From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753823AbeAHUKV (ORCPT + 1 other); Mon, 8 Jan 2018 15:10:21 -0500 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:57892 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751372AbeAHUKU (ORCPT ); Mon, 8 Jan 2018 15:10:20 -0500 Date: Mon, 8 Jan 2018 21:10:17 +0100 From: Pavel Machek To: linux-kernel@vger.kernel.org, r.marek@assembler.cz, ricardo.neri-calderon@linux.intel.com, rkrcmar@redhat.com, Janakarajan.Natarajan@amd.com, bp@suse.de, x86@kernel.org, hpa@zytor.com, mingo@redhat.com, tglx@linutronix.de Cc: Linus Torvalds Subject: [PATCH] clarify how insecure CPU is Message-ID: <20180108201017.GA20588@amd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable First, what is going on with X86_BUG_AMD_E400 and X86_BUG_AMD_APIC_C1E ? They seem to refer to the same bug, perhaps comment should mention that? (Do we need two flags for one bug?) Next, maybe X86_BUG_CPU_INSECURE is a bit too generic? This seems to address "Meltdown" problem, but not "Spectre". Should it be limited to PPro and newer Intel CPUs? Should another erratum be added for "Spectre"? This is present even on AMD CPUs, but should not be present in 486, maybe Pentium, and some Atom chips? Plus... is this reasonable interface? bugs : cpu_insecure I believe we should a) have something more descriptive than 'cpu_insecure', like 'mem_always_r' (because poor user has no chance to know if it is Meltdown, Spectre, or something else) b) have has_meltdown : yes/no, because otherwise poor userspace can not tell if CPU is actually bug-free, or if the kernel is just too old to know about specific bug. With all the backport, this is quite important. Best regards, Pavel diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 07cdd17..d46958e 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -340,7 +340,7 @@ #define X86_BUG_NULL_SEG X86_BUG(10) /* Nulling a selector preserves the = base */ #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on G= S */ #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CP= U */ -#define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erra= tum 400 */ -#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs ker= nel page table isolation */ +#define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erra= tum 400, check for X86_BUG_AMD_APIC_C1E */ +#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU always allows reading map= ped memory, aka "Meltdown", kernel page table isolation needed */ =20 #endif /* _ASM_X86_CPUFEATURES_H */ --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlpT0CkACgkQMOfwapXb+vKa7gCgpMNZ8aQrvxns+mHSynJYHJJf 4TgAn2/Q4Xr9ddvR4zXff5Qvq3KydhQL =UWev -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx--