Received: by 10.223.176.46 with SMTP id f43csp1883847wra; Thu, 25 Jan 2018 01:25:27 -0800 (PST) X-Google-Smtp-Source: AH8x2269ve6m+agkGjq6eOUcJBn4+FSfwsKRp6EWZOH/zznUPcT06/rY6NlCbnXiTLKg63V0mSHL X-Received: by 10.101.70.201 with SMTP id n9mr7883877pgr.74.1516872327158; Thu, 25 Jan 2018 01:25:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516872327; cv=none; d=google.com; s=arc-20160816; b=NGfZU0GoEPsOhVAiIBzIXKbrwL0guZyDvu/YKMR+/Yccbbka4VmeLGe7PGxqYCFOvl GF8j+ME73Ntz61oHEel7Shk+NAv+I9Xbg8GPziypWT2PbU5/B3Nqmjtv9aNFTCgbeqZh nSWkonpRvA0UL0EVsCHKBblOo1OV4MBK5BUQL/P7EQNKCj1gpnWWpSucTAZdp5s+wJ7z WZ/ZlGY4pYVx+4S+hJac+xhl8wyFZwErs4YCFIUR8W05sFGyIXKZc71f3lZjDG0FF/hn iDo0nK8K4myCFtOcxi6L5sphbncj4xujgiQ/PWi6IVNBOS+D5JEfFszwriXjF8okUeMb Jqkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:to:from:dkim-signature:arc-authentication-results; bh=ZvZYs7DuyLJi1L3TH4HgrayTl5EcH5bkgTyZypWHH/Q=; b=OpaNgPo2K6k2fj9d8HqK115jUM0WgqkXGEgTAX34xvg4hzwKM4oXEYvhzBcyeJ/ZrM ilamKNLrtKJscu30P/4LZWGL8ZlurVlPZ3CEQeVLJ0Ry8O5jhj0qYvO3R6g2Ur4rZikf SKPNK+9lGgMq1k1ofiEP4SbRzAo7hKUTFva+U1otW2ivMoNGbNh5soCTNY05SMDIGpFU CiGomw4gyXAerLS4uO9l9+zvNl688lyrkjNzuBWTsOJW7pspSsMGeoxSrYvKW8OwrA3r t2a8/NhONnxjjKJUaihn7/wIiTg72CGpiPwuBjI2DUr8hBNacfy4XkoqKj8sWELJtlky 0Xvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=mKepDeil; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h16si4326677pfk.293.2018.01.25.01.25.13; Thu, 25 Jan 2018 01:25:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=mKepDeil; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751632AbeAYJYV (ORCPT + 99 others); Thu, 25 Jan 2018 04:24:21 -0500 Received: from smtp-fw-9102.amazon.com ([207.171.184.29]:48259 "EHLO smtp-fw-9102.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751612AbeAYJYT (ORCPT ); Thu, 25 Jan 2018 04:24:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazon201209; t=1516872258; x=1548408258; h=from:to:subject:date:message-id:in-reply-to:references; bh=ZvZYs7DuyLJi1L3TH4HgrayTl5EcH5bkgTyZypWHH/Q=; b=mKepDeila9zOvJMBee96b28nOB1srtLxaxu4gQvkoNoUEDb390OcK8Rg clpqFzgvgZtX8kbho/ZAe7pQqv1UQVd6MYyUa+VLipUzO/pIMgEgZhUvD yyCbnMugmaiNcztz4ilXSAIbDTM9bSm6TRwf5LZy0XRA1iWDtevJv/ORe w=; X-IronPort-AV: E=Sophos;i="5.46,411,1511827200"; d="scan'208";a="589778044" Received: from sea3-co-svc-lb6-vlan3.sea.amazon.com (HELO email-inbound-relay-1a-16acd5e0.us-east-1.amazon.com) ([10.47.22.38]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Jan 2018 09:24:16 +0000 Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-1a-16acd5e0.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id w0P9O4TW084879 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Jan 2018 09:24:09 GMT Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (localhost [127.0.0.1]) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w0P9O1D5017520; Thu, 25 Jan 2018 09:24:02 GMT Received: (from dwmw@localhost) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Submit) id w0P9Nxww017518; Thu, 25 Jan 2018 09:23:59 GMT From: David Woodhouse To: arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, dave.hansen@intel.com, gnomes@lxorguk.ukuu.org.uk, ashok.raj@intel.com, mingo@kernel.org Subject: [PATCH v4 5/7] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown Date: Thu, 25 Jan 2018 09:23:07 +0000 Message-Id: <1516872189-16577-6-git-send-email-dwmw@amazon.co.uk> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516872189-16577-1-git-send-email-dwmw@amazon.co.uk> References: <1516872189-16577-1-git-send-email-dwmw@amazon.co.uk> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Also, for CPUs which don't speculate at all, don't report that they're vulnerable to the Spectre variants either. Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it for now, even though that could be done with a simple comparison, on the assumption that we'll have more to add. Based on suggestions from Dave Hansen and Alan Cox. Signed-off-by: David Woodhouse Reviewed-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/common.c | 47 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e5d66e9..08c3efb 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -47,6 +47,8 @@ #include #include #include +#include +#include #ifdef CONFIG_X86_LOCAL_APIC #include @@ -853,6 +855,40 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) #endif } +static const __initdata struct x86_cpu_id cpu_no_speculation[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 5 }, + { X86_VENDOR_CENTAUR, 5 }, + { X86_VENDOR_ANY, 4 }, + {} +}; + +static const __initdata struct x86_cpu_id cpu_no_meltdown[] = { + { X86_VENDOR_AMD }, + {} +}; + +static bool __init early_cpu_vulnerable_meltdown(struct cpuinfo_x86 *c) +{ + u64 ia32_cap = 0; + + if (x86_match_cpu(cpu_no_meltdown)) + return false; + + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); + + /* Rogue Data Cache Load? No! */ + if (ia32_cap & ARCH_CAP_RDCL_NO) + return false; + + return true; +} + /* * Do minimum CPU detection early. * Fields really needed: vendor, cpuid_level, family, model, mask, @@ -900,11 +936,12 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) setup_force_cpu_cap(X86_FEATURE_ALWAYS); - if (c->x86_vendor != X86_VENDOR_AMD) - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + if (!x86_match_cpu(cpu_no_speculation)) { + if (early_cpu_vulnerable_meltdown(c)) + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + } fpu__init_system(c); -- 2.7.4