diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0005-x86-microcode-AMD-Do-not-load-when-running-on-a-hype.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0005-x86-microcode-AMD-Do-not-load-when-running-on-a-hype.patch | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0005-x86-microcode-AMD-Do-not-load-when-running-on-a-hype.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0005-x86-microcode-AMD-Do-not-load-when-running-on-a-hype.patch new file mode 100644 index 00000000..bbb98553 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0005-x86-microcode-AMD-Do-not-load-when-running-on-a-hype.patch @@ -0,0 +1,105 @@ +From 56f0eb24f5e9ff1faf0818a928a6c4a1004aeef1 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov <bp@suse.de> +Date: Sun, 18 Dec 2016 17:44:13 +0100 +Subject: [PATCH 05/42] x86/microcode/AMD: Do not load when running on a + hypervisor + +commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream. + +Doing so is completely void of sense for multiple reasons so prevent +it. Set dis_ucode_ldr to true and thus disable the microcode loader by +default to address xen pv guests which execute the AP path but not the +BSP path. + +By having it turned off by default, the APs won't run into the loader +either. + +Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the +xen pv one. That one gets the aforementioned "fix". + +Also, improve the detection method by caching the final decision whether +to continue loading in dis_ucode_ldr and do it once on the BSP. The APs +then simply test that value. + +Signed-off-by: Borislav Petkov <bp@suse.de> +Tested-by: Juergen Gross <jgross@suse.com> +Tested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> +Acked-by: Juergen Gross <jgross@suse.com> +Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Cc: Rolf Neugebauer <rolf.neugebauer@docker.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++--------- + 1 file changed, 19 insertions(+), 9 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 5ce5155..dc0b9f8 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -43,7 +43,7 @@ + #define MICROCODE_VERSION "2.01" + + static struct microcode_ops *microcode_ops; +-static bool dis_ucode_ldr; ++static bool dis_ucode_ldr = true; + + /* + * Synchronization. +@@ -73,6 +73,7 @@ struct cpu_info_ctx { + static bool __init check_loader_disabled_bsp(void) + { + static const char *__dis_opt_str = "dis_ucode_ldr"; ++ u32 a, b, c, d; + + #ifdef CONFIG_X86_32 + const char *cmdline = (const char *)__pa_nodebug(boot_command_line); +@@ -85,8 +86,23 @@ static bool __init check_loader_disabled_bsp(void) + bool *res = &dis_ucode_ldr; + #endif + +- if (cmdline_find_option_bool(cmdline, option)) +- *res = true; ++ if (!have_cpuid_p()) ++ return *res; ++ ++ a = 1; ++ c = 0; ++ native_cpuid(&a, &b, &c, &d); ++ ++ /* ++ * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not ++ * completely accurate as xen pv guests don't see that CPUID bit set but ++ * that's good enough as they don't land on the BSP path anyway. ++ */ ++ if (c & BIT(31)) ++ return *res; ++ ++ if (cmdline_find_option_bool(cmdline, option) <= 0) ++ *res = false; + + return *res; + } +@@ -118,9 +134,6 @@ void __init load_ucode_bsp(void) + if (check_loader_disabled_bsp()) + return; + +- if (!have_cpuid_p()) +- return; +- + vendor = x86_cpuid_vendor(); + family = x86_cpuid_family(); + +@@ -154,9 +167,6 @@ void load_ucode_ap(void) + if (check_loader_disabled_ap()) + return; + +- if (!have_cpuid_p()) +- return; +- + vendor = x86_cpuid_vendor(); + family = x86_cpuid_family(); + +-- +2.7.4 + |