From 808cca0efbc0e44141c4ac10da53c49eef1565d7 Mon Sep 17 00:00:00 2001
From: Andrew Boie <andrew.p.boie@intel.com>
Date: Sun, 5 Jan 2020 17:19:43 -0800
Subject: [PATCH] x86: disable usermode on 64-bit unless no meltdown

KPTI is still work-in-progress on x86_64. Don't allow
user mode to be enabled unless the SOC/board configuration
indicates that the CPU in use is invulnerable to meltdown
attacks.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
---
 arch/x86/Kconfig                  | 6 +++---
 boards/x86/qemu_x86/Kconfig.board | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 2947fca9b7d..cd41becaf51 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -17,14 +17,14 @@ config CPU_ATOM
 	bool
 	select CPU_HAS_FPU
 	select ARCH_HAS_STACK_PROTECTION if X86_MMU
-	select ARCH_HAS_USERSPACE if X86_MMU
+	select ARCH_HAS_USERSPACE if X86_MMU && (!X86_64 || (X86_64 && X86_NO_MELTDOWN))
 	help
 	  This option signifies the use of a CPU from the Atom family.
 
 config CPU_MINUTEIA
 	bool
 	select ARCH_HAS_STACK_PROTECTION if X86_MMU
-	select ARCH_HAS_USERSPACE if X86_MMU
+	select ARCH_HAS_USERSPACE if X86_MMU && (!X86_64 || (X86_64 && X86_NO_MELTDOWN))
 	help
 	  This option signifies the use of a CPU from the Minute IA family.
 
@@ -32,7 +32,7 @@ config CPU_APOLLO_LAKE
 	bool
 	select CPU_HAS_FPU
 	select ARCH_HAS_STACK_PROTECTION if X86_MMU
-	select ARCH_HAS_USERSPACE if X86_MMU
+	select ARCH_HAS_USERSPACE if X86_MMU && (!X86_64 || (X86_64 && X86_NO_MELTDOWN))
 	help
 	  This option signifies the use of a CPU from the Apollo Lake family.
 
diff --git a/boards/x86/qemu_x86/Kconfig.board b/boards/x86/qemu_x86/Kconfig.board
index 6671686fa5f..b56e114d246 100644
--- a/boards/x86/qemu_x86/Kconfig.board
+++ b/boards/x86/qemu_x86/Kconfig.board
@@ -11,4 +11,5 @@ config BOARD_QEMU_X86_64
 	bool "QEMU x86_64"
 	depends on SOC_IA32
 	select QEMU_TARGET
+	select X86_NO_MELTDOWN # Until KPTI is enabled, allow testing
 	select X86_64