Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi, This should use boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) - I am preparing patches. Best, Nick
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi, This should use boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) - I am preparing patches. Best, Nick
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi I do not have a tested patch, but I expect the change would be something like: skip: - if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) + if (!static_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) goto disable; Cheers, Nick On Tue, Feb 13, 2018 at 4:32 PM, Greg Kroah-Hartmanwrote: > On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote: >> Hi Arjan and Greg, >> >> Sorry if I am not being clear enough. >> >> My point is that there is a check for X86_VENDOR_AMD now in two places. >> >> It is still hardcoded for the auto boot option which I think should >> not be there. The patch on that basis looked incomplete to me. >> >> Put another way, there is no effect to the auto option where the >> contents of cpu_no_meltdown[] are changed and >> cpu_vulnerable_to_meltdown returns differently. >> >> The auto option does not make use of a determination of the >> X86_BUG_CPU_MELTDOWN state. >> >> This seems wrong to me. It does not seem correct to me for the auto >> option to have this duplication with a check for just X86_VENDOR_AMD. > > Do you have a patch that reflects what you want to see changed here? > > And can you test it? :) > > I don't have any AMD hardware, sorry. > > thanks, > > greg k-h
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi I do not have a tested patch, but I expect the change would be something like: skip: - if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) + if (!static_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) goto disable; Cheers, Nick On Tue, Feb 13, 2018 at 4:32 PM, Greg Kroah-Hartman wrote: > On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote: >> Hi Arjan and Greg, >> >> Sorry if I am not being clear enough. >> >> My point is that there is a check for X86_VENDOR_AMD now in two places. >> >> It is still hardcoded for the auto boot option which I think should >> not be there. The patch on that basis looked incomplete to me. >> >> Put another way, there is no effect to the auto option where the >> contents of cpu_no_meltdown[] are changed and >> cpu_vulnerable_to_meltdown returns differently. >> >> The auto option does not make use of a determination of the >> X86_BUG_CPU_MELTDOWN state. >> >> This seems wrong to me. It does not seem correct to me for the auto >> option to have this duplication with a check for just X86_VENDOR_AMD. > > Do you have a patch that reflects what you want to see changed here? > > And can you test it? :) > > I don't have any AMD hardware, sorry. > > thanks, > > greg k-h
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote: > Hi Arjan and Greg, > > Sorry if I am not being clear enough. > > My point is that there is a check for X86_VENDOR_AMD now in two places. > > It is still hardcoded for the auto boot option which I think should > not be there. The patch on that basis looked incomplete to me. > > Put another way, there is no effect to the auto option where the > contents of cpu_no_meltdown[] are changed and > cpu_vulnerable_to_meltdown returns differently. > > The auto option does not make use of a determination of the > X86_BUG_CPU_MELTDOWN state. > > This seems wrong to me. It does not seem correct to me for the auto > option to have this duplication with a check for just X86_VENDOR_AMD. Do you have a patch that reflects what you want to see changed here? And can you test it? :) I don't have any AMD hardware, sorry. thanks, greg k-h
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 03:27:47PM +, Nick Lowe wrote: > Hi Arjan and Greg, > > Sorry if I am not being clear enough. > > My point is that there is a check for X86_VENDOR_AMD now in two places. > > It is still hardcoded for the auto boot option which I think should > not be there. The patch on that basis looked incomplete to me. > > Put another way, there is no effect to the auto option where the > contents of cpu_no_meltdown[] are changed and > cpu_vulnerable_to_meltdown returns differently. > > The auto option does not make use of a determination of the > X86_BUG_CPU_MELTDOWN state. > > This seems wrong to me. It does not seem correct to me for the auto > option to have this duplication with a check for just X86_VENDOR_AMD. Do you have a patch that reflects what you want to see changed here? And can you test it? :) I don't have any AMD hardware, sorry. thanks, greg k-h
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On 02/13/2018 07:56 AM, Andi Kleen wrote: > On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote: >>> So, any hints on what you think should be the correct fix here? >> the patch sure looks correct to me, it now has a nice table for CPU IDs >> including all of AMD (and soon hopefully the existing Intel ones that are >> not exposed to meltdown) > I don't think the table is nice, it's a white list that would need > to be maintained forever. On Intel, we have that RDCL_NO bit in the ARCH_CAPABILITIES MSR going forward to show that we are not vulnerable. So, at least for Intel we don't need to add new models forever.
