From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751141AbeAVLlt (ORCPT <rfc822;w@1wt.eu>);
        Mon, 22 Jan 2018 06:41:49 -0500
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:57566 "EHLO
        foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750886AbeAVLls (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Jan 2018 06:41:48 -0500
Date: Mon, 22 Jan 2018 11:41:55 +0000
From: Will Deacon <will.deacon@arm.com>
To: Jayachandran C <jnair@caviumnetworks.com>
Cc: Jon Masters <jcm@jonmasters.org>, marc.zyngier@arm.com,
        linux-arm-kernel@lists.infradead.org, lorenzo.pieralisi@arm.com,
        ard.biesheuvel@linaro.org, catalin.marinas@arm.com,
        linux-kernel@vger.kernel.org, labbott@redhat.com,
        christoffer.dall@linaro.org, suzuki.poulose@arm.com
Subject: Re: [PATCH v3 2/2] arm64: Turn on KPTI only on CPUs that need it
Message-ID: <20180122114155.GC15456@arm.com>
References: <20180118135354.GB20783@arm.com>
 <1516364568-95577-1-git-send-email-jnair@caviumnetworks.com>
 <1516364568-95577-2-git-send-email-jnair@caviumnetworks.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1516364568-95577-2-git-send-email-jnair@caviumnetworks.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jan 19, 2018 at 04:22:48AM -0800, Jayachandran C wrote:
> Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in
> unmap_kernel_at_el0(). These CPUs are not vulnerable to
> CVE-2017-5754 and do not need KPTI when KASLR is off.
> 
> Signed-off-by: Jayachandran C <jnair@caviumnetworks.com>
> ---
>  arch/arm64/kernel/cpufeature.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index 647d44b..fb698ca 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -866,6 +866,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
>  	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
>  		return true;
>  
> +	/* Don't force KPTI for CPUs that are not vulnerable */
> +	switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) {
> +	case MIDR_CAVIUM_THUNDERX2:
> +	case MIDR_BRCM_VULCAN:
> +		return false;
> +	}
> +
>  	/* Defer to CPU feature registers */
>  	return !cpuid_feature_extract_unsigned_field(pfr0,
>  						     ID_AA64PFR0_CSV3_SHIFT);

We'll need to re-jig this to work properly with big/little because this is
only called once, but that's ok for now:

Acked-by: Will Deacon <will.deacon@arm.com>

Suzuki has a series reworking much of the cpufeatures code so that we can
do this properly for 4.17.

Will