[SRU][Trusty][PATCH] UBUNTU: SAUCE: x86/speculation: Only report IBPB/IBRS state changes
Juerg Haefliger
juerg.haefliger at canonical.com
Tue Nov 27 09:31:43 UTC 2018
This should be applied after the series. Sorry, it's missing the CVE
line :-(
...Juerg
On Tue, 27 Nov 2018 10:28:08 +0100
Juerg Haefliger <juerg.haefliger at canonical.com> wrote:
> Only print the IBPB/IBRS state to the log if it actually changes.
> Otherwise the log is polluted everytime the procfs file is read from.
CVE-2017-5715
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> ---
> kernel/sysctl.c | 18 +++++++++++-------
> 1 file changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 60e96b6e809d..a9380bfdc647 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -210,15 +210,17 @@ static unsigned int __ibpb_enabled = 0; /*
> procfs shadow variable */ int set_ibpb_enabled(unsigned int val)
> {
> int error = 0;
> + unsigned int prev = ibpb_enabled;
>
> mutex_lock(&spec_ctrl_mutex);
>
> /* Only enable IBPB if the CPU supports it */
> if (boot_cpu_has(X86_FEATURE_IBPB)) {
> ibpb_enabled = val;
> - pr_info("Spectre V2 : Spectre v2 mitigation: %s
> Indirect "
> - "Branch Prediction Barrier\n",
> - ibpb_enabled ? "Enabling" : "Disabling");
> + if (ibpb_enabled != prev)
> + pr_info("Spectre V2 : Spectre v2 mitigation:
> %s "
> + "Indirect Branch Prediction
> Barrier\n",
> + ibpb_enabled ? "Enabling" :
> "Disabling"); } else {
> ibpb_enabled = 0;
> if (val) {
> @@ -257,16 +259,18 @@ int set_ibrs_enabled(unsigned int val)
> {
> int error = 0;
> unsigned int cpu;
> + unsigned int prev = ibrs_enabled;
>
> mutex_lock(&spec_ctrl_mutex);
>
> /* Only enable/disable IBRS if the CPU supports it */
> if (boot_cpu_has(X86_FEATURE_IBRS)) {
> ibrs_enabled = val;
> - pr_info("Spectre V2 : Spectre v2 mitigation: %s
> Indirect "
> - "Branch Restricted Speculation%s\n",
> - ibrs_enabled ? "Enabling" : "Disabling",
> - ibrs_enabled == 2 ? " (user space)" : "");
> + if (ibrs_enabled != prev)
> + pr_info("Spectre V2 : Spectre v2 mitigation:
> %s "
> + "Indirect Branch Restricted
> Speculation%s\n",
> + ibrs_enabled ? "Enabling" :
> "Disabling",
> + ibrs_enabled == 2 ? " (user
> space)" : "");
> if (ibrs_enabled == 0) {
> /* Always disable IBRS */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181127/5fc38eee/attachment.sig>
More information about the kernel-team
mailing list