subject:"\[PATCH 4.9 43\/92\] x86\/pti\: Do not enable PTI on CPUs which are not vulnerable to Meltdown"

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-16 Thread Nick Lowe

Hi,

This should use boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) - I am
preparing patches.

Best,

Nick

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-16 Thread Nick Lowe

Hi,

This should use boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) - I am
preparing patches.

Best,

Nick

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-16 Thread Nick Lowe

Hi

I do not have a tested patch, but I expect the change would be something like:

skip:
-   if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
+   if (!static_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
   goto disable;

Cheers,

Nick


On Tue, Feb 13, 2018 at 4:32 PM, Greg Kroah-Hartman
 wrote:
> On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote:
>> Hi Arjan and Greg,
>>
>> Sorry if I am not being clear enough.
>>
>> My point is that there is a check for X86_VENDOR_AMD now in two places.
>>
>> It is still hardcoded for the auto boot option which I think should
>> not be there. The patch on that basis looked incomplete to me.
>>
>> Put another way, there is no effect to the auto option where the
>> contents of cpu_no_meltdown[] are changed and
>> cpu_vulnerable_to_meltdown returns differently.
>>
>> The auto option does not make use of a determination of the
>> X86_BUG_CPU_MELTDOWN state.
>>
>> This seems wrong to me. It does not seem correct to me for the auto
>> option to have this duplication with a check for just X86_VENDOR_AMD.
>
> Do you have a patch that reflects what you want to see changed here?
>
> And can you test it?  :)
>
> I don't have any AMD hardware, sorry.
>
> thanks,
>
> greg k-h

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-16 Thread Nick Lowe

Hi

I do not have a tested patch, but I expect the change would be something like:

skip:
-   if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
+   if (!static_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
   goto disable;

Cheers,

Nick


On Tue, Feb 13, 2018 at 4:32 PM, Greg Kroah-Hartman
 wrote:
> On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote:
>> Hi Arjan and Greg,
>>
>> Sorry if I am not being clear enough.
>>
>> My point is that there is a check for X86_VENDOR_AMD now in two places.
>>
>> It is still hardcoded for the auto boot option which I think should
>> not be there. The patch on that basis looked incomplete to me.
>>
>> Put another way, there is no effect to the auto option where the
>> contents of cpu_no_meltdown[] are changed and
>> cpu_vulnerable_to_meltdown returns differently.
>>
>> The auto option does not make use of a determination of the
>> X86_BUG_CPU_MELTDOWN state.
>>
>> This seems wrong to me. It does not seem correct to me for the auto
>> option to have this duplication with a check for just X86_VENDOR_AMD.
>
> Do you have a patch that reflects what you want to see changed here?
>
> And can you test it?  :)
>
> I don't have any AMD hardware, sorry.
>
> thanks,
>
> greg k-h

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Greg Kroah-Hartman

On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote:
> Hi Arjan and Greg,
> 
> Sorry if I am not being clear enough.
> 
> My point is that there is a check for X86_VENDOR_AMD now in two places.
> 
> It is still hardcoded for the auto boot option which I think should
> not be there. The patch on that basis looked incomplete to me.
> 
> Put another way, there is no effect to the auto option where the
> contents of cpu_no_meltdown[] are changed and
> cpu_vulnerable_to_meltdown returns differently.
> 
> The auto option does not make use of a determination of the
> X86_BUG_CPU_MELTDOWN state.
> 
> This seems wrong to me. It does not seem correct to me for the auto
> option to have this duplication with a check for just X86_VENDOR_AMD.

Do you have a patch that reflects what you want to see changed here?

And can you test it?  :)

I don't have any AMD hardware, sorry.

thanks,

greg k-h

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Greg Kroah-Hartman

On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote:
> Hi Arjan and Greg,
> 
> Sorry if I am not being clear enough.
> 
> My point is that there is a check for X86_VENDOR_AMD now in two places.
> 
> It is still hardcoded for the auto boot option which I think should
> not be there. The patch on that basis looked incomplete to me.
> 
> Put another way, there is no effect to the auto option where the
> contents of cpu_no_meltdown[] are changed and
> cpu_vulnerable_to_meltdown returns differently.
> 
> The auto option does not make use of a determination of the
> X86_BUG_CPU_MELTDOWN state.
> 
> This seems wrong to me. It does not seem correct to me for the auto
> option to have this duplication with a check for just X86_VENDOR_AMD.

Do you have a patch that reflects what you want to see changed here?

And can you test it?  :)

I don't have any AMD hardware, sorry.

thanks,

greg k-h

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Dave Hansen

On 02/13/2018 07:56 AM, Andi Kleen wrote:
> On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote:
>>> So, any hints on what you think should be the correct fix here?
>> the patch sure looks correct to me, it now has a nice table for CPU IDs
>> including all of AMD (and soon hopefully the existing Intel ones that are 
>> not exposed to meltdown)
> I don't think the table is nice, it's a white list that would need
> to be maintained forever.

