Once PR_SPEC_FORCE_DISABLE is set, users cannot set PR_SPEC_ENABLE.
This commit checks whether PR_SPEC_FORCE_DISABLE was previously set.
Signed-off-by: Kenta Tada <kenta.t...@sony.com>
---
arch/x86/kernel/cpu/bugs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index ed54b3b21c39..678ace157035 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1173,6 +1173,9 @@ static int ib_prctl_set(struct task_struct *task,
unsigned long ctrl)
if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
return -EPERM;
+ /* If speculation is force disabled, enable is not allowed */
+ if (task_spec_ib_force_disable(task))
+ return -EPERM;
task_clear_spec_ib_disable(task);
task_update_spec_tif(task);
break;
--
2.20.1
