From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Wed, 20 Dec 2017 10:55:47 +0000
Subject: [PATCH] x86/microcode: Extend post microcode reload to support IBPB
 feature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5753
CVE-2017-5715

Add an IBPB feature check to the speculative control update check after
a microcode reload.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 099878acd3738271fb2ade01f4649b1ed2fb72d5)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/kernel/cpu/microcode/core.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 55086921d29e..638c08350d65 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -546,6 +546,13 @@ static ssize_t reload_store(struct device *dev,
 		if (ibpb_inuse)
 			sysctl_ibpb_enabled = 1;
 		mutex_unlock(&spec_ctrl_mutex);
+	} else if (boot_cpu_has(X86_FEATURE_IBPB)) {
+		printk_once(KERN_INFO "FEATURE IBPB Present\n");
+		mutex_lock(&spec_ctrl_mutex);
+		set_ibpb_supported();
+		if (ibpb_inuse)
+			sysctl_ibpb_enabled = 1;
+		mutex_unlock(&spec_ctrl_mutex);
 	}
 
 	mutex_unlock(&microcode_mutex);
-- 
2.14.2