Received: by 10.223.176.46 with SMTP id f43csp4567181wra; Tue, 23 Jan 2018 11:05:14 -0800 (PST) X-Google-Smtp-Source: AH8x225b3ExTNN+1Mi+ANjYyvIBhPQOD63Nn/nOb1sPC0ojMH9pTKCJ4R1Ig3hyMIQM8pfMHxH+h X-Received: by 10.107.85.2 with SMTP id j2mr5266416iob.82.1516734284209; Tue, 23 Jan 2018 11:04:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516734284; cv=none; d=google.com; s=arc-20160816; b=SNIZp9c5k0AJTDS7qGdaf5rS6H55hGCNknyQJ2+ts5lJ/4nQQpmDujwTPUcZjodBDl NCaPKWPJ/xmaJrTeho8bA4gJXQbOd6NXXl8Fn01LE02Rhf2vHYd9Ujp3IvxhPfqoF45B Wj9sv/7QgsFYVg7F69UlMQQMuUQqZG0Bkg2fLk2lui7uZj1WaOsZJsoMeAJQpc3fKMWR mVl5DFtFdv4Ke9roBTuAlNDFHUffp279yjemXU0qod7jtMk+kbAwqn4s5cMNDmzCZ4Cq i3QBWVNXDZC8ZoBDA9Ho8/1qklPGzd8L7h7xmZBKwU8+ggMkrr/CfzemLWnwIjmj2RTR pbSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=Jj60HUufq9QN3bqDHQjTL8qJ0XzcjwQkOAGt68m6C1Y=; b=Hu1ZYb/4f+gPqEFZ1JqHpgsRfDcQaTqNOhTOgP9GlBRyf+FHZccbqWQK/cVh0Fcna8 scdVS5SQ89QTI0VV36l7LwXlOoqQtHSEIOIyH+/HggSv4UD51S7izqZWKLEM3li8Ynoy B3oOUpeXv+ZsPAWIccdjE+vopqKXrla7E0q1HOrQdvNgyuRD3Vw9x5gfbey7NIljXv7S d+T4x7aB1JF66btum99xfJ3ievnyOgPC89lNsIC1amW18b1OXSJ0o26cd///uAvGnb2M l+OCEnnz8rPC2i/8lwhdxVpEBaiebg50djNC2VP9Hwn95vA7UyjOPUpLXbhbji9RCre5 I8nA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j78si8935241itj.85.2018.01.23.11.04.31; Tue, 23 Jan 2018 11:04:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751963AbeAWTEH (ORCPT + 99 others); Tue, 23 Jan 2018 14:04:07 -0500 Received: from smtp.ctxuk.citrix.com ([185.25.65.24]:15408 "EHLO SMTP.EU.CITRIX.COM" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751897AbeAWTEG (ORCPT ); Tue, 23 Jan 2018 14:04:06 -0500 X-IronPort-AV: E=Sophos;i="5.46,402,1511827200"; d="scan'208";a="66545111" Subject: Re: [PATCH v2 5/5] x86/pti: Do not enable PTI on fixed Intel processors To: Alan Cox , David Woodhouse CC: References: <1516726375-25168-1-git-send-email-dwmw@amazon.co.uk> <1516726375-25168-6-git-send-email-dwmw@amazon.co.uk> <20180123173312.1d8cf02f@alans-desktop> From: Andrew Cooper Message-ID: Date: Tue, 23 Jan 2018 19:02:51 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180123173312.1d8cf02f@alans-desktop> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Language: en-GB X-ClientProxiedBy: AMSPEX02CAS01.citrite.net (10.69.22.112) To AMSPEX02CL02.citrite.net (10.69.22.126) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23/01/18 18:45, Alan Cox wrote: > On Tue, 23 Jan 2018 16:52:55 +0000 > David Woodhouse wrote: > >> When they advertise the IA32_ARCH_CAPABILITIES MSR and it has the RDCL_NO >> bit set, they don't need KPTI either. > This is starting to get messy because we will eventually need to integrate > > AMD processors - no meltdown but spectre > VIA processors - probably no vulnerabilities at > least on the old ones > Intel with ND set - No meltdown > Anybody with no speculation - No meltdown, no spectre, no id bit > > > > and it expands a lot with all sorts of 32bit processors. Would it make > more sense to make it table driven or do we want a separate function so > we can do: > > if (!in_order_cpu()) { > } > > around the whole lot ? I'm guessing the latter makes sense then > somethhing like this patch I'm running on my old atom widgets in 64bit > mode > > static __initdata struct x86_cpu_id cpu_in_order[] = { > { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, > { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, > { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY }, > { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, > { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY }, > {} > }; > > static int in_order_cpu(void) > { > /* Processors with CPU id etc */ > if (x86_match_cpu(cpu_in_order)) > return 1; > /* Other rules here */ > return 0; > } Why does in-order vs out-of-order matter? There are leaky SP3 gadgets which satisfy in-order requirements, so long as the processor is capable of speculating 3 instructions past an unresolved branch. What would (at a guess) save an in-order speculative processor from being vulnerable is if memory reads are issued and resolve in program order, but in that case, it is not the in-order property of the processor which makes it safe. ~Andrew