Received: by 10.223.176.46 with SMTP id f43csp2329957wra; Thu, 25 Jan 2018 08:15:39 -0800 (PST) X-Google-Smtp-Source: AH8x226woBMvl+osN3QEfl91s3XCX6GOgzLMPhimtlbYAXm+Ouv+WOCPbLQAfOF/7wV5olCfb5fo X-Received: by 2002:a17:902:1682:: with SMTP id h2-v6mr11496358plh.116.1516896938989; Thu, 25 Jan 2018 08:15:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516896938; cv=none; d=google.com; s=arc-20160816; b=DvMt5h2OfImnHqZgmbP2XdE9tiNbN7sFRSLskPN4NzcvLs2Y79UnLGdKFC1rR7r8Fb d9PAsyozRZrQjocRq2I+QgUBtf5ksMrAF0NBUytxlggr+H9w+mv/covSEz5UB/QIuD+3 sDfD+hkBWAjFVzneM0cIh+xLXuUC7nj2/iy9BGQLtnheGFRlrNPA0ynd467V68Y/O9fd dyxWKUx63wrYxj7c8eHM+qBm+d0CfFUDHKZE2D8Ii2+HOrQNqg4lPeV6Tr/ZVhe7xb7C BHZDb3dchG9A66AOEIvDBT1T6vAcxeIylbVqfwhHPkggaP7yXEBZ7Sn59ykEaFhAeDzz 4TKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:to:from:dkim-signature:arc-authentication-results; bh=RDPoApF9/FKdSjUpu89A4sZ09DwVuMB8b47F8Ld0D+M=; b=xBYt/iMYsi8+IRVrKcedx40DKGDmS3PWVTxg1FQ1SZOAjFcX+PZe/ceoAibqTlm3QI vsS+ImRj/G0mmQGHW/QX7U3Kf6EHKrhTlORW3GqwDdKZ6jLQW414wl/AxHcEcUmI5XUw 0+wn/F+jykZZKyBZ/h7WeS3ynCKUk5HmEUePzSa8Hen78UX7D1VNHBnmIroC/NDraj7V XOidMXX49fXr1rF+n0BmxSNXq5ImZB1/UgV4egKi3nbWhAWJCcVYTDInS8vegFewk8Nd 1K3Q8/SDBEFC5+j//5GXq9bgzFxYzlV97bKMkSFIFxkB8jDRVB3FK5k89qMA0QR75MbT ABOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=tlO/Ryb2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e16-v6si2168798pli.588.2018.01.25.08.15.24; Thu, 25 Jan 2018 08:15:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=tlO/Ryb2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751375AbeAYQOx (ORCPT + 99 others); Thu, 25 Jan 2018 11:14:53 -0500 Received: from smtp-fw-6002.amazon.com ([52.95.49.90]:4132 "EHLO smtp-fw-6002.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751340AbeAYQOv (ORCPT ); Thu, 25 Jan 2018 11:14:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazon201209; t=1516896891; x=1548432891; h=from:to:subject:date:message-id:in-reply-to:references; bh=RDPoApF9/FKdSjUpu89A4sZ09DwVuMB8b47F8Ld0D+M=; b=tlO/Ryb21fKmSTRq9e9vYLO5K8ojHJq91c1zygJlPei4cJQdUBNDy5TL pggv50o2SbFFuFoIyja3Hse3O3/tSBl+MO1SxljgkA9z19qjDui/uT/Gv qLOHMIxbB+cuh50qsH+2N+FCYNfvr1E4iGnv/QiIveKW6l+UrpPlLN8gz g=; X-IronPort-AV: E=Sophos;i="5.46,412,1511827200"; d="scan'208";a="329131866" Received: from iad6-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1e-a70de69e.us-east-1.amazon.com) ([10.124.125.6]) by smtp-border-fw-out-6002.iad6.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Jan 2018 16:14:43 +0000 Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (iad1-ws-svc-lb91-vlan2.amazon.com [10.0.103.146]) by email-inbound-relay-1e-a70de69e.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id w0PGEZEH057882 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Jan 2018 16:14:38 GMT Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (localhost [127.0.0.1]) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w0PGEXSj008088; Thu, 25 Jan 2018 16:14:33 GMT Received: (from dwmw@localhost) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Submit) id w0PGEW1I008086; Thu, 25 Jan 2018 16:14:32 GMT From: David Woodhouse To: arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, dave.hansen@intel.com, gnomes@lxorguk.ukuu.org.uk, ashok.raj@intel.com, mingo@kernel.org Subject: [PATCH v5 5/7] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown Date: Thu, 25 Jan 2018 16:14:13 +0000 Message-Id: <1516896855-7642-6-git-send-email-dwmw@amazon.co.uk> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516896855-7642-1-git-send-email-dwmw@amazon.co.uk> References: <1516896855-7642-1-git-send-email-dwmw@amazon.co.uk> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Also, for CPUs which don't speculate at all, don't report that they're vulnerable to the Spectre variants either. Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it for now, even though that could be done with a simple comparison, on the assumption that we'll have more to add. Based on suggestions from Dave Hansen and Alan Cox. Signed-off-by: David Woodhouse Reviewed-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/common.c | 48 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e5d66e9..32650c7 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -47,6 +47,8 @@ #include #include #include +#include +#include #ifdef CONFIG_X86_LOCAL_APIC #include @@ -853,6 +855,41 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) #endif } +static const __initdata struct x86_cpu_id cpu_no_speculation[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_CENTAUR, 5 }, + { X86_VENDOR_INTEL, 5 }, + { X86_VENDOR_NSC, 5 }, + { X86_VENDOR_ANY, 4 }, + {} +}; + +static const __initdata struct x86_cpu_id cpu_no_meltdown[] = { + { X86_VENDOR_AMD }, + {} +}; + +static bool __init early_cpu_vulnerable_meltdown(struct cpuinfo_x86 *c) +{ + u64 ia32_cap = 0; + + if (x86_match_cpu(cpu_no_meltdown)) + return false; + + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); + + /* Rogue Data Cache Load? No! */ + if (ia32_cap & ARCH_CAP_RDCL_NO) + return false; + + return true; +} + /* * Do minimum CPU detection early. * Fields really needed: vendor, cpuid_level, family, model, mask, @@ -900,11 +937,12 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) setup_force_cpu_cap(X86_FEATURE_ALWAYS); - if (c->x86_vendor != X86_VENDOR_AMD) - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + if (!x86_match_cpu(cpu_no_speculation)) { + if (early_cpu_vulnerable_meltdown(c)) + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + } fpu__init_system(c); -- 2.7.4