x86/bugs: Always fill RSB on context switch for SpectreRSB

There is a new paper (https://arxiv.org/pdf/1807.07940.pdf)
that describes CPU return buffer (RSB) poisioning attacks as an extension
of Spectre. In a nutshell they poison the RSB to redirect
a return in another address space to jump a side channel gadget.

The kernel is already safe against RSB poisioning when either
SMEP, or page table isolation with NX pages are used, because
it is impossible for an attacker to put any code the kernel
can execute into the RSB.

But we need to protect against the case of a process poisioning
the RSB of a process it context switches into.

This requires filling the RSB on context switch

On Intel CPUs this was already done on Skylake era CPUs to mitigate
the 'RSB underflow' condition. But with SpectreRSB we need to also do
it for older CPUs. I believe it's needed near everywhere
(everything that has an RSB and can execute code out of order),
except for a few old in order x86 CPUs.

In this patch I made the RSB fill unconditional, unless Spectre mitigation
support is explicitely disabled. The patch simplifies the code
because no special handling for Skylake is needed anymore.

Cc: stable@vger.kernel.org
Signed-off-by: Andi Kleen <ak@linux.intel.com>