From: Jiri Kosina <jkos...@suse.cz>
Xen PV domain is not by design affected by meltdown as it's enforcing
split CR3 itself. Let's not report such systems as "Vulnerable" in sysfs
(we're also already forcing PTI to off in X86_HYPER_XEN_PV cases)
Reported-and-tested-by: Mike Latimer <mlati...@suse.com>
Signed-off-by: Jiri Kosina <jkos...@suse.cz>
---
I originally wanted to just not set X86_BUG_CPU_MELTDOWN in
cpu_set_bug_bits() in the first place, but that has two issues:
- cpu_set_bug_bits() gets invoked from early_identify_cpu() before
init_hypervisor_platform() had a chance to run, and therefore the
hypervisor type check doesn't work there
- it'd actually be inaccurate; the CPU *does* have the bug at the end
of the day (so it's properly kept being reported in cpuinfo), it's
"just a setup matter" that we don't need any addtional mitigation to
be applied by the kernel
So let's not overcomplicate it.
arch/x86/kernel/cpu/bugs.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -26,6 +26,7 @@
#include <asm/pgtable.h>
#include <asm/set_memory.h>
#include <asm/intel-family.h>
+#include <asm/hypervisor.h>
static void __init spectre_v2_select_mitigation(void);
static void __init ssb_select_mitigation(void);
@@ -685,6 +686,9 @@ static ssize_t cpu_show_common(struct de
if (boot_cpu_has(X86_FEATURE_PTI))
return sprintf(buf, "Mitigation: PTI\n");
+ if (hypervisor_is_type(X86_HYPER_XEN_PV))
+ return sprintf(buf, "Not affected\n");
+
break;
case X86_BUG_SPECTRE_V1:
--
Jiri Kosina
SUSE Labs