On Intel, we have that RDCL_NO bit in the ARCH_CAPABILITIES MSR going
forward to show that we are not vulnerable.  So, at least for Intel we
don't need to add new models forever.

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Dave Hansen

On 02/13/2018 07:56 AM, Andi Kleen wrote:
> On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote:
>>> So, any hints on what you think should be the correct fix here?
>> the patch sure looks correct to me, it now has a nice table for CPU IDs
>> including all of AMD (and soon hopefully the existing Intel ones that are 
>> not exposed to meltdown)
> I don't think the table is nice, it's a white list that would need
> to be maintained forever.

On Intel, we have that RDCL_NO bit in the ARCH_CAPABILITIES MSR going
forward to show that we are not vulnerable.  So, at least for Intel we
don't need to add new models forever.

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Borislav Petkov

On Tue, Feb 13, 2018 at 05:02:59PM +0100, Thomas Gleixner wrote:
> No. The table is basically excluding families <=5 and a few individual
> ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not
> need any entry.

It looks to me like Nick wants 4.9 to test X86_BUG_CPU_MELTDOWN in
kaiser_check_boottime_disable() not X86_VENDOR_AMD. I.e., the auto
disable should pay attention to the CPUs in the table like upstream.

4.9 got the kaiser backports which explains the difference.

IMHO, of course.

-- 
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 
(AG Nürnberg)
--

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Borislav Petkov

On Tue, Feb 13, 2018 at 05:02:59PM +0100, Thomas Gleixner wrote:
> No. The table is basically excluding families <=5 and a few individual
> ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not
> need any entry.

It looks to me like Nick wants 4.9 to test X86_BUG_CPU_MELTDOWN in
kaiser_check_boottime_disable() not X86_VENDOR_AMD. I.e., the auto
disable should pay attention to the CPUs in the table like upstream.

4.9 got the kaiser backports which explains the difference.

IMHO, of course.

-- 
Regards/Gruss,
Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 
(AG Nürnberg)
--

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Thomas Gleixner

On Tue, 13 Feb 2018, Andi Kleen wrote:
> On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote:
> > > 
> > > So, any hints on what you think should be the correct fix here?
> > 
> > the patch sure looks correct to me, it now has a nice table for CPU IDs
> > including all of AMD (and soon hopefully the existing Intel ones that are 
> > not exposed to meltdown)
> 
> I don't think the table is nice, it's a white list that would need
> to be maintained forever.

No. The table is basically excluding families <=5 and a few individual
ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not
need any entry.

Thanks,

tglx

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Thomas Gleixner

On Tue, 13 Feb 2018, Andi Kleen wrote:
> On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote:
> > > 
> > > So, any hints on what you think should be the correct fix here?
> > 
> > the patch sure looks correct to me, it now has a nice table for CPU IDs
> > including all of AMD (and soon hopefully the existing Intel ones that are 
> > not exposed to meltdown)
> 
> I don't think the table is nice, it's a white list that would need
> to be maintained forever.

No. The table is basically excluding families <=5 and a few individual
ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not
need any entry.

Thanks,

tglx

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Andi Kleen

On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote:
> > 
> > So, any hints on what you think should be the correct fix here?
> 
> the patch sure looks correct to me, it now has a nice table for CPU IDs
> including all of AMD (and soon hopefully the existing Intel ones that are not 
> exposed to meltdown)

I don't think the table is nice, it's a white list that would need
to be maintained forever.

-Andi

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Andi Kleen

On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote:
> > 
> > So, any hints on what you think should be the correct fix here?
> 
> the patch sure looks correct to me, it now has a nice table for CPU IDs
> including all of AMD (and soon hopefully the existing Intel ones that are not 
> exposed to meltdown)

I don't think the table is nice, it's a white list that would need
to be maintained forever.

-Andi

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Nick Lowe

Hi Arjan and Greg,

Sorry if I am not being clear enough.

My point is that there is a check for X86_VENDOR_AMD now in two places.

It is still hardcoded for the auto boot option which I think should
not be there. The patch on that basis looked incomplete to me.

Put another way, there is no effect to the auto option where the
contents of cpu_no_meltdown[] are changed and
cpu_vulnerable_to_meltdown returns differently.

The auto option does not make use of a determination of the
X86_BUG_CPU_MELTDOWN state.

This seems wrong to me. It does not seem correct to me for the auto
option to have this duplication with a check for just X86_VENDOR_AMD.

Regards,

Nick

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Nick Lowe

Hi Arjan and Greg,

Sorry if I am not being clear enough.

My point is that there is a check for X86_VENDOR_AMD now in two places.

It is still hardcoded for the auto boot option which I think should
not be there. The patch on that basis looked incomplete to me.

Put another way, there is no effect to the auto option where the
contents of cpu_no_meltdown[] are changed and
cpu_vulnerable_to_meltdown returns differently.

The auto option does not make use of a determination of the
X86_BUG_CPU_MELTDOWN state.

This seems wrong to me. It does not seem correct to me for the auto
option to have this duplication with a check for just X86_VENDOR_AMD.

Regards,

Nick

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Arjan van de Ven



So, any hints on what you think should be the correct fix here?


the patch sure looks correct to me, it now has a nice table for CPU IDs
including all of AMD (and soon hopefully the existing Intel ones that are not 
exposed to meltdown)

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Arjan van de Ven



So, any hints on what you think should be the correct fix here?


the patch sure looks correct to me, it now has a nice table for CPU IDs
including all of AMD (and soon hopefully the existing Intel ones that are not 
exposed to meltdown)

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Greg Kroah-Hartman

On Tue, Feb 13, 2018 at 01:34:07PM +, Nick Lowe wrote:
> Hi,
> 
> This does not seem to have subsumed the AMD specific code in
> 
> x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
> Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320
> 
> x86/kaiser: Check boottime cmdline params
> Commit 8018307a45a90ab2eecfd03d48b7efb31707df37
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37
> 
> Here, we can see:
> 
> +skip:
> + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
> + goto disable;
> 
> Refer to 4.9.81's kaiser.c
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81
> 
> Also 4.4.115's kaiser.c
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115

So, any hints on what you think should be the correct fix here?

thanks,

greg k-h

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Greg Kroah-Hartman

On Tue, Feb 13, 2018 at 01:34:07PM +, Nick Lowe wrote:
> Hi,
> 
> This does not seem to have subsumed the AMD specific code in
> 
> x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
> Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320
> 
> x86/kaiser: Check boottime cmdline params
> Commit 8018307a45a90ab2eecfd03d48b7efb31707df37
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37
> 
> Here, we can see:
> 
> +skip:
> + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
> + goto disable;
> 
> Refer to 4.9.81's kaiser.c
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81
> 
> Also 4.4.115's kaiser.c
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115

So, any hints on what you think should be the correct fix here?

thanks,

greg k-h

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Nick Lowe

Hi,

This does not seem to have subsumed the AMD specific code in

x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320

x86/kaiser: Check boottime cmdline params
Commit 8018307a45a90ab2eecfd03d48b7efb31707df37

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37

Here, we can see:

+skip:
+ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
+ goto disable;

Refer to 4.9.81's kaiser.c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81

Also 4.4.115's kaiser.c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115

Cheers,

Nick

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-13 Thread Nick Lowe

Hi,

This does not seem to have subsumed the AMD specific code in

x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320

x86/kaiser: Check boottime cmdline params
Commit 8018307a45a90ab2eecfd03d48b7efb31707df37

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37

Here, we can see:

+skip:
+ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
+ goto disable;

Refer to 4.9.81's kaiser.c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81

Also 4.4.115's kaiser.c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115

Cheers,

Nick

[PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-09 Thread Greg Kroah-Hartman

4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: David Woodhouse 

(cherry picked from commit fec9434a12f38d3aeafeb75711b71d8a1fdef621)

Also, for CPUs which don't speculate at all, don't report that they're
vulnerable to the Spectre variants either.

Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it
for now, even though that could be done with a simple comparison, on the
assumption that we'll have more to add.

Based on suggestions from Dave Hansen and Alan Cox.

Signed-off-by: David Woodhouse 
Signed-off-by: Thomas Gleixner 
Reviewed-by: Greg Kroah-Hartman 
Reviewed-by: Borislav Petkov 
Acked-by: Dave Hansen 
Cc: gno...@lxorguk.ukuu.org.uk
Cc: a...@linux.intel.com
Cc: ashok@intel.com
Cc: karah...@amazon.de
Cc: ar...@linux.intel.com
Cc: torva...@linux-foundation.org
Cc: pet...@infradead.org
Cc: b...@alien8.de
Cc: pbonz...@redhat.com
Cc: tim.c.c...@linux.intel.com
Cc: gre...@linux-foundation.org
Link: 
https://lkml.kernel.org/r/1516896855-7642-6-git-send-email-d...@amazon.co.uk
Signed-off-by: David Woodhouse 
Signed-off-by: Greg Kroah-Hartman 
---
 arch/x86/kernel/cpu/common.c |   48 ++-
 1 file changed, 43 insertions(+), 5 deletions(-)

--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -44,6 +44,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 #ifdef CONFIG_X86_LOCAL_APIC
 #include 
@@ -838,6 +840,41 @@ static void identify_cpu_without_cpuid(s
 #endif
 }
 
