From 6af1c37c19ea6ddb78d1999e67d5fb55764aeb42 Mon Sep 17 00:00:00 2001 From: Jiri Kosina Date: Mon, 18 Jun 2018 09:59:54 +0200 Subject: [PATCH] x86/pti: Don't report XenPV as vulnerable Xen PV domain kernel is not by design affected by meltdown as it's enforcing split CR3 itself. Let's not report such systems as "Vulnerable" in sysfs (we're also already forcing PTI to off in X86_HYPER_XEN_PV cases); the security of the system ultimately depends on presence of mitigation in the Hypervisor, which can't be easily detected from DomU; let's report that. Reported-and-tested-by: Mike Latimer Signed-off-by: Jiri Kosina Signed-off-by: Thomas Gleixner Acked-by: Juergen Gross Cc: Borislav Petkov Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1806180959080.6203@cbobk.fhfr.pm [ Merge the user-visible string into a single line. ] Signed-off-by: Ingo Molnar (cherry picked from commit 6cb2b08ff92460290979de4be91363e5d1b6cec1) Conflicts: arch/x86/kernel/cpu/bugs.c In UEK4, these changes are made in arch/x86/kernel/cpu/bugs_64.c. Context around the headers was slightly different (there were some extra headers relative to the cherry-picked patch). There is noX86_HYPER_XEN_PV, instead compare x86_hyper to x86_hyper_xen. Orabug: 28476681 Signed-off-by: Patrick Colp Reviewed-by: Boris Ostrovsky Signed-off-by: Brian Maly --- arch/x86/kernel/cpu/bugs_64.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c index 215addb0979f..900fc409aea4 100644 --- a/arch/x86/kernel/cpu/bugs_64.c +++ b/arch/x86/kernel/cpu/bugs_64.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -1118,6 +1119,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr if (boot_cpu_has(X86_FEATURE_PTI)) return sprintf(buf, "Mitigation: PTI\n"); + if (x86_hyper == &x86_hyper_xen) + return sprintf(buf, "Unknown (XEN PV detected, hypervisor mitigation required)\n"); + break; case X86_BUG_SPECTRE_V1: -- 2.50.1