Commit 6d2501cf authored by Juerg Haefliger's avatar Juerg Haefliger Committed by Kleber Sacilotto de Souza

UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk

Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to
match upstream. No functional changes.

CVE-2017-5715
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 50deeb53
...@@ -410,16 +410,6 @@ static void __init spectre_v2_select_mitigation(void) ...@@ -410,16 +410,6 @@ static void __init spectre_v2_select_mitigation(void)
spectre_v2_enabled = mode; spectre_v2_enabled = mode;
pr_info("%s\n", spectre_v2_strings[mode]); pr_info("%s\n", spectre_v2_strings[mode]);
/*
* Initialize Indirect Branch Prediction Barrier if supported and not
* disabled on the commandline
*/
if (boot_cpu_has(X86_FEATURE_IBPB)) {
setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
if (!noibpb)
set_ibpb_enabled(1); /* Enable IBPB */
}
/* /*
* If spectre v2 protection has been enabled, unconditionally fill * If spectre v2 protection has been enabled, unconditionally fill
* RSB during a context switch; this protects against two independent * RSB during a context switch; this protects against two independent
...@@ -431,6 +421,16 @@ static void __init spectre_v2_select_mitigation(void) ...@@ -431,6 +421,16 @@ static void __init spectre_v2_select_mitigation(void)
setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
/*
* Initialize Indirect Branch Prediction Barrier if supported and not
* disabled on the commandline
*/
if (boot_cpu_has(X86_FEATURE_IBPB)) {
setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
if (!noibpb)
set_ibpb_enabled(1); /* Enable IBPB */
}
/* /*
* Retpoline means the kernel is safe because it has no indirect * Retpoline means the kernel is safe because it has no indirect
* branches. Enhanced IBRS protects firmware too, so, enable restricted * branches. Enhanced IBRS protects firmware too, so, enable restricted
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment