Received: by 10.223.176.46 with SMTP id f43csp4539763wra; Tue, 23 Jan 2018 10:41:25 -0800 (PST) X-Google-Smtp-Source: AH8x224MsXhqoQm3x5DIrtXIiqMlhAcuz+VnVbonIE4mOzePr2N3SgabyhUj0IT54uIfDyBDKzOO X-Received: by 10.107.136.68 with SMTP id k65mr5152597iod.145.1516732885770; Tue, 23 Jan 2018 10:41:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516732885; cv=none; d=google.com; s=arc-20160816; b=lZY62t9ipTqeVD6JTmHkqQXFbroh1SFh5jYd2l4hHAg4sH1Qlwb5PBZGe5fGIISilb JM2L3pSXMQam6pktLtf2xjQe/saYmYhjQBpY4nmf/hhqF9MLDbJC1X3O80i7lMk8TD81 qlG5JSbfv52be+mqAuf7wSM5jEtAhxE4xBGh7vLndj208jcJc4j4/Loj4bVDHgJDbVa7 gdeNqUU3V+IHdHBmnhOHu6bTfZUE16AV1sJu28aAbEzZ+Q168HWR5x77k4KxDNrZFNc2 SpervFuH/YCvrSYpMs0Ion2bzJgf5qVcWfY2OQwooXLayQ9Ou7fxEphZ5O1thZ/PhHv5 az9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:arc-authentication-results; bh=C8CB/N8Lg9xWbWGnsiRUCcSWI36DixU0AflC1PKYim4=; b=Xi6VZSzuiUKOBzbhTbln0gKew16dsOAZSei99nWkGGa56D07aZiRft0u1aQLUEc7Wa eYsZdRqt5yxlAVYLgASWzfjsF8YlOFVXVRqcxyz3Z8Wmi9Pn0uLOEVwHmUaSPh9a+PE+ 0Yjh1ykahN+AungF8Ome1Xk8MXkbC85sSUIeCGb4AmUdy+oBasbiBmqqgDkHLeUPZ87/ w+IQtmTVlCQfPLsuDs7O+KEMjG6waWjrAEVdHrnnYGU5vFkXkti1ZYjovL0ElS+C+cMf pbSJ/Z2QhYnZGlgKX4X5L1tN0oRwuPj93SA3drcWqFyeBhavNjg74mP3JUQ7tKSyqcbH YKng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j63si8815711itb.37.2018.01.23.10.41.12; Tue, 23 Jan 2018 10:41:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752321AbeAWSkl (ORCPT + 99 others); Tue, 23 Jan 2018 13:40:41 -0500 Received: from mga05.intel.com ([192.55.52.43]:51858 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752004AbeAWSkj (ORCPT ); Tue, 23 Jan 2018 13:40:39 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Jan 2018 10:40:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,402,1511856000"; d="scan'208";a="12036333" Received: from ray.jf.intel.com (HELO [10.7.201.17]) ([10.7.201.17]) by orsmga007.jf.intel.com with ESMTP; 23 Jan 2018 10:40:34 -0800 Subject: Re: [PATCH v2 5/5] x86/pti: Do not enable PTI on fixed Intel processors To: David Woodhouse , arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, thomas.lendacky@amd.com References: <1516726375-25168-1-git-send-email-dwmw@amazon.co.uk> <1516726375-25168-6-git-send-email-dwmw@amazon.co.uk> From: Dave Hansen Message-ID: Date: Tue, 23 Jan 2018 10:40:33 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <1516726375-25168-6-git-send-email-dwmw@amazon.co.uk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/23/2018 08:52 AM, David Woodhouse wrote: > When they advertise the IA32_ARCH_CAPABILITIES MSR and it has the RDCL_NO > bit set, they don't need KPTI either. > > Signed-off-by: David Woodhouse > --- > arch/x86/kernel/cpu/common.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index e5d66e9..c05d0fe 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -900,8 +900,14 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) > > setup_force_cpu_cap(X86_FEATURE_ALWAYS); > > - if (c->x86_vendor != X86_VENDOR_AMD) > - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); > + if (c->x86_vendor != X86_VENDOR_AMD) { > + u64 ia32_cap = 0; > + > + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) > + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); > + if (!(ia32_cap & ARCH_CAP_RDCL_NO)) > + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); > + } I'd really rather we break this out into a nice, linear set of true/false conditions. bool early_cpu_vulnerable_meltdown(struct cpuinfo_x86 *c) { u64 ia32_cap = 0; /* AMD processors are not subject to Meltdown exploit: */ if (c->x86_vendor == X86_VENDOR_AMD) return false; /* Assume all remaining CPUs not enumerating are vulnerable: */ if (!cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) return true; /* * Does the CPU explicitly enumerate that it is not vulnerable * to Rogue Data Cache Load (aka Meltdown)? */ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); if (ia32_cap & ARCH_CAP_RDCL_NO) return false; /* Assume everything else is vulnerable */ return true; } Then we get a nice: if (early_cpu_vulnerable_meltdown(c)) setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); setup_force_cpu_bug(X86_BUG_SPECTRE_V1); setup_force_cpu_bug(X86_BUG_SPECTRE_V2); Which clearly shows that Meltdown is special.