ACK: [Xenial][PATCH 1/1] x86/microcode/AMD: Do not load when running on a hypervisor
Stefan Bader
stefan.bader at canonical.com
Wed Mar 28 16:37:21 UTC 2018
On 28.03.2018 18:28, Kamal Mostafa wrote:
> From: Borislav Petkov <bp at suse.de>
>
> BugLink: http://bugs.launchpad.net/bugs/1758869
>
> commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream with minor
> adjustments.
>
> Doing so is completely void of sense for multiple reasons so prevent
> it. Set dis_ucode_ldr to true and thus disable the microcode loader by
> default to address xen pv guests which execute the AP path but not the
> BSP path.
>
> By having it turned off by default, the APs won't run into the loader
> either.
>
> Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the
> xen pv one. That one gets the aforementioned "fix".
>
> Also, improve the detection method by caching the final decision whether
> to continue loading in dis_ucode_ldr and do it once on the BSP. The APs
> then simply test that value.
>
> Signed-off-by: Borislav Petkov <bp at suse.de>
> Tested-by: Juergen Gross <jgross at suse.com>
> Tested-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
> Acked-by: Juergen Gross <jgross at suse.com>
> Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de
> Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
> Cc: <stable at vger.kernel.org> # 4.4.x
> Signed-off-by: Rolf Neugebauer <rolf.neugebauer at docker.com>
> (back-ported from commit a15a753539eca8ba243d576f02e7ca9c4b7d7042)
> Reference: https://lkml.org/lkml/2018/2/8/455
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++---------
> 1 file changed, 19 insertions(+), 9 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
> index 57ea794..d52b5e0 100644
> --- a/arch/x86/kernel/cpu/microcode/core.c
> +++ b/arch/x86/kernel/cpu/microcode/core.c
> @@ -44,7 +44,7 @@
>
> static struct microcode_ops *microcode_ops;
>
> -static bool dis_ucode_ldr;
> +static bool dis_ucode_ldr = true;
>
> static int __init disable_loader(char *str)
> {
> @@ -81,6 +81,7 @@ struct cpu_info_ctx {
>
> static bool __init check_loader_disabled_bsp(void)
> {
> + u32 a, b, c, d;
> #ifdef CONFIG_X86_32
> const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
> const char *opt = "dis_ucode_ldr";
> @@ -93,8 +94,23 @@ static bool __init check_loader_disabled_bsp(void)
> bool *res = &dis_ucode_ldr;
> #endif
>
> - if (cmdline_find_option_bool(cmdline, option))
> - *res = true;
> + if (!have_cpuid_p())
> + return *res;
> +
> + a = 1;
> + c = 0;
> + native_cpuid(&a, &b, &c, &d);
> +
> + /*
> + * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
> + * completely accurate as xen pv guests don't see that CPUID bit set but
> + * that's good enough as they don't land on the BSP path anyway.
> + */
> + if (c & BIT(31))
> + return *res;
> +
> + if (cmdline_find_option_bool(cmdline, option) <= 0)
> + *res = false;
>
> return *res;
> }
> @@ -126,9 +142,6 @@ void __init load_ucode_bsp(void)
> if (check_loader_disabled_bsp())
> return;
>
> - if (!have_cpuid_p())
> - return;
> -
> vendor = x86_vendor();
> family = x86_family();
>
> @@ -162,9 +175,6 @@ void load_ucode_ap(void)
> if (check_loader_disabled_ap())
> return;
>
> - if (!have_cpuid_p())
> - return;
> -
> vendor = x86_vendor();
> family = x86_family();
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180328/074be852/attachment.sig>
More information about the kernel-team
mailing list