On Thu, Nov 22, 2018 at 01:26:38PM +0100, Borislav Petkov wrote: > Perhaps merge the two DISABLE branches to make it obvious what the > difference between them is: > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 6eac074e3935..28cece3a067b 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -769,7 +769,9 @@ static int indir_branch_prctl_set(struct task_struct > *task, unsigned long ctrl) > task_clear_spec_indir_branch_disable(task); > task_update_spec_tif(task, TIF_SPEC_IB, false); > break; > + > case PR_SPEC_DISABLE: > + case PR_SPEC_FORCE_DISABLE: > /* > * Indirect branch speculation is always allowed when > * mitigation is force disabled. > @@ -780,16 +782,11 @@ static int indir_branch_prctl_set(struct task_struct > *task, unsigned long ctrl) > return 0; > task_set_spec_indir_branch_disable(task); > task_update_spec_tif(task, TIF_SPEC_IB, true); > + > + if (ctrl == PR_SPEC_FORCE_DISABLE) > + task_set_spec_indir_branch_force_disable(task); > break; > - case PR_SPEC_FORCE_DISABLE: > - if (spectre_v2_app2app == SPECTRE_V2_APP2APP_NONE) > - return -EPERM; > - if (spectre_v2_app2app == SPECTRE_V2_APP2APP_STRICT) > - return 0; > - task_set_spec_indir_branch_disable(task); > - task_set_spec_indir_branch_force_disable(task); > - task_update_spec_tif(task, TIF_SPEC_IB, true); > - break; > + > default: > return -ERANGE; > }
I like that; maybe also do the same to the ssb code, for symmetry.