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On 02/13/2018 07:56 AM, Andi Kleen wrote: > On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote: >>> So, any hints on what you think should be the correct fix here? >> the patch sure looks correct to me, it now has a nice table for CPU IDs >> including all of AMD (and soon hopefully the existing Intel ones that are >> not exposed to meltdown) > I don't think the table is nice, it's a white list that would need > to be maintained forever. On Intel, we have that RDCL_NO bit in the ARCH_CAPABILITIES MSR going forward to show that we are not vulnerable. So, at least for Intel we don't need to add new models forever.
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 05:02:59PM +0100, Thomas Gleixner wrote: > No. The table is basically excluding families <=5 and a few individual > ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not > need any entry. It looks to me like Nick wants 4.9 to test X86_BUG_CPU_MELTDOWN in kaiser_check_boottime_disable() not X86_VENDOR_AMD. I.e., the auto disable should pay attention to the CPUs in the table like upstream. 4.9 got the kaiser backports which explains the difference. IMHO, of course. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 05:02:59PM +0100, Thomas Gleixner wrote: > No. The table is basically excluding families <=5 and a few individual > ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not > need any entry. It looks to me like Nick wants 4.9 to test X86_BUG_CPU_MELTDOWN in kaiser_check_boottime_disable() not X86_VENDOR_AMD. I.e., the auto disable should pay attention to the CPUs in the table like upstream. 4.9 got the kaiser backports which explains the difference. IMHO, of course. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, 13 Feb 2018, Andi Kleen wrote: > On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote: > > > > > > So, any hints on what you think should be the correct fix here? > > > > the patch sure looks correct to me, it now has a nice table for CPU IDs > > including all of AMD (and soon hopefully the existing Intel ones that are > > not exposed to meltdown) > > I don't think the table is nice, it's a white list that would need > to be maintained forever. No. The table is basically excluding families <=5 and a few individual ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not need any entry. Thanks, tglx
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, 13 Feb 2018, Andi Kleen wrote: > On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote: > > > > > > So, any hints on what you think should be the correct fix here? > > > > the patch sure looks correct to me, it now has a nice table for CPU IDs > > including all of AMD (and soon hopefully the existing Intel ones that are > > not exposed to meltdown) > > I don't think the table is nice, it's a white list that would need > to be maintained forever. No. The table is basically excluding families <=5 and a few individual ones. Anything newer than that should tell via ARCH_CAP_RDCL_NO and not need any entry. Thanks, tglx
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote: > > > > So, any hints on what you think should be the correct fix here? > > the patch sure looks correct to me, it now has a nice table for CPU IDs > including all of AMD (and soon hopefully the existing Intel ones that are not > exposed to meltdown) I don't think the table is nice, it's a white list that would need to be maintained forever. -Andi
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 07:09:44AM -0800, Arjan van de Ven wrote: > > > > So, any hints on what you think should be the correct fix here? > > the patch sure looks correct to me, it now has a nice table for CPU IDs > including all of AMD (and soon hopefully the existing Intel ones that are not > exposed to meltdown) I don't think the table is nice, it's a white list that would need to be maintained forever. -Andi
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi Arjan and Greg, Sorry if I am not being clear enough. My point is that there is a check for X86_VENDOR_AMD now in two places. It is still hardcoded for the auto boot option which I think should not be there. The patch on that basis looked incomplete to me. Put another way, there is no effect to the auto option where the contents of cpu_no_meltdown[] are changed and cpu_vulnerable_to_meltdown returns differently. The auto option does not make use of a determination of the X86_BUG_CPU_MELTDOWN state. This seems wrong to me. It does not seem correct to me for the auto option to have this duplication with a check for just X86_VENDOR_AMD. Regards, Nick
