On Tue, Dec 26, 2017 at 11:43:54PM -0600, Tom Lendacky wrote:
> AMD processors are not subject to the types of attacks that the kernel
> page table isolation feature protects against. The AMD microarchitecture
> does not allow memory references, including speculative references, that
> access higher privileged data when running in a lesser privileged mode
> when that access would result in a page fault.
>
> Disable page table isolation by default on AMD processors by not setting
> the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
> is set.
>
> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
> ---
> arch/x86/kernel/cpu/common.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index c47de4e..7d9e3b0 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86
> *c)
>
> setup_force_cpu_cap(X86_FEATURE_ALWAYS);
>
> - /* Assume for now that ALL x86 CPUs are insecure */
> - setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
> + if (c->x86_vendor != X86_VENDOR_AMD)
> + setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
>
> fpu__init_system(c);
Reviewed-by: Borislav Petkov <b...@suse.de>
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)
--
