From: Jiri Slaby <jslaby@suse.cz>
Subject: x86/speculation: IBRS, forbid shooting in foot
Patch-mainline: Never, SUSE specific
References: bsc#1068032 CVE-2017-5753 bnc#1119065
When a user tries to force IBRS on a system without IBRS support, the
system oopses. So check if the system supports IBRS first, before
enabling the support.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/x86/kernel/cpu/bugs.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -488,10 +488,13 @@ static void __init spectre_v2_select_mit
break;
case SPECTRE_V2_CMD_IBRS:
- mode = SPECTRE_V2_IBRS;
- setup_force_cpu_cap(X86_FEATURE_USE_IBRS);
- goto specv2_set_mode;
+ if (boot_cpu_has(X86_FEATURE_IBRS)) {
+ mode = SPECTRE_V2_IBRS;
+ setup_force_cpu_cap(X86_FEATURE_USE_IBRS);
+ goto specv2_set_mode;
+ }
+ /* fall through */
case SPECTRE_V2_CMD_FORCE:
case SPECTRE_V2_CMD_AUTO:
if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) {