From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x224tSj5jUhlCwKfCI9RtMr/xF7MYgYlmb81shM5REVYLGu0HGwuHxm/usLTSSAGzv/KKrdft ARC-Seal: i=1; a=rsa-sha256; t=1516896891; cv=none; d=google.com; s=arc-20160816; b=oOKA5ksnJ8rdYJwIot44n9bULrzJSUW4VGDRy0l5TaQOQ6NaIujhQdCs/yewiWxesv LI9jPtzhGsqmErEMtb3Z0OePX5vZN4Ni8Fu/fwe+6+vQCvaNa0Cdz94cSbjSK6nRmUf8 nGFm840c0fPAF/ax8EUKxWl1X9JaPGwpUgpUgk7yYp5pRnFa06mpv62P/UBZCD0BZ/l3 aJeceoV4bJuhuiS4ocI8PR1/f6OEPhCfmw5VVZQdsxYjjCEqVGda78KVqunAyTG1xEBJ k8pnQTcsdHsob/lr0DwXtFX+qmGVCIXLTVRipypajOr8MKITLbc+WcpOlsySQhZpBHF6 t+FA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-authentication-results; bh=RDPoApF9/FKdSjUpu89A4sZ09DwVuMB8b47F8Ld0D+M=; b=qtNBarGyMdvIlfhCJ/viP7bPh+ka4NACj49WuDj4vyc64PoUao/llSdPf5YBXkD6CV LdaWqe84eOtIAXHlJe6hx+bj8ctKBPkkxtt2lukQvsi3EkvPDlGpTE6nXlVZe7R26xbw XZRroJsm4G9hbMuYKqv9MQNnC5iWwIayV89qHSSv7CVOGy0vg/jciT6HiNf1OXQ2F688 WjmSlBYFQ4DVNMH4e1EM9xAF9TvnyqC7OpMalKwNZjvKhFSFtWJ+Q53FP905Kmcpzgg9 IHPxxJWcqn6rF5D5RMwSX982N71UX8zNn3zQtCc40zh62Zi7LyRnR1btg8tYLxt5x03L zjmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=tlO/Ryb2; spf=pass (google.com: domain of prvs=556dd1d58=dwmw@amazon.com designates 52.95.49.90 as permitted sender) smtp.mailfrom=prvs=556dd1d58=dwmw@amazon.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=tlO/Ryb2; spf=pass (google.com: domain of prvs=556dd1d58=dwmw@amazon.com designates 52.95.49.90 as permitted sender) smtp.mailfrom=prvs=556dd1d58=dwmw@amazon.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk X-IronPort-AV: E=Sophos;i="5.46,412,1511827200"; d="scan'208";a="329131866" From: David Woodhouse To: arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, dave.hansen@intel.com, gnomes@lxorguk.ukuu.org.uk, ashok.raj@intel.com, mingo@kernel.org Subject: [PATCH v5 5/7] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown Date: Thu, 25 Jan 2018 16:14:13 +0000 Message-Id: <1516896855-7642-6-git-send-email-dwmw@amazon.co.uk> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516896855-7642-1-git-send-email-dwmw@amazon.co.uk> References: <1516896855-7642-1-git-send-email-dwmw@amazon.co.uk> X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590581674274638091?= X-GMAIL-MSGID: =?utf-8?q?1590581674274638091?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: Also, for CPUs which don't speculate at all, don't report that they're vulnerable to the Spectre variants either. Leave the cpu_no_meltdown[] match table with just X86_VENDOR_AMD in it for now, even though that could be done with a simple comparison, on the assumption that we'll have more to add. Based on suggestions from Dave Hansen and Alan Cox. Signed-off-by: David Woodhouse Reviewed-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/common.c | 48 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e5d66e9..32650c7 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -47,6 +47,8 @@ #include #include #include +#include +#include #ifdef CONFIG_X86_LOCAL_APIC #include @@ -853,6 +855,41 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) #endif } +static const __initdata struct x86_cpu_id cpu_no_speculation[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CEDARVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_CLOVERVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_LINCROFT, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PENWELL, X86_FEATURE_ANY }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_PINEVIEW, X86_FEATURE_ANY }, + { X86_VENDOR_CENTAUR, 5 }, + { X86_VENDOR_INTEL, 5 }, + { X86_VENDOR_NSC, 5 }, + { X86_VENDOR_ANY, 4 }, + {} +}; + +static const __initdata struct x86_cpu_id cpu_no_meltdown[] = { + { X86_VENDOR_AMD }, + {} +}; + +static bool __init early_cpu_vulnerable_meltdown(struct cpuinfo_x86 *c) +{ + u64 ia32_cap = 0; + + if (x86_match_cpu(cpu_no_meltdown)) + return false; + + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); + + /* Rogue Data Cache Load? No! */ + if (ia32_cap & ARCH_CAP_RDCL_NO) + return false; + + return true; +} + /* * Do minimum CPU detection early. * Fields really needed: vendor, cpuid_level, family, model, mask, @@ -900,11 +937,12 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) setup_force_cpu_cap(X86_FEATURE_ALWAYS); - if (c->x86_vendor != X86_VENDOR_AMD) - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); - - setup_force_cpu_bug(X86_BUG_SPECTRE_V1); - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + if (!x86_match_cpu(cpu_no_speculation)) { + if (early_cpu_vulnerable_meltdown(c)) + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); + setup_force_cpu_bug(X86_BUG_SPECTRE_V1); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + } fpu__init_system(c); -- 2.7.4