Re: [PATCH v2 5/5] x86/pti: Do not enable PTI on fixed Intel processors

From: David Woodhouse
Date: Tue Jan 23 2018 - 20:27:23 EST


On Tue, 2018-01-23 at 10:40 -0800, Dave Hansen wrote:
>
> I'd really rather we break this out into a nice, linear set of
> true/false conditions.
>
> bool early_cpu_vulnerable_meltdown(struct cpuinfo_x86 *c)
> {
> ÂÂÂÂÂÂÂÂu64 ia32_cap = 0;
>
> ÂÂÂÂÂÂÂÂ/* AMD processors are not subject to Meltdown exploit: */
> ÂÂÂÂÂÂÂÂif (c->x86_vendor == X86_VENDOR_AMD)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂreturn false;
>
> ÂÂÂÂÂÂÂÂ/* Assume all remaining CPUs not enumerating are vulnerable: */
> ÂÂÂÂÂÂÂÂif (!cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂreturn true;
>
> ÂÂÂÂÂÂÂÂ/*
> ÂÂÂÂÂÂÂÂ * Does the CPU explicitly enumerate that it is not vulnerable
> ÂÂÂÂÂÂÂÂ * to Rogue Data Cache Load (aka Meltdown)?
> ÂÂÂÂÂÂÂÂ */
> ÂÂÂÂÂÂÂÂrdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
> ÂÂÂÂÂÂÂÂif (ia32_cap & ARCH_CAP_RDCL_NO)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂreturn false;
>
> ÂÂÂÂÂÂÂÂ/* Assume everything else is vulnerable */
> ÂÂÂÂÂÂÂÂreturn true;
> }

Makes sense. It also starts to address Alan's "starting to get messy"
comment, and gives a simple way to add other conditions.

Attachment: smime.p7s
Description: S/MIME cryptographic signature