commit: af6d2cd183065421749cabe99946396185251214 Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> AuthorDate: Thu Jan 4 00:18:58 2018 +0000 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> CommitDate: Thu Jan 4 00:18:58 2018 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=af6d2cd1
add patch x86/cpu, x86/pti: Do not enable PTI on AMD processors 0000_README | 4 +++ 1700_do_not_enable_PTI_on_AMD_processor.patch | 44 +++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/0000_README b/0000_README index c14881b..946c936 100644 --- a/0000_README +++ b/0000_README @@ -95,6 +95,10 @@ Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ Desc: Enable link security restrictions by default. +Patch: 1700_do_not_enable_PTI_on_AMD_processor.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/patch/?id=694d99d40972f12e59a3696effee8a376b79d7c8 +Desc: x86/cpu, x86/pti: Do not enable PTI on AMD processors. + Patch: 2100_bcache-data-corruption-fix-for-bi-partno.patch From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6 Desc: bio: ensure __bio_clone_fast copies bi_partno. diff --git a/1700_do_not_enable_PTI_on_AMD_processor.patch b/1700_do_not_enable_PTI_on_AMD_processor.patch new file mode 100644 index 0000000..3069c4c --- /dev/null +++ b/1700_do_not_enable_PTI_on_AMD_processor.patch @@ -0,0 +1,44 @@ +From 694d99d40972f12e59a3696effee8a376b79d7c8 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky <[email protected]> +Date: Tue, 26 Dec 2017 23:43:54 -0600 +Subject: x86/cpu, x86/pti: Do not enable PTI on AMD processors + +AMD processors are not subject to the types of attacks that the kernel +page table isolation feature protects against. The AMD microarchitecture +does not allow memory references, including speculative references, that +access higher privileged data when running in a lesser privileged mode +when that access would result in a page fault. + +Disable page table isolation by default on AMD processors by not setting +the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI +is set. + +Signed-off-by: Tom Lendacky <[email protected]> +Signed-off-by: Thomas Gleixner <[email protected]> +Reviewed-by: Borislav Petkov <[email protected]> +Cc: Dave Hansen <[email protected]> +Cc: Andy Lutomirski <[email protected]> +Cc: [email protected] +Link: https://lkml.kernel.org/r/[email protected] +--- + arch/x86/kernel/cpu/common.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index f2a94df..b1be494 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) + + setup_force_cpu_cap(X86_FEATURE_ALWAYS); + +- /* Assume for now that ALL x86 CPUs are insecure */ +- setup_force_cpu_bug(X86_BUG_CPU_INSECURE); ++ if (c->x86_vendor != X86_VENDOR_AMD) ++ setup_force_cpu_bug(X86_BUG_CPU_INSECURE); + + fpu__init_system(c); + +-- +cgit v1.1 +
