On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote:
>
> + mutex_lock(&spec_ctrl_mutex);
> +
> + if (enable == IBRS_DISABLED) {
> + /* disable IBRS usage */
> + set_ibrs_disabled();
> + if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
> + spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL,
> SPEC_CTRL_FEATURE_DISABLE_IBRS);
> + } else if (enable == IBRS_ENABLED) {
> + /* enable IBRS usage in kernel */
> + clear_ibrs_disabled();
> + if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
> + set_ibrs_inuse();
> + else
> + /* Platform don't support IBRS */
> + enable = IBRS_DISABLED;
> + } else if (enable == IBRS_ENABLED_USER) {
> + /* enable IBRS usage in both userspace and kernel */
> + clear_ibrs_disabled();
> + /* don't change IBRS value once we set it to always on */
> + clear_ibrs_inuse();
> + if (spec_ctrl_ibrs & SPEC_CTRL_IBRS_SUPPORTED)
> + spec_ctrl_flush_all_cpus(MSR_IA32_SPEC_CTRL,
> SPEC_CTRL_FEATURE_ENABLE_IBRS);
> + else
> + /* Platform don't support IBRS */
> + enable = IBRS_DISABLED;
> + }This doesn't take the retpoline status into account. If we have retpoline, we don't need IBRS in the kernel.
smime.p7s
Description: S/MIME cryptographic signature
