diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0050-x86-cpufeatures-Add-X86_BUG_CPU_INSECURE.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0050-x86-cpufeatures-Add-X86_BUG_CPU_INSECURE.patch | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0050-x86-cpufeatures-Add-X86_BUG_CPU_INSECURE.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0050-x86-cpufeatures-Add-X86_BUG_CPU_INSECURE.patch deleted file mode 100644 index e1a6c9c2..00000000 --- a/common/recipes-kernel/linux/linux-yocto-4.9.21/0050-x86-cpufeatures-Add-X86_BUG_CPU_INSECURE.patch +++ /dev/null @@ -1,78 +0,0 @@ -From fe82bc0584bd60ca76418293ee2c3436b56ce3eb Mon Sep 17 00:00:00 2001 -From: Thomas Gleixner <tglx@linutronix.de> -Date: Mon, 4 Dec 2017 15:07:33 +0100 -Subject: [PATCH 050/103] x86/cpufeatures: Add X86_BUG_CPU_INSECURE - -commit a89f040fa34ec9cd682aed98b8f04e3c47d998bd upstream. - -Many x86 CPUs leak information to user space due to missing isolation of -user space and kernel space page tables. There are many well documented -ways to exploit that. - -The upcoming software migitation of isolating the user and kernel space -page tables needs a misfeature flag so code can be made runtime -conditional. - -Add the BUG bits which indicates that the CPU is affected and add a feature -bit which indicates that the software migitation is enabled. - -Assume for now that _ALL_ x86 CPUs are affected by this. Exceptions can be -made later. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Lutomirski <luto@kernel.org> -Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> -Cc: Borislav Petkov <bp@alien8.de> -Cc: Brian Gerst <brgerst@gmail.com> -Cc: Dave Hansen <dave.hansen@linux.intel.com> -Cc: David Laight <David.Laight@aculab.com> -Cc: Denys Vlasenko <dvlasenk@redhat.com> -Cc: Eduardo Valentin <eduval@amazon.com> -Cc: Greg KH <gregkh@linuxfoundation.org> -Cc: H. Peter Anvin <hpa@zytor.com> -Cc: Josh Poimboeuf <jpoimboe@redhat.com> -Cc: Juergen Gross <jgross@suse.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Will Deacon <will.deacon@arm.com> -Cc: aliguori@amazon.com -Cc: daniel.gruss@iaik.tugraz.at -Cc: hughd@google.com -Cc: keescook@google.com -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - arch/x86/include/asm/cpufeatures.h | 1 + - arch/x86/kernel/cpu/common.c | 4 ++++ - 2 files changed, 5 insertions(+) - -diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h -index 454a37a..57bd52c 100644 ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -316,5 +316,6 @@ - #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */ - #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ - #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ -+#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */ - - #endif /* _ASM_X86_CPUFEATURES_H */ -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index ba9b601..8c81adc 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -882,6 +882,10 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) - } - - setup_force_cpu_cap(X86_FEATURE_ALWAYS); -+ -+ /* Assume for now that ALL x86 CPUs are insecure */ -+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE); -+ - fpu__init_system(c); - } - --- -2.7.4 - |