATURE_IBPB)) { > + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); > + if (!noibpb) > + set_ibpb_enabled(1); /* Enable IBPB */ > + } > + > /* > * Retpoline means the kernel is safe because it has no indirect > * branches. Enhanced IBRS protects firmware too, so, enable restricted
On 12/13/18 2:21 PM, Juerg Haefliger wrote: > Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to > match upstream. No functional changes. > > CVE-2017-5715 > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > arch/x86/kernel/cpu/bugs.c | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 7a9940015af5..15867c20ed1c 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -410,16 +410,6 @@ specv2_set_mode: > spectre_v2_enabled = mode; > pr_info("%s\n", spectre_v2_strings[mode]); > > - /* > - * Initialize Indirect Branch Prediction Barrier if supported and not > - * disabled on the commandline > - */ > - if (boot_cpu_has(X86_FEATURE_IBPB)) { > - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); > - if (!noibpb) > - set_ibpb_enabled(1); /* Enable IBPB */ > - } > - > /* > * If spectre v2 protection has been enabled, unconditionally fill > * RSB during a context switch; this protects against two independent > @@ -431,6 +421,16 @@ specv2_set_mode: > setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); > pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); > > + /* > + * Initialize Indirect Branch Prediction Barrier if supported and not > + * disabled on the commandline > + */ > + if (boot_cpu_has(X86_FEATURE_IBPB)) { > + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); > + if (!noibpb) > + set_ibpb_enabled(1); /* Enable IBPB */ > + } > + > /* > * Retpoline means the kernel is safe because it has no indirect > * branches. Enhanced IBRS protects firmware too, so, enable restricted Applied to xenial/master-next branch. Thanks, Kleber
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 7a9940015af5..15867c20ed1c 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -410,16 +410,6 @@ specv2_set_mode: spectre_v2_enabled = mode; pr_info("%s\n", spectre_v2_strings[mode]); - /* - * Initialize Indirect Branch Prediction Barrier if supported and not - * disabled on the commandline - */ - if (boot_cpu_has(X86_FEATURE_IBPB)) { - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); - if (!noibpb) - set_ibpb_enabled(1); /* Enable IBPB */ - } - /* * If spectre v2 protection has been enabled, unconditionally fill * RSB during a context switch; this protects against two independent @@ -431,6 +421,16 @@ specv2_set_mode: setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); + /* + * Initialize Indirect Branch Prediction Barrier if supported and not + * disabled on the commandline + */ + if (boot_cpu_has(X86_FEATURE_IBPB)) { + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); + if (!noibpb) + set_ibpb_enabled(1); /* Enable IBPB */ + } + /* * Retpoline means the kernel is safe because it has no indirect * branches. Enhanced IBRS protects firmware too, so, enable restricted
Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to match upstream. No functional changes. CVE-2017-5715 Signed-off-by: Juerg Haefliger <juergh@canonical.com> --- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-)