• Andi Kleen's avatar
    x86/speculation/l1tf: Add sysfs reporting for l1tf · a006e7af
    Andi Kleen authored
    L1TF core kernel workarounds are cheap and normally always enabled, However
    they still should be reported in sysfs if the system is vulnerable or
    mitigated. Add the necessary CPU feature/bug bits.
    
    - Extend the existing checks for Meltdowns to determine if the system is
      vulnerable. All CPUs which are not vulnerable to Meltdown are also not
      vulnerable to L1TF
    
    - Check for 32bit non PAE and emit a warning as there is no practical way
      for mitigation due to the limited physical address bits
    
    - If the system has more than MAX_PA/2 physical memory the invert page
      workarounds don't protect the system against the L1TF attack anymore,
      because an inverted physical address will also point to valid
      memory. Print a warning in this case and report that the system is
      vulnerable.
    
    Add a function which returns the PFN limit for the L1TF mitigation, which
    will be used in follow up patches for sanity and range checks.
    
    [ tglx: Renamed the CPU feature bit to L1TF_PTEINV ]
    Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
    Acked-by: default avatarDave Hansen <dave.hansen@intel.com>
    
    CVE-2018-3620
    CVE-2018-3646
    
    [smb: merged with fixup patch, also adapt e820 header location and
          names of types and function]
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    a006e7af
common.c 42.4 KB