[PATCH] x86/pti: don't report XenPV as vulnerable

[Jiri Kosina]

From: Jiri Kosina <jkosina@xxxxxxx>

Xen PV domain is not by design affected by meltdown as it's enforcing 
split CR3 itself. Let's not report such systems as "Vulnerable" in sysfs 
(we're also already forcing PTI to off in X86_HYPER_XEN_PV cases)

Reported-and-tested-by: Mike Latimer <mlatimer@xxxxxxxx>
Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
---

I originally wanted to just not set X86_BUG_CPU_MELTDOWN in 
cpu_set_bug_bits() in the first place, but that has two issues:

- cpu_set_bug_bits() gets invoked from early_identify_cpu() before 
  init_hypervisor_platform() had a chance to run, and therefore the
  hypervisor type check doesn't work there

- it'd actually be inaccurate; the CPU *does* have the bug at the end
  of the day (so it's properly kept being reported in cpuinfo), it's
  "just a setup matter" that we don't need any addtional mitigation to
  be applied by the kernel

So let's not overcomplicate it.

 arch/x86/kernel/cpu/bugs.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -26,6 +26,7 @@
 #include <asm/pgtable.h>
 #include <asm/set_memory.h>
 #include <asm/intel-family.h>
+#include <asm/hypervisor.h>
 
 static void __init spectre_v2_select_mitigation(void);
 static void __init ssb_select_mitigation(void);
@@ -685,6 +686,9 @@ static ssize_t cpu_show_common(struct de
 		if (boot_cpu_has(X86_FEATURE_PTI))
 			return sprintf(buf, "Mitigation: PTI\n");
 
+		if (hypervisor_is_type(X86_HYPER_XEN_PV))
+			return sprintf(buf, "Not affected\n");
+
 		break;
 
 	case X86_BUG_SPECTRE_V1:

-- 
Jiri Kosina
SUSE Labs