[SRU][Trusty][PATCH] UBUNTU: SAUCE: x86/speculation: Only report IBPB/IBRS state changes

Juerg Haefliger juerg.haefliger at canonical.com
Tue Nov 27 09:31:43 UTC 2018 

This should be applied after the series. Sorry, it's missing the CVE
line :-(

...Juerg

On Tue, 27 Nov 2018 10:28:08 +0100
Juerg Haefliger <juerg.haefliger at canonical.com> wrote:

> Only print the IBPB/IBRS state to the log if it actually changes.
> Otherwise the log is polluted everytime the procfs file is read from.

CVE-2017-5715
 
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> ---
>  kernel/sysctl.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)
> 
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 60e96b6e809d..a9380bfdc647 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -210,15 +210,17 @@ static unsigned int __ibpb_enabled = 0;   /*
> procfs shadow variable */ int set_ibpb_enabled(unsigned int val)
>  {
>  	int error = 0;
> +	unsigned int prev = ibpb_enabled;
>  
>  	mutex_lock(&spec_ctrl_mutex);
>  
>  	/* Only enable IBPB if the CPU supports it */
>  	if (boot_cpu_has(X86_FEATURE_IBPB)) {
>  		ibpb_enabled = val;
> -		pr_info("Spectre V2 : Spectre v2 mitigation: %s
> Indirect "
> -			"Branch Prediction Barrier\n",
> -			ibpb_enabled ? "Enabling" : "Disabling");
> +		if (ibpb_enabled != prev)
> +			pr_info("Spectre V2 : Spectre v2 mitigation:
> %s "
> +				"Indirect Branch Prediction
> Barrier\n",
> +				ibpb_enabled ? "Enabling" :
> "Disabling"); } else {
>  		ibpb_enabled = 0;
>  		if (val) {
> @@ -257,16 +259,18 @@ int set_ibrs_enabled(unsigned int val)
>  {
>  	int error = 0;
>  	unsigned int cpu;
> +	unsigned int prev = ibrs_enabled;
>  
>  	mutex_lock(&spec_ctrl_mutex);
>  
>  	/* Only enable/disable IBRS if the CPU supports it */
>  	if (boot_cpu_has(X86_FEATURE_IBRS)) {
>  		ibrs_enabled = val;
> -		pr_info("Spectre V2 : Spectre v2 mitigation: %s
> Indirect "
> -			"Branch Restricted Speculation%s\n",
> -			ibrs_enabled ? "Enabling" : "Disabling",
> -			ibrs_enabled == 2 ? " (user space)" : "");
> +		if (ibrs_enabled != prev)
> +			pr_info("Spectre V2 : Spectre v2 mitigation:
> %s "
> +				"Indirect Branch Restricted
> Speculation%s\n",
> +				ibrs_enabled ? "Enabling" :
> "Disabling",
> +				ibrs_enabled == 2 ? " (user
> space)" : ""); 
>  		if (ibrs_enabled == 0) {
>  			/* Always disable IBRS */

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181127/5fc38eee/attachment.sig>

More information about the kernel-team mailing list