[SRU][Xenial][PATCH v2 4/4] UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk

[Juerg Haefliger]

Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to
match upstream. No functional changes.

CVE-2017-5715

Signed-off-by: Juerg Haefliger <juergh at canonical.com>
---
 arch/x86/kernel/cpu/bugs.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 7a9940015af5..15867c20ed1c 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -410,16 +410,6 @@ specv2_set_mode:
 	spectre_v2_enabled = mode;
 	pr_info("%s\n", spectre_v2_strings[mode]);
 
-	/*
-	 * Initialize Indirect Branch Prediction Barrier if supported and not
-	 * disabled on the commandline
-	 */
-	if (boot_cpu_has(X86_FEATURE_IBPB)) {
-		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
-		if (!noibpb)
-			set_ibpb_enabled(1);   /* Enable IBPB */
-	}
-
 	/*
 	 * If spectre v2 protection has been enabled, unconditionally fill
 	 * RSB during a context switch; this protects against two independent
@@ -431,6 +421,16 @@ specv2_set_mode:
 	setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
 	pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
 
+	/*
+	 * Initialize Indirect Branch Prediction Barrier if supported and not
+	 * disabled on the commandline
+	 */
+	if (boot_cpu_has(X86_FEATURE_IBPB)) {
+		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
+		if (!noibpb)
+			set_ibpb_enabled(1);   /* Enable IBPB */
+	}
+
 	/*
 	 * Retpoline means the kernel is safe because it has no indirect
 	 * branches. Enhanced IBRS protects firmware too, so, enable restricted
-- 
2.19.1