[v4.9.y,22/27] arm64: Turn on KPTI only on CPUs that need it

Message ID 20180403110923.43575-23-mark.rutland@arm.com
State New
Headers show
Series
  • arm64 meltdown patches
Related show

Commit Message

Mark Rutland April 3, 2018, 11:09 a.m.
From: Jayachandran C <jnair@caviumnetworks.com>


commit 0ba2e29c7fc1 upstream.

Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in
unmap_kernel_at_el0(). These CPUs are not vulnerable to
CVE-2017-5754 and do not need KPTI when KASLR is off.

Acked-by: Will Deacon <will.deacon@arm.com>

Signed-off-by: Jayachandran C <jnair@caviumnetworks.com>

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

Signed-off-by: Will Deacon <will.deacon@arm.com>

Signed-off-by: Alex Shi <alex.shi@linaro.org> [v4.9 backport]

Signed-off-by: Mark Rutland <mark.rutland@arm.com> [v4.9 backport]

---
 arch/arm64/kernel/cpufeature.c | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.11.0

Patch

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 2d7c7796cce1..6015a3cac930 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -766,6 +766,13 @@  static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
 	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
 		return true;
 
+	/* Don't force KPTI for CPUs that are not vulnerable */
+	switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) {
+	case MIDR_CAVIUM_THUNDERX2:
+	case MIDR_BRCM_VULCAN:
+		return false;
+	}
+
 	/* Defer to CPU feature registers */
 	return !cpuid_feature_extract_unsigned_field(pfr0,
 						     ID_AA64PFR0_CSV3_SHIFT);