+static const __initdata struct x86_cpu_id cpu_no_speculation[] = {
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW,   X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW,  X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT,X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW,X86_FEATURE_ANY 
},
+   { X86_VENDOR_CENTAUR,   5 },
+   { X86_VENDOR_INTEL, 5 },
+   { X86_VENDOR_NSC,   5 },
+   { X86_VENDOR_ANY,   4 },
+   {}
+};
+
+static const __initdata struct x86_cpu_id cpu_no_meltdown[] = {
+   { X86_VENDOR_AMD },
+   {}
+};
+
+static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c)
+{
+   u64 ia32_cap = 0;
+
+   if (x86_match_cpu(cpu_no_meltdown))
+   return false;
+
+   if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
+   rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
+
+   /* Rogue Data Cache Load? No! */
+   if (ia32_cap & ARCH_CAP_RDCL_NO)
+   return false;
+
+   return true;
+}
+
 /*
  * Do minimum CPU detection early.
  * Fields really needed: vendor, cpuid_level, family, model, mask,
@@ -884,11 +921,12 @@ static void __init early_identify_cpu(st
 
setup_force_cpu_cap(X86_FEATURE_ALWAYS);
 
-   if (c->x86_vendor != X86_VENDOR_AMD)
-   setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
-
-   setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
-   setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
+   if (!x86_match_cpu(cpu_no_speculation)) {
+   if (cpu_vulnerable_to_meltdown(c))
+   setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
+   setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
+   setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
+   }
 
fpu__init_system(c);

[PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

2018-02-09 Thread Greg Kroah-Hartman

4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: David Woodhouse 

(cherry picked from commit fec9434a12f38d3aeafeb75711b71d8a1fdef621)

Also, for CPUs which don't speculate at all, don't report that they're
vulnerable to the Spectre variants either.

Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it
for now, even though that could be done with a simple comparison, on the
assumption that we'll have more to add.

Based on suggestions from Dave Hansen and Alan Cox.

Signed-off-by: David Woodhouse 
Signed-off-by: Thomas Gleixner 
Reviewed-by: Greg Kroah-Hartman 
Reviewed-by: Borislav Petkov 
Acked-by: Dave Hansen 
Cc: gno...@lxorguk.ukuu.org.uk
Cc: a...@linux.intel.com
Cc: ashok@intel.com
Cc: karah...@amazon.de
Cc: ar...@linux.intel.com
Cc: torva...@linux-foundation.org
Cc: pet...@infradead.org
Cc: b...@alien8.de
Cc: pbonz...@redhat.com
Cc: tim.c.c...@linux.intel.com
Cc: gre...@linux-foundation.org
Link: 
https://lkml.kernel.org/r/1516896855-7642-6-git-send-email-d...@amazon.co.uk
Signed-off-by: David Woodhouse 
Signed-off-by: Greg Kroah-Hartman 
---
 arch/x86/kernel/cpu/common.c |   48 ++-
 1 file changed, 43 insertions(+), 5 deletions(-)

--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -44,6 +44,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 #ifdef CONFIG_X86_LOCAL_APIC
 #include 
@@ -838,6 +840,41 @@ static void identify_cpu_without_cpuid(s
 #endif
 }
 
+static const __initdata struct x86_cpu_id cpu_no_speculation[] = {
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW,   X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW,  X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT,X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY 
},
+   { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW,X86_FEATURE_ANY 
},
+   { X86_VENDOR_CENTAUR,   5 },
+   { X86_VENDOR_INTEL, 5 },
+   { X86_VENDOR_NSC,   5 },
+   { X86_VENDOR_ANY,   4 },
+   {}
+};
+
+static const __initdata struct x86_cpu_id cpu_no_meltdown[] = {
+   { X86_VENDOR_AMD },
+   {}
+};
+
+static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c)
+{
+   u64 ia32_cap = 0;
+
+   if (x86_match_cpu(cpu_no_meltdown))
+   return false;
+
+   if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
+   rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
+
+   /* Rogue Data Cache Load? No! */
+   if (ia32_cap & ARCH_CAP_RDCL_NO)
+   return false;
+
+   return true;
+}
+
 /*
  * Do minimum CPU detection early.
  * Fields really needed: vendor, cpuid_level, family, model, mask,
@@ -884,11 +921,12 @@ static void __init early_identify_cpu(st
 
setup_force_cpu_cap(X86_FEATURE_ALWAYS);
 
-   if (c->x86_vendor != X86_VENDOR_AMD)
-   setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
-
-   setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
-   setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
+   if (!x86_match_cpu(cpu_no_speculation)) {
+   if (cpu_vulnerable_to_meltdown(c))
+   setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
+   setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
+   setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
+   }
 
fpu__init_system(c);

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

[PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

[PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown

24 matches

Site Navigation

Mail list logo

Footer information