Re: [patch 22/24] x86/speculation: Create PRCTL interface to restrict indirect branch speculation

[Peter Zijlstra]

On Thu, Nov 22, 2018 at 01:26:38PM +0100, Borislav Petkov wrote:
> Perhaps merge the two DISABLE branches to make it obvious what the
> difference between them is:
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 6eac074e3935..28cece3a067b 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -769,7 +769,9 @@ static int indir_branch_prctl_set(struct task_struct *task, unsigned long ctrl)
>  		task_clear_spec_indir_branch_disable(task);
>  		task_update_spec_tif(task, TIF_SPEC_IB, false);
>  		break;
> +
>  	case PR_SPEC_DISABLE:
> +	case PR_SPEC_FORCE_DISABLE:
>  		/*
>  		 * Indirect branch speculation is always allowed when
>  		 * mitigation is force disabled.
> @@ -780,16 +782,11 @@ static int indir_branch_prctl_set(struct task_struct *task, unsigned long ctrl)
>  			return 0;
>  		task_set_spec_indir_branch_disable(task);
>  		task_update_spec_tif(task, TIF_SPEC_IB, true);
> +
> +		if (ctrl == PR_SPEC_FORCE_DISABLE)
> +			task_set_spec_indir_branch_force_disable(task);
>  		break;
> -	case PR_SPEC_FORCE_DISABLE:
> -		if (spectre_v2_app2app == SPECTRE_V2_APP2APP_NONE)
> -			return -EPERM;
> -		if (spectre_v2_app2app == SPECTRE_V2_APP2APP_STRICT)
> -			return 0;
> -		task_set_spec_indir_branch_disable(task);
> -		task_set_spec_indir_branch_force_disable(task);
> -		task_update_spec_tif(task, TIF_SPEC_IB, true);
> -		break;
> +
>  	default:
>  		return -ERANGE;
>  	}

I like that; maybe also do the same to the ssb code, for symmetry.