x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup

CVE-2017-5715 (Spectre v2 Intel)

Clear IBRS when cpu is offlined and set it when brining it back online.
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
(cherry picked from commit ca09185cd600fc8e43a9bb5ddec61103039930b3)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

arch/x86/kernel/smpboot.c

@@ -75,6 +75,7 @@
 #include <asm/i8259.h>
 #include <asm/realmode.h>
 #include <asm/misc.h>
+#include <asm/microcode.h>
 
 /* Number of siblings per CPU package */
 int smp_num_siblings = 1;
@@ -1656,9 +1657,15 @@ void native_play_dead(void)
 	play_dead_common();
 	tboot_shutdown(TB_SHUTDOWN_WFS);
 
+	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
+		native_wrmsrl(MSR_IA32_SPEC_CTRL, 0);
+
 	mwait_play_dead();	/* Only returns on failure */
 	if (cpuidle_play_dead())
 		hlt_play_dead();
+
+	if (boot_cpu_has(X86_FEATURE_SPEC_CTRL))
+		native_wrmsrl(MSR_IA32_SPEC_CTRL, FEATURE_ENABLE_IBRS);
 }
 
 #else /* ... !CONFIG_HOTPLUG_CPU */