4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jayachandran C jnair@caviumnetworks.com
commit 0ba2e29c7fc1 upstream.
Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in unmap_kernel_at_el0(). These CPUs are not vulnerable to CVE-2017-5754 and do not need KPTI when KASLR is off.
Acked-by: Will Deacon will.deacon@arm.com Signed-off-by: Jayachandran C jnair@caviumnetworks.com Signed-off-by: Catalin Marinas catalin.marinas@arm.com Signed-off-by: Will Deacon will.deacon@arm.com Signed-off-by: Alex Shi alex.shi@linaro.org [v4.9 backport] Signed-off-by: Mark Rutland mark.rutland@arm.com [v4.9 backport] Tested-by: Will Deacon will.deacon@arm.com Tested-by: Greg Hackmann ghackmann@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- arch/arm64/kernel/cpufeature.c | 7 +++++++ 1 file changed, 7 insertions(+)
--- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -766,6 +766,13 @@ static bool unmap_kernel_at_el0(const st if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) return true;
+ /* Don't force KPTI for CPUs that are not vulnerable */ + switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) { + case MIDR_CAVIUM_THUNDERX2: + case MIDR_BRCM_VULCAN: + return false; + } + /* Defer to CPU feature registers */ return !cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV3_SHIFT);