Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"

CVE-2017-5715 (Spectre v2 Intel) This reverts commit d31a04f8. Signed-off-by: Andy Whitcroft <apw@canonical.com>

Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
CVE-2017-5715 (Spectre v2 Intel) This reverts commit d31a04f8. Signed-off-by: Andy Whitcroft <apw@canonical.com>
238ae398 · Andy Whitcroft · 41f4a476 · 238ae398 · 238ae398
Commit 238ae398 authored Feb 11, 2018 by Andy Whitcroft
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 35 deletions

arch/x86/kernel/cpu/bugs.c arch/x86/kernel/cpu/bugs.c +1 -13

include/linux/smp.h include/linux/smp.h +13 -22

No files found.
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -212,17 +212,6 @@ static void __init spectre_v2_select_mitigation(void)

 	spectre_v2_enabled = mode;
 	pr_info("%s\n", spectre_v2_strings[mode]);
-
-	/*
-	 * If we have a full retpoline mode and then disable IBPB in kernel mode
-	 * we do not require both.
-	 */
-	if (mode == SPECTRE_V2_RETPOLINE_AMD ||
-	    mode == SPECTRE_V2_RETPOLINE_GENERIC)
-	{
-		pr_info("Retpoline compiled kernel disabling IBPB in kernel");
-		set_ibpb_retpoline_enabled();
-	}
 }

 #undef pr_fmt
@@ -260,7 +249,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev,
 	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
 		return sprintf(buf, "Not affected\n");

-	return sprintf(buf, "%s%s\n", spectre_v2_strings[spectre_v2_enabled],
-		       ibpb_enabled_user ? ", IBPB (Intel v4)" : "");
+	return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]);
 }
 #endif
--- a/include/linux/smp.h
+++ b/include/linux/smp.h
@@ -97,26 +97,20 @@ static inline void clear_ibrs_disabled(void)
 /* indicate usage of IBPB to control execution speculation */
 extern int use_ibpb;
 extern u32 sysctl_ibpb_enabled;
-/*      ibpb_enabled_kernel	(use_ibpb & 0x1) */
 #define ibpb_supported		(use_ibpb & 0x2)
 #define ibpb_disabled		(use_ibpb & 0x4)
-#define ibpb_retpoline_enabled  (use_ibpb & 0x8)
-#define ibpb_enabled_user	(use_ibpb & 0x10)
-static inline void sync_ibpb_inuse(void)
+static inline void set_ibpb_inuse(void)
 {
-	if (ibpb_supported && !ibpb_disabled) {
-		use_ibpb |= 0x10; /* Enable flushing on context/VM switch. */
-		if (!ibpb_retpoline_enabled)
-			use_ibpb |= 0x1; /* Enable for kernel proper (entry). */
-		else
-			use_ibpb &= ~0x1;
-	} else {
-		use_ibpb &= ~(0x10|0x1);
-	}
+	if (ibpb_supported)
+		use_ibpb |= 0x1;
+}
+static inline void clear_ibpb_inuse(void)
+{
+	use_ibpb &= ~0x1;
 }
 static inline int check_ibpb_inuse(void)
 {
-	if (use_ibpb & 0x10)
+	if (use_ibpb & 0x1)
 		return 1;
 	else
 		/* rmb to prevent wrong speculation for security */
@@ -126,22 +120,19 @@ static inline int check_ibpb_inuse(void)
 static inline void set_ibpb_supported(void)
 {
 	use_ibpb |= 0x2;
-	sync_ibpb_inuse();
+	if (!ibpb_disabled)
+		set_ibpb_inuse();
 }
 static inline void set_ibpb_disabled(void)
 {
 	use_ibpb |= 0x4;
-	sync_ibpb_inuse();
+	if (check_ibpb_inuse())
+		clear_ibpb_inuse();
 }
 static inline void clear_ibpb_disabled(void)
 {
 	use_ibpb &= ~0x4;
-	sync_ibpb_inuse();
-}
-static inline void set_ibpb_retpoline_enabled(void)
-{
-	use_ibpb |= 0x8;
-	sync_ibpb_inuse();
+	set_ibpb_inuse();
 }
 #define ibpb_inuse		(check_ibpb_inuse())
 #endif