diff options
Diffstat (limited to 'arch/x86/kernel/cpu/bugs.c')
| -rw-r--r-- | arch/x86/kernel/cpu/bugs.c | 46 | 
1 files changed, 22 insertions, 24 deletions
| diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 71949bf2de5a..bfca937bdcc3 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -162,8 +162,7 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)  	if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))  		return SPECTRE_V2_CMD_NONE;  	else { -		ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, -					  sizeof(arg)); +		ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));  		if (ret < 0)  			return SPECTRE_V2_CMD_AUTO; @@ -175,8 +174,7 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)  		}  		if (i >= ARRAY_SIZE(mitigation_options)) { -			pr_err("unknown option (%s). Switching to AUTO select\n", -			       mitigation_options[i].option); +			pr_err("unknown option (%s). Switching to AUTO select\n", arg);  			return SPECTRE_V2_CMD_AUTO;  		}  	} @@ -185,8 +183,7 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)  	     cmd == SPECTRE_V2_CMD_RETPOLINE_AMD ||  	     cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) &&  	    !IS_ENABLED(CONFIG_RETPOLINE)) { -		pr_err("%s selected but not compiled in. Switching to AUTO select\n", -		       mitigation_options[i].option); +		pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option);  		return SPECTRE_V2_CMD_AUTO;  	} @@ -256,14 +253,14 @@ static void __init spectre_v2_select_mitigation(void)  			goto retpoline_auto;  		break;  	} -	pr_err("kernel not compiled with retpoline; no mitigation available!"); +	pr_err("Spectre mitigation: kernel not compiled with retpoline; no mitigation available!");  	return;  retpoline_auto:  	if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) {  	retpoline_amd:  		if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) { -			pr_err("LFENCE not serializing. Switching to generic retpoline\n"); +			pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n");  			goto retpoline_generic;  		}  		mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : @@ -281,7 +278,7 @@ retpoline_auto:  	pr_info("%s\n", spectre_v2_strings[mode]);  	/* -	 * If neither SMEP or KPTI are available, there is a risk of +	 * If neither SMEP nor PTI are available, there is a risk of  	 * hitting userspace addresses in the RSB after a context switch  	 * from a shallow call stack to a deeper one. To prevent this fill  	 * the entire RSB, even when using IBRS. @@ -295,21 +292,29 @@ retpoline_auto:  	if ((!boot_cpu_has(X86_FEATURE_PTI) &&  	     !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) {  		setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); -		pr_info("Filling RSB on context switch\n"); +		pr_info("Spectre v2 mitigation: Filling RSB on context switch\n");  	}  	/* Initialize Indirect Branch Prediction Barrier if supported */  	if (boot_cpu_has(X86_FEATURE_IBPB)) {  		setup_force_cpu_cap(X86_FEATURE_USE_IBPB); -		pr_info("Enabling Indirect Branch Prediction Barrier\n"); +		pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); +	} + +	/* +	 * Retpoline means the kernel is safe because it has no indirect +	 * branches. But firmware isn't, so use IBRS to protect that. +	 */ +	if (boot_cpu_has(X86_FEATURE_IBRS)) { +		setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); +		pr_info("Enabling Restricted Speculation for firmware calls\n");  	}  }  #undef pr_fmt  #ifdef CONFIG_SYSFS -ssize_t cpu_show_meltdown(struct device *dev, -			  struct device_attribute *attr, char *buf) +ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)  {  	if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))  		return sprintf(buf, "Not affected\n"); @@ -318,28 +323,21 @@ ssize_t cpu_show_meltdown(struct device *dev,  	return sprintf(buf, "Vulnerable\n");  } -ssize_t cpu_show_spectre_v1(struct device *dev, -			    struct device_attribute *attr, char *buf) +ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)  {  	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))  		return sprintf(buf, "Not affected\n");  	return sprintf(buf, "Mitigation: __user pointer sanitization\n");  } -ssize_t cpu_show_spectre_v2(struct device *dev, -			    struct device_attribute *attr, char *buf) +ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)  {  	if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))  		return sprintf(buf, "Not affected\n"); -	return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], +	return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],  		       boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", +		       boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",  		       spectre_v2_module_string());  }  #endif - -void __ibp_barrier(void) -{ -	__wrmsr(MSR_IA32_PRED_CMD, PRED_CMD_IBPB, 0); -} -EXPORT_SYMBOL_GPL(__ibp_barrier); | 
