Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

From: Ivan Ivanov <qmastery16@gmail.com>
To: linux-kernel@vger.kernel.org, thomas.lendacky@amd.com
Subject: Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors
Date: Wed, 3 Jan 2018 14:07:30 +0300	[thread overview]
Message-ID: <CAAaskFBi5JuUBV8uZcJ=8aZ41EtVtj73OCv62mToXzvGgpT4rQ@mail.gmail.com> (raw)

Why this wonderful tiny patch by Tom Lendacky is still not merged? If
it is just Intel who made these insecure CPUs , for which this
"slowdown workaround" is required, ---> why the AMD CPU owners should
suffer from Intel's design faults ? " cpu_insecure " is Intel's
problem ; according to Tom Lendacky from AMD - AMD CPUs do not need
this "slowdown workaround" which is required for Intel CPUs. Please
merge this patch as soon as possible

Of course, the Intel employees would be happy to see this patch get
delayed or even not merged, because its a shame and bad reputation for
their company and products :
>
> I would rather not just hard-code it in a way that we say one vendor has never and will never be affected
>
> --- by Dave Hansen from Intel corporation
>

Luckily, according to LKML - a message with Tom's patch is the Top
Hottest Message viewed ! The fate of this patch is being closely
monitored by the people all over the world, and hopefully the Linux
community will not allow any injustice to happen

On Tue, Dec 26, 2017 at 11:43:54PM -0600, Tom Lendacky wrote:
> AMD processors are not subject to the types of attacks that the kernel
> page table isolation feature protects against.  The AMD microarchitecture
> does not allow memory references, including speculative references, that
> access higher privileged data when running in a lesser privileged mode
> when that access would result in a page fault.
>
> Disable page table isolation by default on AMD processors by not setting
> the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
> is set.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  arch/x86/kernel/cpu/common.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index c47de4e..7d9e3b0 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
>
>   setup_force_cpu_cap(X86_FEATURE_ALWAYS);
>
> - /* Assume for now that ALL x86 CPUs are insecure */
> - setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
> + if (c->x86_vendor != X86_VENDOR_AMD)
> + setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
>
>   fpu__init_system(c);

Reviewed-by: Ivan Ivanov <qmastery16@gmail.com>

Best regards,
Ivan Ivanov,
coreboot project developer
and open-source enthusiast