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi Arjan and Greg, Sorry if I am not being clear enough. My point is that there is a check for X86_VENDOR_AMD now in two places. It is still hardcoded for the auto boot option which I think should not be there. The patch on that basis looked incomplete to me. Put another way, there is no effect to the auto option where the contents of cpu_no_meltdown[] are changed and cpu_vulnerable_to_meltdown returns differently. The auto option does not make use of a determination of the X86_BUG_CPU_MELTDOWN state. This seems wrong to me. It does not seem correct to me for the auto option to have this duplication with a check for just X86_VENDOR_AMD. Regards, Nick
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
So, any hints on what you think should be the correct fix here? the patch sure looks correct to me, it now has a nice table for CPU IDs including all of AMD (and soon hopefully the existing Intel ones that are not exposed to meltdown)
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
So, any hints on what you think should be the correct fix here? the patch sure looks correct to me, it now has a nice table for CPU IDs including all of AMD (and soon hopefully the existing Intel ones that are not exposed to meltdown)
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 01:34:07PM +, Nick Lowe wrote: > Hi, > > This does not seem to have subsumed the AMD specific code in > > x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown > Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320 > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320 > > x86/kaiser: Check boottime cmdline params > Commit 8018307a45a90ab2eecfd03d48b7efb31707df37 > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37 > > Here, we can see: > > +skip: > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) > + goto disable; > > Refer to 4.9.81's kaiser.c > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81 > > Also 4.4.115's kaiser.c > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115 So, any hints on what you think should be the correct fix here? thanks, greg k-h
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
On Tue, Feb 13, 2018 at 01:34:07PM +, Nick Lowe wrote: > Hi, > > This does not seem to have subsumed the AMD specific code in > > x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown > Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320 > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320 > > x86/kaiser: Check boottime cmdline params > Commit 8018307a45a90ab2eecfd03d48b7efb31707df37 > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37 > > Here, we can see: > > +skip: > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) > + goto disable; > > Refer to 4.9.81's kaiser.c > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81 > > Also 4.4.115's kaiser.c > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115 So, any hints on what you think should be the correct fix here? thanks, greg k-h
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi, This does not seem to have subsumed the AMD specific code in x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320 x86/kaiser: Check boottime cmdline params Commit 8018307a45a90ab2eecfd03d48b7efb31707df37 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37 Here, we can see: +skip: + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) + goto disable; Refer to 4.9.81's kaiser.c https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81 Also 4.4.115's kaiser.c https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115 Cheers, Nick
Re: [PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
Hi, This does not seem to have subsumed the AMD specific code in x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown Commit a8799fd14d9f7f385a5a5c86cde247caf4bb0320 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.81=a8799fd14d9f7f385a5a5c86cde247caf4bb0320 x86/kaiser: Check boottime cmdline params Commit 8018307a45a90ab2eecfd03d48b7efb31707df37 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75=8018307a45a90ab2eecfd03d48b7efb31707df37 Here, we can see: +skip: + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) + goto disable; Refer to 4.9.81's kaiser.c https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.9.81 Also 4.4.115's kaiser.c https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/mm/kaiser.c?h=v4.4.115 Cheers, Nick
[PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse(cherry picked from commit fec9434a12f38d3aeafeb75711b71d8a1fdef621) Also, for CPUs which don't speculate at all, don't report that they're vulnerable to the Spectre variants either. Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it for now, even though that could be done with a simple comparison, on the assumption that we'll have more to add. Based on suggestions from Dave Hansen and Alan Cox. Signed-off-by: David Woodhouse Signed-off-by: Thomas Gleixner Reviewed-by: Greg Kroah-Hartman Reviewed-by: Borislav Petkov Acked-by: Dave Hansen Cc: gno...@lxorguk.ukuu.org.uk Cc: a...@linux.intel.com Cc: ashok@intel.com Cc: karah...@amazon.de Cc: ar...@linux.intel.com Cc: torva...@linux-foundation.org Cc: pet...@infradead.org Cc: b...@alien8.de Cc: pbonz...@redhat.com Cc: tim.c.c...@linux.intel.com Cc: gre...@linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-6-git-send-email-d...@amazon.co.uk Signed-off-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/common.c | 48 ++- 1 file changed, 43 insertions(+), 5 deletions(-) --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -44,6 +44,8 @@ #include #include #include +#include +#include #ifdef CONFIG_X86_LOCAL_APIC #include @@ -838,6 +840,41 @@ static void identify_cpu_without_cpuid(s #endif } +static const __initdata struct x86_cpu_id cpu_no_speculation[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT,X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW,X86_FEATURE_ANY }, + { X86_VENDOR_CENTAUR, 5 }, + { X86_VENDOR_INTEL, 5 }, + { X86_VENDOR_NSC, 5 }, + { X86_VENDOR_ANY, 4 }, + {} +}; + +static const __initdata struct x86_cpu_id cpu_no_meltdown[] = { + { X86_VENDOR_AMD }, + {} +}; + +static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c) +{ + u64 ia32_cap = 0; + + if (x86_match_cpu(cpu_no_meltdown)) + return false; + + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); + + /* Rogue Data Cache Load? No! */ + if (ia32_cap & ARCH_CAP_RDCL_NO) + return false; + + return true; +} + /* * Do minimum CPU detection early. * Fields really needed: vendor, cpuid_level, family, model, mask, @@ -884,11 +921,12 @@ static void __init early_identify_cpu(st setup_force_cpu_cap(X86_FEATURE_ALWAYS); - if (c->x86_vendor != X86_VENDOR_AMD) - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + if (!x86_match_cpu(cpu_no_speculation)) { + if (cpu_vulnerable_to_meltdown(c)) + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + } fpu__init_system(c);
[PATCH 4.9 43/92] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
4.9-stable review patch. If anyone has any objections, please let me know. -- From: David Woodhouse (cherry picked from commit fec9434a12f38d3aeafeb75711b71d8a1fdef621) Also, for CPUs which don't speculate at all, don't report that they're vulnerable to the Spectre variants either. Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it for now, even though that could be done with a simple comparison, on the assumption that we'll have more to add. Based on suggestions from Dave Hansen and Alan Cox. Signed-off-by: David Woodhouse Signed-off-by: Thomas Gleixner Reviewed-by: Greg Kroah-Hartman Reviewed-by: Borislav Petkov Acked-by: Dave Hansen Cc: gno...@lxorguk.ukuu.org.uk Cc: a...@linux.intel.com Cc: ashok@intel.com Cc: karah...@amazon.de Cc: ar...@linux.intel.com Cc: torva...@linux-foundation.org Cc: pet...@infradead.org Cc: b...@alien8.de Cc: pbonz...@redhat.com Cc: tim.c.c...@linux.intel.com Cc: gre...@linux-foundation.org Link: https://lkml.kernel.org/r/1516896855-7642-6-git-send-email-d...@amazon.co.uk Signed-off-by: David Woodhouse Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/common.c | 48 ++- 1 file changed, 43 insertions(+), 5 deletions(-) --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -44,6 +44,8 @@ #include #include #include +#include +#include #ifdef CONFIG_X86_LOCAL_APIC #include @@ -838,6 +840,41 @@ static void identify_cpu_without_cpuid(s #endif } +static const __initdata struct x86_cpu_id cpu_no_speculation[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT,X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW,X86_FEATURE_ANY }, + { X86_VENDOR_CENTAUR, 5 }, + { X86_VENDOR_INTEL, 5 }, + { X86_VENDOR_NSC, 5 }, + { X86_VENDOR_ANY, 4 }, + {} +}; + +static const __initdata struct x86_cpu_id cpu_no_meltdown[] = { + { X86_VENDOR_AMD }, + {} +}; + +static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c) +{ + u64 ia32_cap = 0; + + if (x86_match_cpu(cpu_no_meltdown)) + return false; + + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); + + /* Rogue Data Cache Load? No! */ + if (ia32_cap & ARCH_CAP_RDCL_NO) + return false; + + return true; +} + /* * Do minimum CPU detection early. * Fields really needed: vendor, cpuid_level, family, model, mask, @@ -884,11 +921,12 @@ static void __init early_identify_cpu(st setup_force_cpu_cap(X86_FEATURE_ALWAYS); - if (c->x86_vendor != X86_VENDOR_AMD) - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + if (!x86_match_cpu(cpu_no_speculation)) { + if (cpu_vulnerable_to_meltdown(c)) + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + } fpu__init_system(c);