Commit 0ba2e29c authored by Jayachandran C's avatar Jayachandran C Committed by Catalin Marinas

arm64: Turn on KPTI only on CPUs that need it

Whitelist Broadcom Vulcan/Cavium ThunderX2 processors in
unmap_kernel_at_el0(). These CPUs are not vulnerable to
CVE-2017-5754 and do not need KPTI when KASLR is off.
Acked-by: default avatarWill Deacon <will.deacon@arm.com>
Signed-off-by: default avatarJayachandran C <jnair@caviumnetworks.com>
Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
parent f3d795d9
...@@ -868,6 +868,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, ...@@ -868,6 +868,13 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
return true; return true;
/* Don't force KPTI for CPUs that are not vulnerable */
switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) {
case MIDR_CAVIUM_THUNDERX2:
case MIDR_BRCM_VULCAN:
return false;
}
/* Defer to CPU feature registers */ /* Defer to CPU feature registers */
return !cpuid_feature_extract_unsigned_field(pfr0, return !cpuid_feature_extract_unsigned_field(pfr0,
ID_AA64PFR0_CSV3_SHIFT); ID_AA64PFR0_CSV3_SHIFT);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment