Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 04f3b8beca
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0240-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch

0240-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 
  1. From 5462db3d070845ecc34929b6f25a87efda023aae Mon Sep 17 00:00:00 2001
    2. 

  2. From: Tom Lendacky <[email protected]>
    3. 

  3. Date: Tue, 26 Dec 2017 23:43:54 -0600
    4. 

  4. Subject: [PATCH 240/241] x86/cpu, x86/pti: Do not enable PTI on AMD processors
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. CVE-2017-5754
    10. 

  10. 

  11. AMD processors are not subject to the types of attacks that the kernel
    12. 

  12. page table isolation feature protects against.  The AMD microarchitecture
    13. 

  13. does not allow memory references, including speculative references, that
    14. 

  14. access higher privileged data when running in a lesser privileged mode
    15. 

  15. when that access would result in a page fault.
    16. 

  16. 

  17. Disable page table isolation by default on AMD processors by not setting
    18. 

  18. the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
    19. 

  19. is set.
    20. 

  20. 

  21. Signed-off-by: Tom Lendacky <[email protected]>
    22. 

  22. Signed-off-by: Thomas Gleixner <[email protected]>
    23. 

  23. Reviewed-by: Borislav Petkov <[email protected]>
    24. 

  24. Cc: Dave Hansen <[email protected]>
    25. 

  25. Cc: Andy Lutomirski <[email protected]>
    26. 

  26. Cc: [email protected]
    27. 

  27. Link: https://lkml.kernel.org/r/[email protected]
    28. 

  28. 

  29. (cherry picked from commit 694d99d40972f12e59a3696effee8a376b79d7c8)
    30. 

  30. Signed-off-by: Marcelo Henrique Cerri <[email protected]>
    31. 

  31. (cherry picked from commit 9d334f48f017b9c6457c6ba321e5a53a1cc6a5c7)
    32. 

  32. Signed-off-by: Fabian Grünbichler <[email protected]>
    33. 

  33. ---
    34. 

  34.  arch/x86/kernel/cpu/common.c | 4 ++--
    35. 

  35.  1 file changed, 2 insertions(+), 2 deletions(-)
    36. 

  36. 

  37. diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
    38. 

  38. index 99f37d1636ff..1854dd8071a6 100644
    39. 

  39. --- a/arch/x86/kernel/cpu/common.c
    40. 

  40. +++ b/arch/x86/kernel/cpu/common.c
    41. 

  41. @@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
    42. 

  42.  
    43. 

  43.  	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
    44. 

  44.  
    45. 

  45. -	/* Assume for now that ALL x86 CPUs are insecure */
    46. 

  46. -	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
    47. 

  47. +	if (c->x86_vendor != X86_VENDOR_AMD)
    48. 

  48. +		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
    49. 

  49.  
    50. 

  50.  	fpu__init_system(c);
    51. 

  51.  }
    52. 

  52. -- 
    53. 

  53. 2.14.2
    54. 

  54.