UBUNTU: SAUCE: turn off IBRS when full retpoline is present

CVE-2017-5715 (Spectre v2 Intel)

When we have full retpoline enabled then we do not actually need to toggle
IBRS on entering and leaving the kernel.
Signed-off-by: Andy Whitcroft <apw@canonical.com>

arch/x86/kernel/cpu/bugs.c

@@ -10,6 +10,7 @@
 #include <linux/init.h>
 #include <linux/utsname.h>
 #include <linux/cpu.h>
+#include <linux/smp.h>
 
 #include <asm/nospec-branch.h>
 #include <asm/cmdline.h>
@@ -212,6 +213,25 @@ static void __init spectre_v2_select_mitigation(void)
 
 	spectre_v2_enabled = mode;
 	pr_info("%s\n", spectre_v2_strings[mode]);
+
+	pr_info("Speculation control IBPB %s IBRS %s",
+	        ibpb_supported ? "supported" : "not-supported",
+	        ibrs_supported ? "supported" : "not-supported");
+
+	/*
+	 * If we have a full retpoline mode and then disable IBPB in kernel mode
+	 * we do not require both.
+	 */
+	if (mode == SPECTRE_V2_RETPOLINE_AMD ||
+	    mode == SPECTRE_V2_RETPOLINE_GENERIC)
+	{
+		if (ibrs_supported) {
+			pr_info("Retpoline compiled kernel.  Defaulting IBRS to disabled");
+			set_ibrs_disabled();
+			if (!ibrs_inuse)
+				sysctl_ibrs_enabled = 0;
+		}
+	}
 }
 
 #undef pr_fmt
@@ -249,6 +269,7 @@ ssize_t cpu_show_spectre_v2(struct device *dev,
 	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
 		return sprintf(buf, "Not affected\n");
 
-	return sprintf(buf, "%s\n", spectre_v2_strings[spectre_v2_enabled]);
+	return sprintf(buf, "%s%s\n", spectre_v2_strings[spectre_v2_enabled],
+		       ibpb_inuse ? ", IBPB (Intel v4)" : "");
 }
 #endif