Re: [PATCH v4 5/7] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown

From: Thomas Gleixner
Date: Thu Jan 25 2018 - 05:01:15 EST


On Thu, 25 Jan 2018, David Woodhouse wrote:
> On Thu, 2018-01-25 at 10:42 +0100, Peter Zijlstra wrote:
> > On Thu, Jan 25, 2018 at 09:23:07AM +0000, David Woodhouse wrote:
> > > +static bool __init early_cpu_vulnerable_meltdown(struct cpuinfo_x86 *c)
> > > +{
> > > +ÂÂÂÂÂu64 ia32_cap = 0;
> > > +
> > > +ÂÂÂÂÂif (x86_match_cpu(cpu_no_meltdown))
> > > +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ return false;
> > > +
> > > +ÂÂÂÂÂif (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
> > > +ÂÂÂÂÂÂÂÂÂÂÂÂÂrdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
> >
> > I think it was suggested a while back to write this like:
> >
> > ÂÂÂÂÂÂÂÂif (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES) &&
> > ÂÂÂÂÂÂÂÂÂÂÂ !rdmsrl_safe(MSR_IA32_ARCH_CAPABILITIES, ia32_cap))
> >
> > to deal with funny virt scenarios where they accidentally advertise the
> > CPUID bit but don't in fact provide the MSR.
>
> It was indeed suggested, but I was a bit confused by that. Because the
> CPUID bit exists *purely* to advertise the existence of that MSR;
> nothing more.
>
> If it doesn't exist we'll end up with zero in ia32_cap anyway, which
> will mean we *won't* see the RDCL_NO bit, and won't disable the
> Meltdown flag.

And using rdmsrl() has the benefit of running into the
ex_handler_rdmsr_unsafe() exception handler, which emits a warning. The
value returned in ia32_cap is 0.

Thanks,

tglx