ACK: [SRU][Xenial][PATCH v2 4/4] UBUNTU: SAUCE: x86/speculation: Move RSB_CTXSW hunk

[Kleber Souza]

On 12/13/18 2:21 PM, Juerg Haefliger wrote:
> Move the RSB_CTXSW hunk further up in spectre_v2_select_mitigation() to
> match upstream. No functional changes.
>
> CVE-2017-5715
>
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>


Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>

> ---
>  arch/x86/kernel/cpu/bugs.c | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 7a9940015af5..15867c20ed1c 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -410,16 +410,6 @@ specv2_set_mode:
>  	spectre_v2_enabled = mode;
>  	pr_info("%s\n", spectre_v2_strings[mode]);
>  
> -	/*
> -	 * Initialize Indirect Branch Prediction Barrier if supported and not
> -	 * disabled on the commandline
> -	 */
> -	if (boot_cpu_has(X86_FEATURE_IBPB)) {
> -		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
> -		if (!noibpb)
> -			set_ibpb_enabled(1);   /* Enable IBPB */
> -	}
> -
>  	/*
>  	 * If spectre v2 protection has been enabled, unconditionally fill
>  	 * RSB during a context switch; this protects against two independent
> @@ -431,6 +421,16 @@ specv2_set_mode:
>  	setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW);
>  	pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n");
>  
> +	/*
> +	 * Initialize Indirect Branch Prediction Barrier if supported and not
> +	 * disabled on the commandline
> +	 */
> +	if (boot_cpu_has(X86_FEATURE_IBPB)) {
> +		setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
> +		if (!noibpb)
> +			set_ibpb_enabled(1);   /* Enable IBPB */
> +	}
> +
>  	/*
>  	 * Retpoline means the kernel is safe because it has no indirect
>  	 * branches. Enhanced IBRS protects firmware too, so, enable restricted