diff options
Diffstat (limited to 'arch/x86/kernel/cpu/bugs.c')
| -rw-r--r-- | arch/x86/kernel/cpu/bugs.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d71c8b54b696..bfca937bdcc3 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c | |||
| @@ -300,6 +300,15 @@ retpoline_auto: | |||
| 300 | setup_force_cpu_cap(X86_FEATURE_USE_IBPB); | 300 | setup_force_cpu_cap(X86_FEATURE_USE_IBPB); |
| 301 | pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); | 301 | pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); |
| 302 | } | 302 | } |
| 303 | |||
| 304 | /* | ||
| 305 | * Retpoline means the kernel is safe because it has no indirect | ||
| 306 | * branches. But firmware isn't, so use IBRS to protect that. | ||
| 307 | */ | ||
| 308 | if (boot_cpu_has(X86_FEATURE_IBRS)) { | ||
| 309 | setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); | ||
| 310 | pr_info("Enabling Restricted Speculation for firmware calls\n"); | ||
| 311 | } | ||
| 303 | } | 312 | } |
| 304 | 313 | ||
| 305 | #undef pr_fmt | 314 | #undef pr_fmt |
| @@ -326,8 +335,9 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c | |||
| 326 | if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) | 335 | if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
| 327 | return sprintf(buf, "Not affected\n"); | 336 | return sprintf(buf, "Not affected\n"); |
| 328 | 337 | ||
| 329 | return sprintf(buf, "%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], | 338 | return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
| 330 | boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", | 339 | boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", |
| 340 | boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", | ||
| 331 | spectre_v2_module_string()); | 341 | spectre_v2_module_string()); |
| 332 | } | 342 | } |
| 333 | #endif | 343 | #endif |