New Zhaoxin family 7 CPUs are not affected by SPECTRE_V2. So create
a separate cpu_vuln_whitelist flag bit NO_SPECTRE_V2 and add these
CPUs to the cpu vulnerability whitelist.
Signed-off-by: Tony W Wang-oc <[email protected]>
---
arch/x86/kernel/cpu/common.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 2e4d902..6048bd3 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1023,6 +1023,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
#define MSBDS_ONLY BIT(5)
#define NO_SWAPGS BIT(6)
#define NO_ITLB_MULTIHIT BIT(7)
+#define NO_SPECTRE_V2 BIT(8)
#define VULNWL(_vendor, _family, _model, _whitelist) \
{ X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
@@ -1084,6 +1085,10 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
/* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
+
+ /* Zhaoxin Family 7 */
+ VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2),
+ VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2),
{}
};
@@ -1116,7 +1121,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
return;
setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
- setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
+
+ if (!cpu_matches(NO_SPECTRE_V2))
+ setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
if (!cpu_matches(NO_SSB) && !(ia32_cap & ARCH_CAP_SSB_NO) &&
!cpu_has(c, X86_FEATURE_AMD_SSB_NO))
--
2.7.4
Tony,
Tony W Wang-oc <[email protected]> writes:
> @@ -1023,6 +1023,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
> #define MSBDS_ONLY BIT(5)
> #define NO_SWAPGS BIT(6)
> #define NO_ITLB_MULTIHIT BIT(7)
> +#define NO_SPECTRE_V2 BIT(8)
>
> #define VULNWL(_vendor, _family, _model, _whitelist) \
> { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
> @@ -1084,6 +1085,10 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
> /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
> VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
> VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
> +
> + /* Zhaoxin Family 7 */
> + VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2),
> + VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2),
> {}
> };
>
> @@ -1116,7 +1121,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
> return;
>
> setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
> - setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
> +
> + if (!cpu_matches(NO_SPECTRE_V2))
> + setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
That's way better. But as you might have noticed yourself this conflicts
with the other patch which excludes these machines from the SWAPGS bug.
Granted it's a trivial conflict, but maintainers are not there to mop up
the mess others create. So the right thing here is to resend both
patches as a patch series with the conflict properly resolved.
Thanks,
tglx
On Thu, Jan 16, 2020 at 06:09:27PM +0100, Thomas Gleixner wrote:
> So the right thing here is to resend both patches as a patch series
> with the conflict properly resolved.
And it is about time you started using --thread and --no-chain-reply-to
with git send-email so that your patchsets are properly threaded. See
the git-send-email(1) if something's still unclear.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On 17/01/2020 01:09, Thomas Gleixner wrote:
> Tony,
>
> Tony W Wang-oc <[email protected]> writes:
>
>> @@ -1023,6 +1023,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
>> #define MSBDS_ONLY BIT(5)
>> #define NO_SWAPGS BIT(6)
>> #define NO_ITLB_MULTIHIT BIT(7)
>> +#define NO_SPECTRE_V2 BIT(8)
>>
>> #define VULNWL(_vendor, _family, _model, _whitelist) \
>> { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist }
>> @@ -1084,6 +1085,10 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = {
>> /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */
>> VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
>> VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT),
>> +
>> + /* Zhaoxin Family 7 */
>> + VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2),
>> + VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2),
>> {}
>> };
>>
>> @@ -1116,7 +1121,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
>> return;
>>
>> setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
>> - setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
>> +
>> + if (!cpu_matches(NO_SPECTRE_V2))
>> + setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
>
> That's way better. But as you might have noticed yourself this conflicts
> with the other patch which excludes these machines from the SWAPGS bug.
>
> Granted it's a trivial conflict, but maintainers are not there to mop up
> the mess others create. So the right thing here is to resend both
> patches as a patch series with the conflict properly resolved.
>
Sorry for this conflict. Will resend these two patches as a patch set.
Sincerely
TonyWWang-oc
On 17/01/2020 02:07, Borislav Petkov wrote:
> On Thu, Jan 16, 2020 at 06:09:27PM +0100, Thomas Gleixner wrote:
>> So the right thing here is to resend both patches as a patch series
>> with the conflict properly resolved.
>
> And it is about time you started using --thread and --no-chain-reply-to
> with git send-email so that your patchsets are properly threaded. See
> the git-send-email(1) if something's still unclear.
>
Ok, will do like this.
Sincerely
TonyWWang-oc