1 /*
2  * Copyright (c) 2018 Intel Corporation
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #include <zephyr/init.h>
8 #include <zephyr/kernel.h>
9 #include <kernel_arch_data.h>
10 #include <kernel_arch_func.h>
11 #include <zephyr/arch/x86/msr.h>
12 #include <zephyr/arch/x86/cpuid.h>
13 
14 /*
15  * See:
16  * https://software.intel.com/security-software-guidance/api-app/sites/default/files/336996-Speculative-Execution-Side-Channel-Mitigations.pdf
17  */
18 
19 #if defined(CONFIG_X86_DISABLE_SSBD) || defined(CONFIG_X86_ENABLE_EXTENDED_IBRS)
spec_ctrl_init(void)20 static int spec_ctrl_init(void)
21 {
22 
23 	uint32_t enable_bits = 0U;
24 	uint32_t cpuid7 = z_x86_cpuid_extended_features();
25 
26 #ifdef CONFIG_X86_DISABLE_SSBD
27 	if ((cpuid7 & CPUID_SPEC_CTRL_SSBD) != 0U) {
28 		enable_bits |= X86_SPEC_CTRL_MSR_SSBD;
29 	}
30 #endif
31 #ifdef CONFIG_X86_ENABLE_EXTENDED_IBRS
32 	if ((cpuid7 & CPUID_SPEC_CTRL_IBRS) != 0U) {
33 		enable_bits |= X86_SPEC_CTRL_MSR_IBRS;
34 	}
35 #endif
36 	if (enable_bits != 0U) {
37 		uint64_t cur = z_x86_msr_read(X86_SPEC_CTRL_MSR);
38 
39 		z_x86_msr_write(X86_SPEC_CTRL_MSR,
40 			       cur | enable_bits);
41 	}
42 
43 	return 0;
44 }
45 
46 SYS_INIT(spec_ctrl_init, PRE_KERNEL_1, 0);
47 #endif /* CONFIG_X86_DISABLE_SSBD || CONFIG_X86_ENABLE_EXTENDED_IBRS */
48