• Tim Chen's avatar
    x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature · 5e7fa023
    Tim Chen authored
    CVE-2017-5753
    CVE-2017-5715
    
    There are 2 ways to control IBPB and IBRS
    
    1. At boot time
    	noibrs kernel boot parameter will disable IBRS usage
    	noibpb kernel boot parameter will disable IBPB usage
    Otherwise if the above parameters are not specified, the system
    will enable ibrs and ibpb usage if the cpu supports it.
    
    2. At run time
    	echo 0 > /proc/sys/kernel/ibrs_enabled will turn off IBRS
    	echo 1 > /proc/sys/kernel/ibrs_enabled will turn on IBRS in kernel
    	echo 2 > /proc/sys/kernel/ibrs_enabled will turn on IBRS in both userspace and kernel
    Signed-off-by: default avatarTim Chen <tim.c.chen@linux.intel.com>
    Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
    (backported from commit 50169d8fada2532084c9f8ccde51c6c9211603d5)
    Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
    5e7fa023
process.c 13.4 KB