x86/microcode: Extend post microcode reload to support IBPB feature

CVE-2017-5753 CVE-2017-5715 Add an IBPB feature check to the speculative control update check after a microcode reload. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 073bee2caa42ddde1134cb87c955b4cad7b7d38b) Signed-off-by: Andy Whitcroft <apw@canonical.com>

x86/microcode: Extend post microcode reload to support IBPB feature
CVE-2017-5753 CVE-2017-5715 Add an IBPB feature check to the speculative control update check after a microcode reload. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> (backported from commit 073bee2caa42ddde1134cb87c955b4cad7b7d38b) Signed-off-by: Andy Whitcroft <apw@canonical.com>
88b00371 · Tom Lendacky · Marcelo Henrique Cerri · 0c42069d · 88b00371
Commit 88b00371 authored Dec 20, 2017 by Tom Lendacky Committed by Marcelo Henrique Cerri Jan 12, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

arch/x86/kernel/cpu/microcode/core.c arch/x86/kernel/cpu/microcode/core.c +8 -1

No files found.
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -430,6 +430,13 @@ static ssize_t reload_store(struct device *dev,
 		if (ibpb_inuse)
 			sysctl_ibpb_enabled = 1;
 		mutex_unlock(&spec_ctrl_mutex);
+	} else if (boot_cpu_has(X86_FEATURE_IBPB)) {
+		printk_once(KERN_INFO "FEATURE IBPB Present\n");
+		mutex_lock(&spec_ctrl_mutex);
+		set_ibpb_supported();
+		if (ibpb_inuse)
+			sysctl_ibpb_enabled = 1;
+		mutex_unlock(&spec_ctrl_mutex);
 	}

 	mutex_unlock(&microcode_mutex);
@@ -711,4 +718,4 @@ int __init microcode_init(void)
 	return error;

 }
-late_initcall(microcode_init);
+fs_initcall(save_microcode_in_initrd);