From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 21 Jan 2018 15:53:49 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.4.113~13
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=8ea729c00403414d74417bb5e29efa00ad642e48;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch
---

diff --git a/queue-4.4/series b/queue-4.4/series
index 4ff8758cf9e..dc43541be90 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -43,3 +43,4 @@ libata-apply-max_sec_1024-to-all-liteon-ep1-series-devices.patch
 dm-btree-fix-serious-bug-in-btree_split_beneath.patch
 dm-thin-metadata-thin_max_concurrent_locks-should-be-6.patch
 arm64-kvm-fix-smccc-handling-of-unimplemented-smc-hvc-calls.patch
+x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch
diff --git a/queue-4.4/x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch b/queue-4.4/x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch
new file mode 100644
index 00000000000..a831174e8e3
--- /dev/null
+++ b/queue-4.4/x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch
@@ -0,0 +1,46 @@
+From 694d99d40972f12e59a3696effee8a376b79d7c8 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 26 Dec 2017 23:43:54 -0600
+Subject: x86/cpu, x86/pti: Do not enable PTI on AMD processors
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit 694d99d40972f12e59a3696effee8a376b79d7c8 upstream.
+
+AMD processors are not subject to the types of attacks that the kernel
+page table isolation feature protects against.  The AMD microarchitecture
+does not allow memory references, including speculative references, that
+access higher privileged data when running in a lesser privileged mode
+when that access would result in a page fault.
+
+Disable page table isolation by default on AMD processors by not setting
+the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
+is set.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Borislav Petkov <bp@suse.de>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20171227054354.20369.94587.stgit@tlendack-t1.amdoffice.net
+Cc: Nick Lowe <nick.lowe@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/common.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -831,8 +831,8 @@ static void __init early_identify_cpu(st
+ 
+ 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
+ 
+-	/* Assume for now that ALL x86 CPUs are insecure */
+-	setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
++	if (c->x86_vendor != X86_VENDOR_AMD)
++		setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
+ 
+ 	setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
+ 	setup_force_cpu_bug(X86_BUG_SPECTRE_V2);