ACK/Cmnt: [SRU][Xenial][PATCH v2 4/4] UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk

Stefan Bader stefan.bader at canonical.com
Wed Jan 9 13:51:30 UTC 2019 

On 13.12.18 14:21, Juerg Haefliger wrote:
> Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to
> match upstream. No functional changes.
> 
> CVE-2017-5715
> 
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---

Reading in todays light its exactly what I had thought. The comment is about the
code doing some RSB_CTXSW which appears in the diff as something that does not
move, but taking the code before and add it further down practically moves that
other code further up. So looks okay.


>  arch/x86/kernel/cpu/bugs.c | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 7a9940015af5..15867c20ed1c 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -410,16 +410,6 @@ specv2_set_mode:
>  	spectre_v2_enabled = mode;
>  	pr_info("%s\n", spectre_v2_strings[mode]);
>  
> -	/*
> -	 * Initialize Indirect Branch Prediction Barrier if supported and not
> -	 * disabled on the commandline
> -	 */
> -	if (boot_cpu_has(X86_FEATURE_IBPB)) {
> -		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
> -		if (!noibpb)
> -			set_ibpb_enabled(1);   /* Enable IBPB */
> -	}
> -
>  	/*
>  	 * If spectre v2 protection has been enabled, unconditionally fill
>  	 * RSB during a context switch; this protects against two independent
> @@ -431,6 +421,16 @@ specv2_set_mode:
>  	setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
>  	pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
>  
> +	/*
> +	 * Initialize Indirect Branch Prediction Barrier if supported and not
> +	 * disabled on the commandline
> +	 */
> +	if (boot_cpu_has(X86_FEATURE_IBPB)) {
> +		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
> +		if (!noibpb)
> +			set_ibpb_enabled(1);   /* Enable IBPB */
> +	}
> +
>  	/*
>  	 * Retpoline means the kernel is safe because it has no indirect
>  	 * branches. Enhanced IBRS protects firmware too, so, enable restricted
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190109/b6172551/attachment.sig>

More information about the kernel-team mailing list