Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control"

CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit ff2699c9. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control"
CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit ff2699c9. Signed-off-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
1089af8d · Andy Whitcroft · Kleber Sacilotto de Souza · 6f3f333c · 1089af8d · 1089af8d
Commit 1089af8d authored Jan 31, 2018 by Andy Whitcroft Committed by Kleber Sacilotto de Souza Feb 05, 2018
4 changed files
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -529,18 +529,16 @@ static void init_intel(struct cpuinfo_x86 *c)

 	init_intel_energy_perf(c);

-	if (!c->cpu_index) {
-		if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
-			printk(KERN_INFO "FEATURE SPEC_CTRL Present\n");
-			set_ibrs_supported();
-			set_ibpb_supported();
-			if (ibrs_inuse)
-				sysctl_ibrs_enabled = 1;
-			if (ibpb_inuse)
-				sysctl_ibpb_enabled = 1;
-		} else {
-			printk(KERN_INFO "FEATURE SPEC_CTRL Not Present\n");
-		}
+	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
+                printk_once(KERN_INFO "FEATURE SPEC_CTRL Present\n");
+		set_ibrs_supported();
+		set_ibpb_supported();
+		if (ibrs_inuse)
+			sysctl_ibrs_enabled = 1;
+		if (ibpb_inuse)
+			sysctl_ibpb_enabled = 1;
+        } else {
+                printk_once(KERN_INFO "FEATURE SPEC_CTRL Not Present\n");
 	}
 }


--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -422,14 +422,12 @@ static ssize_t reload_store(struct device *dev,

 	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
 		printk_once(KERN_INFO "FEATURE SPEC_CTRL Present\n");
-		mutex_lock(&spec_ctrl_mutex);
 		set_ibrs_supported();
 		set_ibpb_supported();
 		if (ibrs_inuse)
 			sysctl_ibrs_enabled = 1;
 		if (ibpb_inuse)
 			sysctl_ibpb_enabled = 1;
-		mutex_unlock(&spec_ctrl_mutex);
 	}

 	mutex_unlock(&microcode_mutex);

--- a/kernel/smp.c
+++ b/kernel/smp.c
@@ -520,10 +520,6 @@ int use_ibpb;
 EXPORT_SYMBOL(use_ibpb);
 #endif

-/* mutex to serialize IBRS & IBPB control changes */
-DEFINE_MUTEX(spec_ctrl_mutex);
-EXPORT_SYMBOL(spec_ctrl_mutex);
-
 /*
 * Setup routine for controlling SMP activation
 *

--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -69,7 +69,6 @@
 #include <linux/mount.h>

 #include <asm/uaccess.h>
-#include <linux/mutex.h>
 #include <asm/processor.h>

 #ifdef CONFIG_X86
@@ -2425,17 +2424,12 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
 int proc_dointvec_ibrs_dump(struct ctl_table *table, int write,
 	void __user *buffer, size_t *lenp, loff_t *ppos)
 {
-	int ret, orig_inuse;
+	int ret;
 	unsigned int cpu;

-
 	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
 	printk("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled);
 	printk("use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
-	mutex_lock(&spec_ctrl_mutex);
-	orig_inuse = use_ibrs;
-	/* temporary halt to ibrs usage to dump ibrs values */
-	clear_ibrs_inuse();
 	for_each_online_cpu(cpu) {
 	       u64 val;

@@ -2445,8 +2439,6 @@ int proc_dointvec_ibrs_dump(struct ctl_table *table, int write,
 		       val = 0;
 	       printk("read cpu %d ibrs val %lu\n", cpu, (unsigned long) val);
 	}
-	use_ibrs = orig_inuse;
-	mutex_unlock(&spec_ctrl_mutex);
 	return ret;
 }

@@ -2459,7 +2451,6 @@ int proc_dointvec_ibrs_ctrl(struct ctl_table *table, int write,
 	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
 	pr_debug("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled);
 	pr_debug("before:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
-	mutex_lock(&spec_ctrl_mutex);
 	if (sysctl_ibrs_enabled == 0) {
 		/* always set IBRS off */
 		set_ibrs_disabled();
@@ -2483,7 +2474,6 @@ int proc_dointvec_ibrs_ctrl(struct ctl_table *table, int write,
 			/* platform don't support ibrs */
 			sysctl_ibrs_enabled = 0;
 	}
-	mutex_unlock(&spec_ctrl_mutex);
 	pr_debug("after:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
 	return ret;
 }
@@ -2496,7 +2486,6 @@ int proc_dointvec_ibpb_ctrl(struct ctl_table *table, int write,
 	ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
 	pr_debug("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled);
 	pr_debug("before:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
-	mutex_lock(&spec_ctrl_mutex);
 	if (sysctl_ibpb_enabled == 0)
 		set_ibpb_disabled();
 	else if (sysctl_ibpb_enabled == 1) {
@@ -2505,7 +2494,6 @@ int proc_dointvec_ibpb_ctrl(struct ctl_table *table, int write,
 			/* platform don't support ibpb */
 			sysctl_ibpb_enabled = 0;
 	}
-	mutex_unlock(&spec_ctrl_mutex);
 	pr_debug("after:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
 	return ret;
 }