]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commitdiff
projects / mirror_ubuntu-bionic-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2daa53e)
x86/speculation: Disable STIBP when enhanced IBRS is in use
authorTim Chen <tim.c.chen@linux.intel.com>
Sun, 25 Nov 2018 18:33:33 +0000 (19:33 +0100)
committerStefan Bader <stefan.bader@canonical.com>
Mon, 1 Apr 2019 12:37:29 +0000 (14:37 +0200)
If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2
user space exploits from hyperthread sibling.

Disable STIBP when enhanced IBRS is used.

Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Casey Schaufler <casey.schaufler@intel.com>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Waiman Long <longman9394@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Stewart <david.c.stewart@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20181125185003.966801480@linutronix.de
CVE-2017-5715

(cherry picked from commit 34bce7c9690b1d897686aac89604ba7adc365556)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
arch/x86/kernel/cpu/bugs.c patch | blob | blame | history

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index b9d278730fbe24aeeff0ac0477d2a4134baef672..feaf50c33001cd6db63d2aa9838e18fece98a387 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -319,6 +319,10 @@ static bool stibp_needed(void)
        if (spectre_v2_enabled == SPECTRE_V2_NONE)
                return false;
 
+       /* Enhanced IBRS makes using STIBP unnecessary. */
+       if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+               return false;
+
        if (!boot_cpu_has(X86_FEATURE_STIBP))
                return false;
 
@@ -840,6 +844,9 @@ static ssize_t l1tf_show_state(char *buf)
 
 static char *stibp_state(void)
 {
+       if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+               return "";
+
        if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
                return ", STIBP";
        else
ubuntu-bionic-kernel mirror