x86: disable usermode on 64-bit unless no meltdown

KPTI is still work-in-progress on x86_64. Don't allow user mode to be enabled unless the SOC/board configuration indicates that the CPU in use is invulnerable to meltdown attacks. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2020-01-05 17:19:43 -08:00 · 2020-01-05 17:19:43 -08:00 · 808cca0efb
commit 808cca0efb
parent 4fcf28ef25
2 changed files with 4 additions and 3 deletions
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@ -17,14 +17,14 @@ config CPU_ATOM
 	bool
 	select CPU_HAS_FPU
 	select ARCH_HAS_STACK_PROTECTION if X86_MMU
-	select ARCH_HAS_USERSPACE if X86_MMU
+	select ARCH_HAS_USERSPACE if X86_MMU && (!X86_64 || (X86_64 && X86_NO_MELTDOWN))
 	help
 	  This option signifies the use of a CPU from the Atom family.

 config CPU_MINUTEIA
 	bool
 	select ARCH_HAS_STACK_PROTECTION if X86_MMU
-	select ARCH_HAS_USERSPACE if X86_MMU
+	select ARCH_HAS_USERSPACE if X86_MMU && (!X86_64 || (X86_64 && X86_NO_MELTDOWN))
 	help
 	  This option signifies the use of a CPU from the Minute IA family.

@ -32,7 +32,7 @@ config CPU_APOLLO_LAKE
 	bool
 	select CPU_HAS_FPU
 	select ARCH_HAS_STACK_PROTECTION if X86_MMU
-	select ARCH_HAS_USERSPACE if X86_MMU
+	select ARCH_HAS_USERSPACE if X86_MMU && (!X86_64 || (X86_64 && X86_NO_MELTDOWN))
 	help
 	  This option signifies the use of a CPU from the Apollo Lake family.

--- a/boards/x86/qemu_x86/Kconfig.board
+++ b/boards/x86/qemu_x86/Kconfig.board
@ -11,4 +11,5 @@ config BOARD_QEMU_X86_64
 	bool "QEMU x86_64"
 	depends on SOC_IA32
 	select QEMU_TARGET
+	select X86_NO_MELTDOWN # Until KPTI is enabled, allow testing
 	select X86_64