ACK/cmt: [SRU][Trusty][PATCH] UBUNTU: SAUCE: x86/speculation: Only report IBPB/IBRS state changes

Colin Ian King colin.king at canonical.com
Tue Nov 27 09:34:00 UTC 2018


On 27/11/2018 09:28, Juerg Haefliger wrote:
> Only print the IBPB/IBRS state to the log if it actually changes. Otherwise
> the log is polluted everytime the procfs file is read from.
> 
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> ---
>  kernel/sysctl.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)
> 
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 60e96b6e809d..a9380bfdc647 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -210,15 +210,17 @@ static unsigned int __ibpb_enabled = 0;   /* procfs shadow variable */
>  int set_ibpb_enabled(unsigned int val)
>  {
>  	int error = 0;
> +	unsigned int prev = ibpb_enabled;
>  
>  	mutex_lock(&spec_ctrl_mutex);
>  
>  	/* Only enable IBPB if the CPU supports it */
>  	if (boot_cpu_has(X86_FEATURE_IBPB)) {
>  		ibpb_enabled = val;
> -		pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
> -			"Branch Prediction Barrier\n",
> -			ibpb_enabled ? "Enabling" : "Disabling");
> +		if (ibpb_enabled != prev)
> +			pr_info("Spectre V2 : Spectre v2 mitigation: %s "
> +				"Indirect Branch Prediction Barrier\n",
> +				ibpb_enabled ? "Enabling" : "Disabling");
>  	} else {
>  		ibpb_enabled = 0;
>  		if (val) {
> @@ -257,16 +259,18 @@ int set_ibrs_enabled(unsigned int val)
>  {
>  	int error = 0;
>  	unsigned int cpu;
> +	unsigned int prev = ibrs_enabled;
>  
>  	mutex_lock(&spec_ctrl_mutex);
>  
>  	/* Only enable/disable IBRS if the CPU supports it */
>  	if (boot_cpu_has(X86_FEATURE_IBRS)) {
>  		ibrs_enabled = val;
> -		pr_info("Spectre V2 : Spectre v2 mitigation: %s Indirect "
> -			"Branch Restricted Speculation%s\n",
> -			ibrs_enabled ? "Enabling" : "Disabling",
> -			ibrs_enabled == 2 ? " (user space)" : "");
> +		if (ibrs_enabled != prev)
> +			pr_info("Spectre V2 : Spectre v2 mitigation: %s "
> +				"Indirect Branch Restricted Speculation%s\n",
> +				ibrs_enabled ? "Enabling" : "Disabling",
> +				ibrs_enabled == 2 ? " (user space)" : "");
>  
>  		if (ibrs_enabled == 0) {
>  			/* Always disable IBRS */
> 

+ missing CVE-2017-5715

Acked-by: Colin Ian King <colin.king at canonical.com>



More information about the kernel-team mailing list