Author: emaste Date: Fri Jan 19 15:42:34 2018 New Revision: 328166 URL: https://svnweb.freebsd.org/changeset/base/328166
Log: Enable KPTI by default on amd64 for non-AMD CPUs Kernel Page Table Isolation (KPTI) was introduced in r328083 as a mitigation for the 'Meltdown' vulnerability. AMD CPUs are not affected, per https://www.amd.com/en/corporate/speculative-execution: We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required. Thus default KPTI to off for AMD CPUs, and to on for others. This may be refined later as we obtain more specific information on the sets of CPUs that are and are not affected. Submitted by: Mitchell Horne Reviewed by: cem Relnotes: Yes Security: CVE-2017-5754 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D13971 Modified: head/sys/amd64/amd64/machdep.c head/sys/x86/include/x86_var.h head/sys/x86/x86/identcpu.c Modified: head/sys/amd64/amd64/machdep.c ============================================================================== --- head/sys/amd64/amd64/machdep.c Fri Jan 19 15:32:27 2018 (r328165) +++ head/sys/amd64/amd64/machdep.c Fri Jan 19 15:42:34 2018 (r328166) @@ -1621,6 +1621,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree) mtx_init(&dt_lock, "descriptor tables", NULL, MTX_DEF); /* exceptions */ + pti = pti_get_default(); TUNABLE_INT_FETCH("vm.pmap.pti", &pti); for (x = 0; x < NIDT; x++) Modified: head/sys/x86/include/x86_var.h ============================================================================== --- head/sys/x86/include/x86_var.h Fri Jan 19 15:32:27 2018 (r328165) +++ head/sys/x86/include/x86_var.h Fri Jan 19 15:42:34 2018 (r328166) @@ -136,6 +136,7 @@ void nmi_call_kdb_smp(u_int type, struct trapframe *fr void nmi_handle_intr(u_int type, struct trapframe *frame); void pagecopy(void *from, void *to); void printcpuinfo(void); +int pti_get_default(void); int user_dbreg_trap(void); int minidumpsys(struct dumperinfo *); struct pcb *get_pcb_td(struct thread *td); Modified: head/sys/x86/x86/identcpu.c ============================================================================== --- head/sys/x86/x86/identcpu.c Fri Jan 19 15:32:27 2018 (r328165) +++ head/sys/x86/x86/identcpu.c Fri Jan 19 15:42:34 2018 (r328166) @@ -1608,6 +1608,16 @@ finishidentcpu(void) #endif } +int +pti_get_default(void) +{ + + if (strcmp(cpu_vendor, AMD_VENDOR_ID) == 0) + return (0); + + return (1); +} + static u_int find_cpu_vendor_id(void) { _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
