]>
Commit | Line | Data |
---|---|---|
76ec7e59 | 1 | From 309461b2f634fc18271468b4396551ddf6a1dba8 Mon Sep 17 00:00:00 2001 |
04f3b8be FG |
2 | From: Tom Lendacky <thomas.lendacky@amd.com> |
3 | Date: Tue, 26 Dec 2017 23:43:54 -0600 | |
4 | Subject: [PATCH 240/241] x86/cpu, x86/pti: Do not enable PTI on AMD processors | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | AMD processors are not subject to the types of attacks that the kernel | |
12 | page table isolation feature protects against. The AMD microarchitecture | |
13 | does not allow memory references, including speculative references, that | |
14 | access higher privileged data when running in a lesser privileged mode | |
15 | when that access would result in a page fault. | |
16 | ||
17 | Disable page table isolation by default on AMD processors by not setting | |
18 | the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI | |
19 | is set. | |
20 | ||
21 | Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> | |
22 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
23 | Reviewed-by: Borislav Petkov <bp@suse.de> | |
24 | Cc: Dave Hansen <dave.hansen@linux.intel.com> | |
25 | Cc: Andy Lutomirski <luto@kernel.org> | |
26 | Cc: stable@vger.kernel.org | |
27 | Link: https://lkml.kernel.org/r/20171227054354.20369.94587.stgit@tlendack-t1.amdoffice.net | |
28 | ||
29 | (cherry picked from commit 694d99d40972f12e59a3696effee8a376b79d7c8) | |
30 | Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com> | |
31 | (cherry picked from commit 9d334f48f017b9c6457c6ba321e5a53a1cc6a5c7) | |
32 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
33 | --- | |
34 | arch/x86/kernel/cpu/common.c | 4 ++-- | |
35 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
36 | ||
37 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | |
38 | index 99f37d1636ff..1854dd8071a6 100644 | |
39 | --- a/arch/x86/kernel/cpu/common.c | |
40 | +++ b/arch/x86/kernel/cpu/common.c | |
41 | @@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) | |
42 | ||
43 | setup_force_cpu_cap(X86_FEATURE_ALWAYS); | |
44 | ||
45 | - /* Assume for now that ALL x86 CPUs are insecure */ | |
46 | - setup_force_cpu_bug(X86_BUG_CPU_INSECURE); | |
47 | + if (c->x86_vendor != X86_VENDOR_AMD) | |
48 | + setup_force_cpu_bug(X86_BUG_CPU_INSECURE); | |
49 | ||
50 | fpu__init_system(c); | |
51 | } | |
52 | -- | |
53 | 2.14.2 | |
54 |