| 1 |
commit: af6d2cd183065421749cabe99946396185251214 |
| 2 |
Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Jan 4 00:18:58 2018 +0000 |
| 4 |
Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Jan 4 00:18:58 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=af6d2cd1 |
| 7 |
|
| 8 |
add patch x86/cpu, x86/pti: Do not enable PTI on AMD processors |
| 9 |
|
| 10 |
0000_README | 4 +++ |
| 11 |
1700_do_not_enable_PTI_on_AMD_processor.patch | 44 +++++++++++++++++++++++++++ |
| 12 |
2 files changed, 48 insertions(+) |
| 13 |
|
| 14 |
diff --git a/0000_README b/0000_README |
| 15 |
index c14881b..946c936 100644 |
| 16 |
--- a/0000_README |
| 17 |
+++ b/0000_README |
| 18 |
@@ -95,6 +95,10 @@ Patch: 1510_fs-enable-link-security-restrictions-by-default.patch |
| 19 |
From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ |
| 20 |
Desc: Enable link security restrictions by default. |
| 21 |
|
| 22 |
+Patch: 1700_do_not_enable_PTI_on_AMD_processor.patch |
| 23 |
+From: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/patch/?id=694d99d40972f12e59a3696effee8a376b79d7c8 |
| 24 |
+Desc: x86/cpu, x86/pti: Do not enable PTI on AMD processors. |
| 25 |
+ |
| 26 |
Patch: 2100_bcache-data-corruption-fix-for-bi-partno.patch |
| 27 |
From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6 |
| 28 |
Desc: bio: ensure __bio_clone_fast copies bi_partno. |
| 29 |
|
| 30 |
diff --git a/1700_do_not_enable_PTI_on_AMD_processor.patch b/1700_do_not_enable_PTI_on_AMD_processor.patch |
| 31 |
new file mode 100644 |
| 32 |
index 0000000..3069c4c |
| 33 |
--- /dev/null |
| 34 |
+++ b/1700_do_not_enable_PTI_on_AMD_processor.patch |
| 35 |
@@ -0,0 +1,44 @@ |
| 36 |
+From 694d99d40972f12e59a3696effee8a376b79d7c8 Mon Sep 17 00:00:00 2001 |
| 37 |
+From: Tom Lendacky <thomas.lendacky@×××.com> |
| 38 |
+Date: Tue, 26 Dec 2017 23:43:54 -0600 |
| 39 |
+Subject: x86/cpu, x86/pti: Do not enable PTI on AMD processors |
| 40 |
+ |
| 41 |
+AMD processors are not subject to the types of attacks that the kernel |
| 42 |
+page table isolation feature protects against. The AMD microarchitecture |
| 43 |
+does not allow memory references, including speculative references, that |
| 44 |
+access higher privileged data when running in a lesser privileged mode |
| 45 |
+when that access would result in a page fault. |
| 46 |
+ |
| 47 |
+Disable page table isolation by default on AMD processors by not setting |
| 48 |
+the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI |
| 49 |
+is set. |
| 50 |
+ |
| 51 |
+Signed-off-by: Tom Lendacky <thomas.lendacky@×××.com> |
| 52 |
+Signed-off-by: Thomas Gleixner <tglx@××××××××××.de> |
| 53 |
+Reviewed-by: Borislav Petkov <bp@××××.de> |
| 54 |
+Cc: Dave Hansen <dave.hansen@×××××××××××.com> |
| 55 |
+Cc: Andy Lutomirski <luto@××××××.org> |
| 56 |
+Cc: stable@×××××××××××.org |
| 57 |
+Link: https://lkml.kernel.org/r/20171227054354.20369.94587.stgit@×××××××××××××××××××××.net |
| 58 |
+--- |
| 59 |
+ arch/x86/kernel/cpu/common.c | 4 ++-- |
| 60 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
| 61 |
+ |
| 62 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
| 63 |
+index f2a94df..b1be494 100644 |
| 64 |
+--- a/arch/x86/kernel/cpu/common.c |
| 65 |
++++ b/arch/x86/kernel/cpu/common.c |
| 66 |
+@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) |
| 67 |
+ |
| 68 |
+ setup_force_cpu_cap(X86_FEATURE_ALWAYS); |
| 69 |
+ |
| 70 |
+- /* Assume for now that ALL x86 CPUs are insecure */ |
| 71 |
+- setup_force_cpu_bug(X86_BUG_CPU_INSECURE); |
| 72 |
++ if (c->x86_vendor != X86_VENDOR_AMD) |
| 73 |
++ setup_force_cpu_bug(X86_BUG_CPU_INSECURE); |
| 74 |
+ |
| 75 |
+ fpu__init_system(c); |
| 76 |
+ |
| 77 |
+-- |
| 78 |
+cgit v1.1 |
| 79 |
+ |
Archives