]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 86858a9) | patch
x86/speculation/l1tf: Add sysfs reporting for l1tf
authorAndi Klein <ak@linux.intel.com>
Wed, 13 Jun 2018 22:48:26 +0000 (15:48 -0700)
committerKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Fri, 10 Aug 2018 22:56:32 +0000 (18:56 -0400)
commitaaea0ed15d1628d25ae34edc922fce5782fb2741
tree3b59eb77d0db8c2968133060c9741498f83eb6a9tree
parent86858a9c2fd931a1c4d3146c53a4d67fcd4adafacommit | diff
x86/speculation/l1tf: Add sysfs reporting for l1tf

L1TF core kernel workarounds are cheap and normally always enabled, However
they still should be reported in sysfs if the system is vulnerable or
mitigated. Add the necessary CPU feature/bug bits.

- Extend the existing checks for Meltdowns to determine if the system is
  vulnerable. All CPUs which are not vulnerable to Meltdown are also not
  vulnerable to L1TF

- Check for 32bit non PAE and emit a warning as there is no practical way
  for mitigation due to the limited physical address bits

- If the system has more than MAX_PA/2 physical memory the invert page
  workarounds don't protect the system against the L1TF attack anymore,
  because an inverted physical address will also point to valid
  memory. Print a warning in this case and report that the system is
  vulnerable.

Add a function which returns the PFN limit for the L1TF mitigation, which
will be used in follow up patches for sanity and range checks.

[ tglx: Renamed the CPU feature bit to L1TF_PTEINV ]

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Orabug: 28220674
CVE: CVE-2018-3620

(cherry picked from commit 17dbca119312b4e8173d4e25ff64262119fcef38)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Conflicts for UEK5:
arch/x86/include/asm/cpufeatures.h
arch/x86/kernel/cpu/bugs.c
[
cpufeatures.h: we do not have that entry free. use another
bugs.c: we have in place the ibrs logic, compared to upstream
]

Conflicts for UEK4:
arch/x86/include/asm/cpufeatures.h
arch/x86/kernel/cpu/bugs.c
arch/x86/kernel/cpu/common.c
cpufeatures.h: different file name and also moved the feature to word 2. We also removed word 2 as we won't use Transmeta on UEK4
bugs.c: different file name (bugs_64.c)
common.c: contextual (cpu_set_bug_bits didn't have __init)
arch/x86/include/asm/cpufeature.h diff | blob | history
arch/x86/include/asm/processor.h diff | blob | history
arch/x86/kernel/cpu/bugs_64.c diff | blob | history
arch/x86/kernel/cpu/common.c diff | blob | history
drivers/base/cpu.c diff | blob | history
include/linux/cpu.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.