1 |
commit: af6d2cd183065421749cabe99946396185251214 |
2 |
Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jan 4 00:18:58 2018 +0000 |
4 |
Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jan 4 00:18:58 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=af6d2cd1 |
7 |
|
8 |
add patch x86/cpu, x86/pti: Do not enable PTI on AMD processors |
9 |
|
10 |
0000_README | 4 +++ |
11 |
1700_do_not_enable_PTI_on_AMD_processor.patch | 44 +++++++++++++++++++++++++++ |
12 |
2 files changed, 48 insertions(+) |
13 |
|
14 |
diff --git a/0000_README b/0000_README |
15 |
index c14881b..946c936 100644 |
16 |
--- a/0000_README |
17 |
+++ b/0000_README |
18 |
@@ -95,6 +95,10 @@ Patch: 1510_fs-enable-link-security-restrictions-by-default.patch |
19 |
From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ |
20 |
Desc: Enable link security restrictions by default. |
21 |
|
22 |
+Patch: 1700_do_not_enable_PTI_on_AMD_processor.patch |
23 |
+From: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/patch/?id=694d99d40972f12e59a3696effee8a376b79d7c8 |
24 |
+Desc: x86/cpu, x86/pti: Do not enable PTI on AMD processors. |
25 |
+ |
26 |
Patch: 2100_bcache-data-corruption-fix-for-bi-partno.patch |
27 |
From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6 |
28 |
Desc: bio: ensure __bio_clone_fast copies bi_partno. |
29 |
|
30 |
diff --git a/1700_do_not_enable_PTI_on_AMD_processor.patch b/1700_do_not_enable_PTI_on_AMD_processor.patch |
31 |
new file mode 100644 |
32 |
index 0000000..3069c4c |
33 |
--- /dev/null |
34 |
+++ b/1700_do_not_enable_PTI_on_AMD_processor.patch |
35 |
@@ -0,0 +1,44 @@ |
36 |
+From 694d99d40972f12e59a3696effee8a376b79d7c8 Mon Sep 17 00:00:00 2001 |
37 |
+From: Tom Lendacky <thomas.lendacky@×××.com> |
38 |
+Date: Tue, 26 Dec 2017 23:43:54 -0600 |
39 |
+Subject: x86/cpu, x86/pti: Do not enable PTI on AMD processors |
40 |
+ |
41 |
+AMD processors are not subject to the types of attacks that the kernel |
42 |
+page table isolation feature protects against. The AMD microarchitecture |
43 |
+does not allow memory references, including speculative references, that |
44 |
+access higher privileged data when running in a lesser privileged mode |
45 |
+when that access would result in a page fault. |
46 |
+ |
47 |
+Disable page table isolation by default on AMD processors by not setting |
48 |
+the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI |
49 |
+is set. |
50 |
+ |
51 |
+Signed-off-by: Tom Lendacky <thomas.lendacky@×××.com> |
52 |
+Signed-off-by: Thomas Gleixner <tglx@××××××××××.de> |
53 |
+Reviewed-by: Borislav Petkov <bp@××××.de> |
54 |
+Cc: Dave Hansen <dave.hansen@×××××××××××.com> |
55 |
+Cc: Andy Lutomirski <luto@××××××.org> |
56 |
+Cc: stable@×××××××××××.org |
57 |
+Link: https://lkml.kernel.org/r/20171227054354.20369.94587.stgit@×××××××××××××××××××××.net |
58 |
+--- |
59 |
+ arch/x86/kernel/cpu/common.c | 4 ++-- |
60 |
+ 1 file changed, 2 insertions(+), 2 deletions(-) |
61 |
+ |
62 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
63 |
+index f2a94df..b1be494 100644 |
64 |
+--- a/arch/x86/kernel/cpu/common.c |
65 |
++++ b/arch/x86/kernel/cpu/common.c |
66 |
+@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) |
67 |
+ |
68 |
+ setup_force_cpu_cap(X86_FEATURE_ALWAYS); |
69 |
+ |
70 |
+- /* Assume for now that ALL x86 CPUs are insecure */ |
71 |
+- setup_force_cpu_bug(X86_BUG_CPU_INSECURE); |
72 |
++ if (c->x86_vendor != X86_VENDOR_AMD) |
73 |
++ setup_force_cpu_bug(X86_BUG_CPU_INSECURE); |
74 |
+ |
75 |
+ fpu__init_system(c); |
76 |
+ |
77 |
+-- |
78 |
+cgit v1.1 |
79 |
+ |