Commit 1089af8d authored by Andy Whitcroft's avatar Andy Whitcroft Committed by Kleber Sacilotto de Souza

Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control"

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit ff2699c9.
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 6f3f333c
...@@ -529,9 +529,8 @@ static void init_intel(struct cpuinfo_x86 *c) ...@@ -529,9 +529,8 @@ static void init_intel(struct cpuinfo_x86 *c)
init_intel_energy_perf(c); init_intel_energy_perf(c);
if (!c->cpu_index) {
if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) { if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
printk(KERN_INFO "FEATURE SPEC_CTRL Present\n"); printk_once(KERN_INFO "FEATURE SPEC_CTRL Present\n");
set_ibrs_supported(); set_ibrs_supported();
set_ibpb_supported(); set_ibpb_supported();
if (ibrs_inuse) if (ibrs_inuse)
...@@ -539,8 +538,7 @@ static void init_intel(struct cpuinfo_x86 *c) ...@@ -539,8 +538,7 @@ static void init_intel(struct cpuinfo_x86 *c)
if (ibpb_inuse) if (ibpb_inuse)
sysctl_ibpb_enabled = 1; sysctl_ibpb_enabled = 1;
} else { } else {
printk(KERN_INFO "FEATURE SPEC_CTRL Not Present\n"); printk_once(KERN_INFO "FEATURE SPEC_CTRL Not Present\n");
}
} }
} }
......
...@@ -422,14 +422,12 @@ static ssize_t reload_store(struct device *dev, ...@@ -422,14 +422,12 @@ static ssize_t reload_store(struct device *dev,
if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) { if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) {
printk_once(KERN_INFO "FEATURE SPEC_CTRL Present\n"); printk_once(KERN_INFO "FEATURE SPEC_CTRL Present\n");
mutex_lock(&spec_ctrl_mutex);
set_ibrs_supported(); set_ibrs_supported();
set_ibpb_supported(); set_ibpb_supported();
if (ibrs_inuse) if (ibrs_inuse)
sysctl_ibrs_enabled = 1; sysctl_ibrs_enabled = 1;
if (ibpb_inuse) if (ibpb_inuse)
sysctl_ibpb_enabled = 1; sysctl_ibpb_enabled = 1;
mutex_unlock(&spec_ctrl_mutex);
} }
mutex_unlock(&microcode_mutex); mutex_unlock(&microcode_mutex);
......
...@@ -520,10 +520,6 @@ int use_ibpb; ...@@ -520,10 +520,6 @@ int use_ibpb;
EXPORT_SYMBOL(use_ibpb); EXPORT_SYMBOL(use_ibpb);
#endif #endif
/* mutex to serialize IBRS & IBPB control changes */
DEFINE_MUTEX(spec_ctrl_mutex);
EXPORT_SYMBOL(spec_ctrl_mutex);
/* /*
* Setup routine for controlling SMP activation * Setup routine for controlling SMP activation
* *
......
...@@ -69,7 +69,6 @@ ...@@ -69,7 +69,6 @@
#include <linux/mount.h> #include <linux/mount.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
#include <linux/mutex.h>
#include <asm/processor.h> #include <asm/processor.h>
#ifdef CONFIG_X86 #ifdef CONFIG_X86
...@@ -2425,17 +2424,12 @@ int proc_dointvec_minmax(struct ctl_table *table, int write, ...@@ -2425,17 +2424,12 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
int proc_dointvec_ibrs_dump(struct ctl_table *table, int write, int proc_dointvec_ibrs_dump(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos) void __user *buffer, size_t *lenp, loff_t *ppos)
{ {
int ret, orig_inuse; int ret;
unsigned int cpu; unsigned int cpu;
ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
printk("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled); printk("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled);
printk("use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb); printk("use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
mutex_lock(&spec_ctrl_mutex);
orig_inuse = use_ibrs;
/* temporary halt to ibrs usage to dump ibrs values */
clear_ibrs_inuse();
for_each_online_cpu(cpu) { for_each_online_cpu(cpu) {
u64 val; u64 val;
...@@ -2445,8 +2439,6 @@ int proc_dointvec_ibrs_dump(struct ctl_table *table, int write, ...@@ -2445,8 +2439,6 @@ int proc_dointvec_ibrs_dump(struct ctl_table *table, int write,
val = 0; val = 0;
printk("read cpu %d ibrs val %lu\n", cpu, (unsigned long) val); printk("read cpu %d ibrs val %lu\n", cpu, (unsigned long) val);
} }
use_ibrs = orig_inuse;
mutex_unlock(&spec_ctrl_mutex);
return ret; return ret;
} }
...@@ -2459,7 +2451,6 @@ int proc_dointvec_ibrs_ctrl(struct ctl_table *table, int write, ...@@ -2459,7 +2451,6 @@ int proc_dointvec_ibrs_ctrl(struct ctl_table *table, int write,
ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
pr_debug("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled); pr_debug("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled);
pr_debug("before:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb); pr_debug("before:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
mutex_lock(&spec_ctrl_mutex);
if (sysctl_ibrs_enabled == 0) { if (sysctl_ibrs_enabled == 0) {
/* always set IBRS off */ /* always set IBRS off */
set_ibrs_disabled(); set_ibrs_disabled();
...@@ -2483,7 +2474,6 @@ int proc_dointvec_ibrs_ctrl(struct ctl_table *table, int write, ...@@ -2483,7 +2474,6 @@ int proc_dointvec_ibrs_ctrl(struct ctl_table *table, int write,
/* platform don't support ibrs */ /* platform don't support ibrs */
sysctl_ibrs_enabled = 0; sysctl_ibrs_enabled = 0;
} }
mutex_unlock(&spec_ctrl_mutex);
pr_debug("after:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb); pr_debug("after:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
return ret; return ret;
} }
...@@ -2496,7 +2486,6 @@ int proc_dointvec_ibpb_ctrl(struct ctl_table *table, int write, ...@@ -2496,7 +2486,6 @@ int proc_dointvec_ibpb_ctrl(struct ctl_table *table, int write,
ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
pr_debug("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled); pr_debug("sysctl_ibrs_enabled = %u, sysctl_ibpb_enabled = %u\n", sysctl_ibrs_enabled, sysctl_ibpb_enabled);
pr_debug("before:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb); pr_debug("before:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
mutex_lock(&spec_ctrl_mutex);
if (sysctl_ibpb_enabled == 0) if (sysctl_ibpb_enabled == 0)
set_ibpb_disabled(); set_ibpb_disabled();
else if (sysctl_ibpb_enabled == 1) { else if (sysctl_ibpb_enabled == 1) {
...@@ -2505,7 +2494,6 @@ int proc_dointvec_ibpb_ctrl(struct ctl_table *table, int write, ...@@ -2505,7 +2494,6 @@ int proc_dointvec_ibpb_ctrl(struct ctl_table *table, int write,
/* platform don't support ibpb */ /* platform don't support ibpb */
sysctl_ibpb_enabled = 0; sysctl_ibpb_enabled = 0;
} }
mutex_unlock(&spec_ctrl_mutex);
pr_debug("after:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb); pr_debug("after:use_ibrs = %d, use_ibpb = %d\n", use_ibrs, use_ibpb);
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment