diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0008-x86-spectre_v2-Don-t-check-microcode-versions-when-r.patch')
| -rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0008-x86-spectre_v2-Don-t-check-microcode-versions-when-r.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0008-x86-spectre_v2-Don-t-check-microcode-versions-when-r.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0008-x86-spectre_v2-Don-t-check-microcode-versions-when-r.patch new file mode 100644 index 00000000..0f35decd --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0008-x86-spectre_v2-Don-t-check-microcode-versions-when-r.patch @@ -0,0 +1,60 @@ +From 03a686fb1ba599b2ed6b0bb256fa364f629ed2c7 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +Date: Mon, 26 Feb 2018 09:35:01 -0500 +Subject: [PATCH 08/14] x86/spectre_v2: Don't check microcode versions when + running under hypervisors +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +commit 36268223c1e9981d6cfc33aff8520b3bde4b8114 upstream. + +As: + + 1) It's known that hypervisors lie about the environment anyhow (host + mismatch) + + 2) Even if the hypervisor (Xen, KVM, VMWare, etc) provided a valid + "correct" value, it all gets to be very murky when migration happens + (do you provide the "new" microcode of the machine?). + +And in reality the cloud vendors are the ones that should make sure that +the microcode that is running is correct and we should just sing lalalala +and trust them. + +Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> +Cc: Wanpeng Li <kernellwp@gmail.com> +Cc: kvm <kvm@vger.kernel.org> +Cc: Krčmář <rkrcmar@redhat.com> +Cc: Borislav Petkov <bp@alien8.de> +CC: "H. Peter Anvin" <hpa@zytor.com> +CC: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20180226213019.GE9497@char.us.oracle.com +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/kernel/cpu/intel.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c +index 6ed206b..7680425 100644 +--- a/arch/x86/kernel/cpu/intel.c ++++ b/arch/x86/kernel/cpu/intel.c +@@ -103,6 +103,13 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c) + { + int i; + ++ /* ++ * We know that the hypervisor lie to us on the microcode version so ++ * we may as well hope that it is running the correct version. ++ */ ++ if (cpu_has(c, X86_FEATURE_HYPERVISOR)) ++ return false; ++ + for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) { + if (c->x86_model == spectre_bad_microcodes[i].model && + c->x86_stepping == spectre_bad_microcodes[i].stepping) +-- +2.7.4 + |