x86/speculation/mds: Add mitigation control for MDS

[mirror_ubuntu-bionic-kernel.git] / init / main.c

diff --git a/init/main.c b/init/main.c
index b8b121c17ff11869abed927b1965f0ff6621e7e6..86189df2f34ad163bae6dbb66e8b2aa8ac996b05 100644 (file)
--- a/init/main.c
+++ b/init/main.c
@@ -980,6 +980,13 @@ __setup("rodata=", set_debug_rodata);
 static void mark_readonly(void)
 {
        if (rodata_enabled) {
+               /*
+                * load_module() results in W+X mappings, which are cleaned up
+                * with call_rcu_sched().  Let's make sure that queued work is
+                * flushed so that we don't hit false positives looking for
+                * insecure pages which are W+X.
+                */
+               rcu_barrier_sched();
                mark_rodata_ro();
                rodata_test();
        } else
@@ -1002,6 +1009,13 @@ static int __ref kernel_init(void *unused)
        ftrace_free_init_mem();
        free_initmem();
        mark_readonly();
+
+       /*
+        * Kernel mappings are now finalized - update the userspace page-table
+        * to finalize PTI.
+        */
+       pti_finalize();
+
        system_state = SYSTEM_RUNNING;
        numa_default_policy();