• David Woodhouse's avatar
    x86/cpufeatures: Clean up Spectre v2 related CPUID flags · 2961298e
    David Woodhouse authored
    We want to expose the hardware features simply in /proc/cpuinfo as "ibrs",
    "ibpb" and "stibp". Since AMD has separate CPUID bits for those, use them
    as the user-visible bits.
    
    When the Intel SPEC_CTRL bit is set which indicates both IBRS and IBPB
    capability, set those (AMD) bits accordingly. Likewise if the Intel STIBP
    bit is set, set the AMD STIBP that's used for the generic hardware
    capability.
    
    Hide the rest from /proc/cpuinfo by putting "" in the comments. Including
    RETPOLINE and RETPOLINE_AMD which shouldn't be visible there. There are
    patches to make the sysfs vulnerabilities information non-readable by
    non-root, and the same should apply to all information about which
    mitigations are actually in use. Those *shouldn't* appear in /proc/cpuinfo.
    
    The feature bit for whether IBPB is actually used, which is needed for
    ALTERNATIVEs, is renamed to X86_FEATURE_USE_IBPB.
    Originally-by: default avatarBorislav Petkov <bp@suse.de>
    Signed-off-by: default avatarDavid Woodhouse <dwmw@amazon.co.uk>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: ak@linux.intel.com
    Cc: dave.hansen@intel.com
    Cc: karahmed@amazon.de
    Cc: arjan@linux.intel.com
    Cc: torvalds@linux-foundation.org
    Cc: peterz@infradead.org
    Cc: bp@alien8.de
    Cc: pbonzini@redhat.com
    Cc: tim.c.chen@linux.intel.com
    Cc: gregkh@linux-foundation.org
    Link: https://lkml.kernel.org/r/1517070274-12128-2-git-send-email-dwmw@amazon.co.uk
    2961298e
nospec-branch.h 6.34 KB