From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x2275GyPUX+vgs3rGf8AFR5irMnFpdnyL3iac5PkR6JwY/Uy9sX6OgdSp4vs41NkiJf5G1Bcr ARC-Seal: i=1; a=rsa-sha256; t=1516732847; cv=none; d=google.com; s=arc-20160816; b=nLDOZ4DdSP/FEMPBvelghrC9CqOOURvyJaArdvBEs2Iun0FuTjFXrMF2LrzwjdPMWH sy4v04pNtXCWJ+fhKlHRBnbySMKEG3YkohUU0P/Lv++4xLwmAg/9e19Nio5pyvmbCH7s Seqa6ut4iLC+ixYA4QYkfBJcA6J1+DLQIddiBMa58gru2QdJYujxS4uC+IrXFb2fRXxT OSok1vkJbFGR1S9bsV3dnq54Nyz5Z0L0QS1j2xpVQzXq7Jtz3rAWEIdie9DUW+1R5zTY k5rJa5e5Q64VLI7bqaZen+rKJTXxnL9PforKO0kAJHJtcUPvRGlOmYt+lvjJlpdTSb2c YpHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject :arc-authentication-results; bh=C8CB/N8Lg9xWbWGnsiRUCcSWI36DixU0AflC1PKYim4=; b=EoMra5XhuuEormumMFhKHaXGO1JQ7V3qFnmSslKN19+9Xon0QzCKgo928IoBUfDCL7 p12Ohew6Q+OtZxcrQrxbyqd1npWPPk/1fAjyOuekb9qgbw/eOBfNO68gm5ti8ongVc9n dhTOVkBEypqaULTqiZBH6hMC8Zrcy+gpMqVpY8h9t3XW4jmxvQ8KA9XFoCt0nLux70rC KJiZWgwJPuSMQ6kW6TdmIoyAIivMTXZaMnb9m05vvziAxN3e0KHgMo7UyLAas8o4Shqa jhxSS3+2XB+Dn2wtZkTdfqoidt7LKXMqw/54YLbU3hePj0JUPlPJxU2humqIknoG5xXJ lUSA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dave.hansen@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=dave.hansen@intel.com Authentication-Results: mx.google.com; spf=pass (google.com: domain of dave.hansen@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=dave.hansen@intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,402,1511856000"; d="scan'208";a="12036333" Subject: Re: [PATCH v2 5/5] x86/pti: Do not enable PTI on fixed Intel processors To: David Woodhouse , arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, thomas.lendacky@amd.com References: <1516726375-25168-1-git-send-email-dwmw@amazon.co.uk> <1516726375-25168-6-git-send-email-dwmw@amazon.co.uk> From: Dave Hansen Message-ID: Date: Tue, 23 Jan 2018 10:40:33 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <1516726375-25168-6-git-send-email-dwmw@amazon.co.uk> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590402913825670017?= X-GMAIL-MSGID: =?utf-8?q?1590409662161224333?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: On 01/23/2018 08:52 AM, David Woodhouse wrote: > When they advertise the IA32_ARCH_CAPABILITIES MSR and it has the RDCL_NO > bit set, they don't need KPTI either. > > Signed-off-by: David Woodhouse > --- > arch/x86/kernel/cpu/common.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index e5d66e9..c05d0fe 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -900,8 +900,14 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) > > setup_force_cpu_cap(X86_FEATURE_ALWAYS); > > - if (c->x86_vendor != X86_VENDOR_AMD) > - setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); > + if (c->x86_vendor != X86_VENDOR_AMD) { > + u64 ia32_cap = 0; > + > + if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) > + rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); > + if (!(ia32_cap & ARCH_CAP_RDCL_NO)) > + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); > + } I'd really rather we break this out into a nice, linear set of true/false conditions. bool early_cpu_vulnerable_meltdown(struct cpuinfo_x86 *c) { u64 ia32_cap = 0; /* AMD processors are not subject to Meltdown exploit: */ if (c->x86_vendor == X86_VENDOR_AMD) return false; /* Assume all remaining CPUs not enumerating are vulnerable: */ if (!cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES)) return true; /* * Does the CPU explicitly enumerate that it is not vulnerable * to Rogue Data Cache Load (aka Meltdown)? */ rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap); if (ia32_cap & ARCH_CAP_RDCL_NO) return false; /* Assume everything else is vulnerable */ return true; } Then we get a nice: if (early_cpu_vulnerable_meltdown(c)) setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); setup_force_cpu_bug(X86_BUG_SPECTRE_V1); setup_force_cpu_bug(X86_BUG_SPECTRE_V2); Which clearly shows that Meltdown is special.