| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Jan 2018 14:07:30 +0300 From: Ivan Ivanov <qmastery16@...il.com> To: linux-kernel@...r.kernel.org, thomas.lendacky@....com Subject: Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors Why this wonderful tiny patch by Tom Lendacky is still not merged? If it is just Intel who made these insecure CPUs , for which this "slowdown workaround" is required, ---> why the AMD CPU owners should suffer from Intel's design faults ? " cpu_insecure " is Intel's problem ; according to Tom Lendacky from AMD - AMD CPUs do not need this "slowdown workaround" which is required for Intel CPUs. Please merge this patch as soon as possible Of course, the Intel employees would be happy to see this patch get delayed or even not merged, because its a shame and bad reputation for their company and products : > > I would rather not just hard-code it in a way that we say one vendor has never and will never be affected > > --- by Dave Hansen from Intel corporation > Luckily, according to LKML - a message with Tom's patch is the Top Hottest Message viewed ! The fate of this patch is being closely monitored by the people all over the world, and hopefully the Linux community will not allow any injustice to happen On Tue, Dec 26, 2017 at 11:43:54PM -0600, Tom Lendacky wrote: > AMD processors are not subject to the types of attacks that the kernel > page table isolation feature protects against. The AMD microarchitecture > does not allow memory references, including speculative references, that > access higher privileged data when running in a lesser privileged mode > when that access would result in a page fault. > > Disable page table isolation by default on AMD processors by not setting > the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI > is set. > > Signed-off-by: Tom Lendacky <thomas.lendacky@....com> > --- > arch/x86/kernel/cpu/common.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index c47de4e..7d9e3b0 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) > > setup_force_cpu_cap(X86_FEATURE_ALWAYS); > > - /* Assume for now that ALL x86 CPUs are insecure */ > - setup_force_cpu_bug(X86_BUG_CPU_INSECURE); > + if (c->x86_vendor != X86_VENDOR_AMD) > + setup_force_cpu_bug(X86_BUG_CPU_INSECURE); > > fpu__init_system(c); Reviewed-by: Ivan Ivanov <qmastery16@...il.com> Best regards, Ivan Ivanov, coreboot project developer and open-source enthusiast
Powered by blists - more mailing lists