On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote: > > + mutex_lock(&spec_ctrl_mutex); > + > + if (enable == IBRS_DISABLED) { > + /* disable IBRS usage */ > + set_ibrs_disabled(); > + if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED) > + spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, > SPEC_CTRL_FEATURE_DISABLE_IBRS); > + } else if (enable == IBRS_ENABLED) { > + /* enable IBRS usage in kernel */ > + clear_ibrs_disabled(); > + if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED) > + set_ibrs_inuse(); > + else > + /* Platform don't support IBRS */ > + enable = IBRS_DISABLED; > + } else if (enable == IBRS_ENABLED_USER) { > + /* enable IBRS usage in both userspace and kernel */ > + clear_ibrs_disabled(); > + /* don't change IBRS value once we set it to always on */ > + clear_ibrs_inuse(); > + if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED) > + spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL, > SPEC_CTRL_FEATURE_ENABLE_IBRS); > + else > + /* Platform don't support IBRS */ > + enable = IBRS_DISABLED; > + }
This doesn't take the retpoline status into account. If we have retpoline, we don't need IBRS in the kernel.
smime.p7s
Description: S/MIME cryptographic signature