| From foo@baz Thu Apr 5 21:39:28 CEST 2018 |
| From: Mark Rutland <mark.rutland@arm.com> |
| Date: Tue, 3 Apr 2018 12:09:18 +0100 |
| Subject: arm64: Turn on KPTI only on CPUs that need it |
| To: stable@vger.kernel.org |
| Cc: mark.brown@linaro.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, will.deacon@arm.com |
| Message-ID: <20180403110923.43575-23-mark.rutland@arm.com> |
| |
| From: Jayachandran C <jnair@caviumnetworks.com> |
| |
| commit 0ba2e29c7fc1 upstream. |
| |
| Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in |
| unmap_kernel_at_el0(). These CPUs are not vulnerable to |
| CVE-2017-5754 and do not need KPTI when KASLR is off. |
| |
| Acked-by: Will Deacon <will.deacon@arm.com> |
| Signed-off-by: Jayachandran C <jnair@caviumnetworks.com> |
| Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> |
| Signed-off-by: Will Deacon <will.deacon@arm.com> |
| Signed-off-by: Alex Shi <alex.shi@linaro.org> [v4.9 backport] |
| Signed-off-by: Mark Rutland <mark.rutland@arm.com> [v4.9 backport] |
| Tested-by: Will Deacon <will.deacon@arm.com> |
| Tested-by: Greg Hackmann <ghackmann@google.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/arm64/kernel/cpufeature.c | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| --- a/arch/arm64/kernel/cpufeature.c |
| +++ b/arch/arm64/kernel/cpufeature.c |
| @@ -766,6 +766,13 @@ static bool unmap_kernel_at_el0(const st |
| if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) |
| return true; |
| |
| + /* Don't force KPTI for CPUs that are not vulnerable */ |
| + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { |
| + case MIDR_CAVIUM_THUNDERX2: |
| + case MIDR_BRCM_VULCAN: |
| + return false; |
| + } |
| + |
| /* Defer to CPU feature registers */ |
| return !cpuid_feature_extract_unsigned_field(pfr0, |
| ID_AA64PFR0_CSV3_SHIFT); |