Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors

From: Tom Lendacky
Date: Wed Dec 27 2017 - 09:47:52 EST

Next message: Mylene JOSSERAND: "Re: [PATCH 0/4] Sunxi: Add SMP support on A83T"
Previous message: Romain Porte: "Re: [PATCH v2] mtd: spi-nor: Added ISSI is25lp080d support"
In reply to: Dave Hansen: "Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/27/2017 2:48 AM, Dave Hansen wrote:
> On 12/26/2017 09:43 PM, Tom Lendacky wrote:
>> --- a/arch/x86/kernel/cpu/common.c
>> +++ b/arch/x86/kernel/cpu/common.c
>> @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
>>
>> setup_force_cpu_cap(X86_FEATURE_ALWAYS);
>>
>> - /* Assume for now that ALL x86 CPUs are insecure */
>> - setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
>> + if (c->x86_vendor != X86_VENDOR_AMD)
>> + setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
>
> Does this disable it in a way that it can be turned back on via the
> kernel command-line?
>

Yes, specifying pti=on on the command line will turn kernel page table
isolation on regardless of this setting.

Thanks,
Tom

> This is a rather wide class of issues and I would rather not just
> hard-code it in a way that we say one vendor has never and will never be
> affected.
>

Next message: Mylene JOSSERAND: "Re: [PATCH 0/4] Sunxi: Add SMP support on A83T"
Previous message: Romain Porte: "Re: [PATCH v2] mtd: spi-nor: Added ISSI is25lp080d support"
In reply to: Dave Hansen: "Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]